From 841809eb934c6870697c6d4b3a70f0f9b1d7978a Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Wed, 21 Jun 2023 15:09:31 +0200 Subject: [PATCH 01/18] Added IDE folder to gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e4e5f6c..bec7f2e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -*~ \ No newline at end of file +*~ +.idea \ No newline at end of file From 51c31b9f64d787604e9063d88c4feba1c020878a Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Wed, 21 Jun 2023 15:12:24 +0200 Subject: [PATCH 02/18] Added helm generated files to gitignore --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index bec7f2e..542b089 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ *~ -.idea \ No newline at end of file +.idea +Chart.lock +charts/ \ No newline at end of file From 415121854a217df0391332604e7e9b4f63ecaec4 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Wed, 21 Jun 2023 16:00:15 +0200 Subject: [PATCH 03/18] Moved elastic, mysql and mongo to separate folder --- .../values/{ => marketplace}/values-elastic.yml | 4 ++-- .../values/{ => marketplace}/values-mongodb.yml | 16 +++++++++++++++- .../values/{ => marketplace}/values-mysql.yml | 2 +- 3 files changed, 18 insertions(+), 4 deletions(-) rename PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/{ => marketplace}/values-elastic.yml (93%) rename PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/{ => marketplace}/values-mongodb.yml (90%) rename PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/{ => marketplace}/values-mysql.yml (91%) diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-elastic.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml similarity index 93% rename from PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-elastic.yml rename to PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml index 93c0a2c..9ce7fe6 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-elastic.yml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml @@ -13,8 +13,8 @@ minimumMasterNodes: 1 clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" # When running on OpenShift, a service account with root access is required -#rbac: -# serviceAccountName: +rbac: + serviceAccountName: # In local environments, specific setup may be required. For more info, see: # https://github.com/elastic/helm-charts/tree/master/elasticsearch#how-to-deploy-this-chart-on-a-specific-k8s-distribution diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mongodb.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml similarity index 90% rename from PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mongodb.yml rename to PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml index 81b9d77..aa5b4a0 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mongodb.yml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml @@ -31,7 +31,21 @@ auth: ## MongoDB root password ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run ## - rootPassword: + rootPassword: password + +serviceAccount: + create: true +rbac: + create: true + rules: + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use ## initdb scripts ## Specify dictionary of scripts to be run at first boot diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mysql.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml similarity index 91% rename from PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mysql.yml rename to PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml index fb3c941..f3f75b6 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-mysql.yml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml @@ -13,7 +13,7 @@ imageTag: "5.7" ## ## Make sure to set this password in the component configurations ## using the MySQL database. -mysqlRootPassword: +mysqlRootPassword: password ## Security context (might be necessary on OpenShift) #securityContext: From ffef78c1bd4ac68bcf67d62b10f421b88b066220 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Thu, 22 Jun 2023 13:49:44 +0200 Subject: [PATCH 04/18] Added values for waltid --- .../values/walt-id/Chart.yaml | 12 ++++ .../values/walt-id/templates/_helpers.tpl | 53 +++++++++++++++++ .../values/walt-id/templates/certificate.yaml | 15 +++++ .../values/walt-id/templates/deployment.yaml | 39 ++++++++++++ .../values/walt-id/templates/route-certs.yaml | 28 +++++++++ .../values/walt-id/templates/route.yaml | 29 +++++++++ .../values/walt-id/templates/service.yaml | 16 +++++ .../values/walt-id/values.yaml | 59 +++++++++++++++++++ 8 files changed, 251 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/_helpers.tpl create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/certificate.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/deployment.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route-certs.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/service.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/Chart.yaml new file mode 100644 index 0000000..bc64fb8 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: vcwaltid +description: Chart holder for argo-cd + +type: application +version: 0.0.16 +appVersion: "0.0.1" + +dependencies: + - name: vcwaltid + version: 0.0.17 + repository: https://i4Trust.github.io/helm-charts \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/_helpers.tpl b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/_helpers.tpl new file mode 100644 index 0000000..d20124b --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "waltid.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "waltid.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "waltid.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "waltid.labels" -}} +helm.sh/chart: {{ include "waltid.chart" . }} +{{ include "waltid.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app: {{ include "waltid.name" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "waltid.selectorLabels" -}} +app.kubernetes.io/name: {{ include "waltid.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/certificate.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/certificate.yaml new file mode 100644 index 0000000..14d4bc8 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/certificate.yaml @@ -0,0 +1,15 @@ +{{- if .Values.route.certificate -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "waltid.fullname" . }} + labels: + {{ include "waltid.labels" . | nindent 4 }} +spec: + secretName: {{ include "waltid.fullname" . }}-tls-sec + issuerRef: + {{- toYaml .Values.route.certificate.issuer | nindent 4 }} + commonName: {{ .Values.route.host }} + dnsNames: + - {{ .Values.route.host }} +{{- end -}} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/deployment.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/deployment.yaml new file mode 100644 index 0000000..3d4bb92 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "waltid.fullname" . }}-certs + labels: + app.kubernetes.io/name: {{ include "waltid.name" . }}-certs + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "waltid.name" . }}-certs + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "waltid.name" . }}-certs + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: default + containers: + - name: {{ .Chart.Name }} + imagePullPolicy: Always + image: "lipanski/docker-static-website:2.1.0" + ports: + - name: http + containerPort: 3000 + protocol: TCP + volumeMounts: + - name: certs + mountPath: /home/static/certs + volumes: + - name: certs + secret: + secretName: {{ include "waltid.fullname" . }}-tls-sec + items: + - key: tls.crt + path: tls.crt \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route-certs.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route-certs.yaml new file mode 100644 index 0000000..94a8dcf --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route-certs.yaml @@ -0,0 +1,28 @@ +{{- if .Values.route.enabled -}} +{{- $fullName := include "waltid.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "waltid.fullname" . }}-certs + labels: + {{ include "waltid.labels" . | nindent 4 }} + annotations: + cert-utils-operator.redhat-cop.io/certs-from-secret: {{ include "waltid.fullname" . }}-tls-sec + {{- with .Values.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + host: {{ .Values.route.host}} + path: /certs + port: + targetPort: 3000 + to: + kind: Service + name: {{ include "waltid.fullname" . }}-certs + {{- if .Values.route.tls }} + tls: + {{- with .Values.route.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route.yaml new file mode 100644 index 0000000..485a0c2 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/route.yaml @@ -0,0 +1,29 @@ +{{- if .Values.route.enabled -}} +{{- $fullName := include "waltid.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "waltid.fullname" . }} + labels: + {{ include "waltid.labels" . | nindent 4 }} + annotations: + haproxy.router.openshift.io/rewrite-target: /v1/did/{{ .Values.did }} + cert-utils-operator.redhat-cop.io/certs-from-secret: {{ include "waltid.fullname" . }}-tls-sec + {{- with .Values.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + host: {{ .Values.route.host}} + path: /did/did.json + port: + targetPort: 7000 + to: + kind: Service + name: {{ $fullName }} + {{- if .Values.route.tls }} + tls: + {{- with .Values.route.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/service.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/service.yaml new file mode 100644 index 0000000..a50ca54 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "waltid.fullname" . }}-certs + labels: + {{ include "waltid.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "waltid.name" . }}-certs + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/values.yaml new file mode 100644 index 0000000..69453cd --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/walt-id/values.yaml @@ -0,0 +1,59 @@ +did: did:web:marketplace.beka-t-m.fiware.dev:did + +route: + enabled: true + host: marketplace.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + +vcwaltid: + deployment: + image: + repository: quay.io/fiware/waltid + tag: 1.14.1-SNAPSHOT + pullPolicy: Always + api: + core: + enabled: true + auditor: + enabled: true + signatory: + enabled: true + custodian: + enabled: true + essif: + enabled: true + + persistence: + enabled: true + pvc: + size: 1Gi + + templates: + ActivationService.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/i4trust-provider/main/docs/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "id": "did:ebsi:2AEMAqXWKYMu1JHPAgGcga4dxu7ThgfgN95VyJBJGZbSJUtp", + "roles": [{ + "names": ["CREATE_ISSUER"], + "target": "did:elsi:packetdelivery" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["VerifiableCredential", "ActivationService"] + } + From 80c030e99f2e0506155c7b3c038579db325d1bf9 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Thu, 22 Jun 2023 13:51:52 +0200 Subject: [PATCH 05/18] Added values for keycloak --- .../values/keycloak/Chart.yaml | 10 + .../values/keycloak/templates/_helpers.tpl | 53 ++ .../keycloak/templates/certificate.yaml | 15 + .../keycloak/templates/didConfigMap.yaml | 18 + .../templates/issuerKeyConfigMap.yaml | 15 + .../keycloak/templates/profilesConfigMap.yaml | 8 + .../keycloak/templates/realmConfigMap.yaml | 591 ++++++++++++++++++ .../values/keycloak/templates/route.yaml | 25 + .../values/keycloak/values.yaml | 118 ++++ 9 files changed, 853 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/_helpers.tpl create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/certificate.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/didConfigMap.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/issuerKeyConfigMap.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/profilesConfigMap.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/realmConfigMap.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/route.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/Chart.yaml new file mode 100644 index 0000000..b75ab00 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: keycloak +description: A Helm chart for Kubernetes to deploy Keycloak +type: application +version: 1.0.0 +appVersion: "17.0.1" +dependencies: +- name: keycloak + version: 13.0.3 + repository: https://charts.bitnami.com/bitnami \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/_helpers.tpl b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/_helpers.tpl new file mode 100644 index 0000000..253d7ea --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "keycloak.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keycloak.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "keycloak.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "keycloak.labels" -}} +helm.sh/chart: {{ include "keycloak.chart" . }} +{{ include "keycloak.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app: {{ include "keycloak.name" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "keycloak.selectorLabels" -}} +app.kubernetes.io/name: {{ include "keycloak.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/certificate.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/certificate.yaml new file mode 100644 index 0000000..078d1dc --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/certificate.yaml @@ -0,0 +1,15 @@ +{{- if .Values.route.certificate -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "keycloak.fullname" . }} + labels: + {{ include "keycloak.labels" . | nindent 4 }} +spec: + secretName: {{ include "keycloak.fullname" . }}-tls-sec + issuerRef: + {{- toYaml .Values.route.certificate.issuer | nindent 4 }} + commonName: {{ .Values.route.host }} + dnsNames: + - {{ .Values.route.host }} +{{- end -}} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/didConfigMap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/didConfigMap.yaml new file mode 100644 index 0000000..8754a42 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/didConfigMap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "keycloak.fullname" . }}-did-config +data: + import.sh: |- + export KEY=$(cat /opt/did/secret/tls.key) + export KEY_ID=$(curl --location "${WALTID_CORE_ADDRESS}/v1/key/import" --header 'Content-Type: text/plain' --data "${KEY}" | jq -r '.id') + echo The key id: ${KEY_ID} + curl --location "${WALTID_CORE_ADDRESS}/v1/did/create" \ + --header 'Content-Type: application/json' \ + --data "{ + \"method\": \"web\", + \"keyAlias\":\"${KEY_ID}\", + \"domain\": \"{{ .Values.waltid.host }}\", + \"path\": \"did\", + \"x5u\": \"https://{{ .Values.waltid.host }}/certs/tls.crt\" + }" diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/issuerKeyConfigMap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/issuerKeyConfigMap.yaml new file mode 100644 index 0000000..d078c81 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/issuerKeyConfigMap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "keycloak.fullname" . }}-key +data: + keyfile.json: |- + { + "kty": "OKP", + "d": "FoJjD3Q6Wh0JHt-tuN3bwGHmPSWa7p8pVe9P9cDIzWw", + "use": "sig", + "crv": "Ed25519", + "kid": "z6MkvdQnXeKgRceAhNsZYjpQjSFcmTXshyGDvnNw7gziQhjG", + "x": "8FSufgpQ8VXgxnR5svvi-j8_4iXxB0TIsVVb0EiRP7s", + "alg": "EdDSA" + } \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/profilesConfigMap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/profilesConfigMap.yaml new file mode 100644 index 0000000..ba18b9a --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/profilesConfigMap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "keycloak.fullname" . }}-profile +data: + profile.properties: |- + feature.scripts=enabled + feature.upload_scripts=enabled \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/realmConfigMap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/realmConfigMap.yaml new file mode 100644 index 0000000..ed0adcc --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/realmConfigMap.yaml @@ -0,0 +1,591 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "keycloak.fullname" . }}-realm +data: + realm.json: |- + { + "id": "fiware-server", + "realm": "fiware-server", + "accountTheme": "siop-2", + "displayName": "Keycloak Marketplace", + "displayNameHtml": "
Keycloak Marketplace
", + "enabled": true, + "attributes": { + "frontendUrl": "https://{{ .Values.route.host }}" + }, + "sslRequired": "none", + "roles": { + "realm": [ + { + "name": "user", + "description": "User privileges", + "composite": false, + "clientRole": false, + "containerId": "fiware-server", + "attributes": {} + } + ], + "client": { + "did:web:packetdelivery.dsba.fiware.dev:did": [ + { + "name": "CREATE_ISSUER", + "description": "Is allowed to create issuers", + "clientRole": true + }, + { + "name": "UPDATE_ISSUER", + "description": "Is allowed to update issuers", + "clientRole": true + }, + { + "name": "DELETE_ISSUER", + "description": "Is allowed to delete issuers", + "clientRole": true + } + ] + } + }, + "groups": [ + { + "name": "admin", + "path": "/admin", + "realmRoles": [ + "user" + ], + "clientRoles": { + } + }, + { + "name": "consumer", + "path": "/consumer", + "realmRoles": [ + "user" + ], + "clientRoles": { + } + } + ], + "users": [ + { + "username": "marketplace", + "enabled": true, + "email": "marketplace@mymail.com", + "credentials": [ + { + "type": "password", + "value": "marketplace" + } + ], + "clientRoles": { + "did:web:packetdelivery.dsba.fiware.dev:did": [ + "CREATE_ISSUER" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/consumer" + ] + } + ], + "clients": [ + { + "clientId": "did:web:packetdelivery.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to receive Verifiable Credentials targeted at verifier-one.batterypass.fiware.dev", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "5000000", + "vctypes_ActivationService": "ldp_vc,jwt_vc_json", + "ActivationService_claims": "email,firstName,familyName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + } + ], + "clientScopes": [ + { + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "roles", + "role_list", + "email", + "web-origins", + "profile" + ], + "defaultOptionalClientScopes": [ + "microprofile-jwt", + "phone", + "address", + "offline_access" + ] + } \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/route.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/route.yaml new file mode 100644 index 0000000..ffc394c --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/templates/route.yaml @@ -0,0 +1,25 @@ +{{- if .Values.route.enabled -}} +{{- $fullName := include "keycloak.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "keycloak.fullname" . }} + labels: + {{ include "keycloak.labels" . | nindent 4 }} + annotations: + cert-utils-operator.redhat-cop.io/certs-from-secret: {{ include "keycloak.fullname" . }}-tls-sec + {{- with .Values.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + host: {{ .Values.route.host}} + to: + kind: Service + name: {{ $fullName }} + {{- if .Values.route.tls }} + tls: + {{- with .Values.route.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml new file mode 100644 index 0000000..66a5c60 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml @@ -0,0 +1,118 @@ +route: + enabled: true + host: marketplace-kc.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + +keycloak: + service: + type: ClusterIP + logging: + level: INFO + replicaCount: 1 + auth: + adminUser: fiwareAdmin + adminPassword: fiwareAdmin + serviceAccount: + create: true + rbac: + create: true + rules: + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use + + + keycloakConfigCli: + enabled: true + # current image does not contain 20.0.3., thus we need this fix + command: + - java + - -jar + - /opt/bitnami/keycloak-config-cli/keycloak-config-cli-20.0.1.jar + + extraEnvVars: + - name: IMPORT_FILES_LOCATIONS + value: "/config/*" + containerSecurityContext: + enabled: false + podSecurityContext: + enabled: false + existingConfigmap: keycloak-realm + + extraEnvVars: + - name: KEYCLOAK_PROXY_ADDRESS_FORWARDING + value: "true" + - name: KEYCLOAK_LOG_LEVEL + value: INFO + - name: VCISSUER_ISSUER_DID + value: "did:web:marketplace.beka-t-m.fiware.dev:did" + - name: VCISSUER_WALTID_ADDRESS + value: "http://waltid-vcwaltid" + + + extraVolumeMounts: + - name: profiles + mountPath: /opt/bitnami/keycloak/conf/profile.properties + subPath: profile.properties + - name: providers + mountPath: /opt/bitnami/keycloak/providers/ + - name: issuer-key + mountPath: /opt/keys + + extraVolumes: + - name: profiles + configMap: + name: keycloak-profile + - name: providers + emptyDir: {} + - name: issuer-key + configMap: + name: keycloak-key + - name: did-config + configMap: + name: keycloak-did-config + - name: did-secret + secret: + secretName: waltid-vcwaltid-tls-sec + + + initContainers: + - name: add-vc-issuer + image: quay.io/fiware/keycloak-vc-issuer:0.4.0 + imagePullPolicy: Always + volumeMounts: + - name: providers + mountPath: /target + - name: load-did + image: quay.io/opencloudio/curl:4.2.0-build.8 + imagePullPolicy: Always + command: + - /bin/sh + - /opt/did/script/import.sh + env: + - name: WALTID_CORE_ADDRESS + value: "waltid-vcwaltid:7000" + volumeMounts: + - name: did-config + mountPath: /opt/did/script + - name: did-secret + mountPath: /opt/did/secret + + postgresql: + enabled: true + serviceAccount: + name: keycloak + +waltid: + host: marketplace.beka-t-m.apps.fiware.fiware.dev \ No newline at end of file From b04836cd9351ce005fd0908c3f3d4de64c0c268f Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Thu, 22 Jun 2023 15:56:04 +0200 Subject: [PATCH 06/18] Added values for mysql for ccs and til --- .../values/marketplace/values-mysql.yml | 8 +------- .../values/mysql/Chart.yaml | 12 ++++++++++++ .../values/mysql/templates/secrets.yaml | 10 ++++++++++ .../values/mysql/values.yaml | 19 +++++++++++++++++++ 4 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/templates/secrets.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml index f3f75b6..fb8bc24 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml @@ -7,13 +7,7 @@ image: "mysql" imageTag: "5.7" -## Specify password for root user -## -## Default: random 10 character string -## -## Make sure to set this password in the component configurations -## using the MySQL database. -mysqlRootPassword: password +existingSecret: mysql-secret ## Security context (might be necessary on OpenShift) #securityContext: diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/Chart.yaml new file mode 100644 index 0000000..03dcefd --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: mysql +description: MySQL Chart + +type: application +version: 9.4.4 +appVersion: "8.0.31" + +dependencies: +- name: mysql + version: 9.4.4 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/templates/secrets.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/templates/secrets.yaml new file mode 100644 index 0000000..3fc0fa1 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/templates/secrets.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mysql-secret +type: Opaque +stringData: + dbPassword: 'password' + mysql-password: 'password' + mysql-replication-password: 'password' + mysql-root-password: 'password' diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/values.yaml new file mode 100644 index 0000000..d9f4d36 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql/values.yaml @@ -0,0 +1,19 @@ +mysql: + fullnameOverride: mysql-marketplace + auth: + existingSecret: mysql-secret + rbac: + create: true + rules: + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use + initdbScripts: + create.sql: | + CREATE DATABASE til; + CREATE DATABASE ccs; \ No newline at end of file From 93e90c1cbe9a31d623ea4b72977e9070f5e07d24 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:06:00 +0200 Subject: [PATCH 07/18] Added values for til --- .../values/trusted-issuers-list/Chart.yaml | 12 +++++++ .../values/trusted-issuers-list/values.yaml | 35 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/Chart.yaml new file mode 100644 index 0000000..30658bd --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: marketplace-til +description: TIL Chart + +type: application +version: 0.0.1 +appVersion: "0.0.1" + +dependencies: + - name: trusted-issuers-list + version: 0.0.6 + repository: https://fiware.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/values.yaml new file mode 100644 index 0000000..40ad623 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-list/values.yaml @@ -0,0 +1,35 @@ +trusted-issuers-list: + route: + til: + enabled: true + host: til-marketplace.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + tir: + enabled: true + host: tir-marketplace.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + + deployment: + image: + tag: 0.0.3 + database: + persistence: true + host: mysql-marketplace + username: root + name: til + existingSecret: + enabled: true + name: mysql-secret + key: dbPassword \ No newline at end of file From d78df543c8c09390441f3e74d8bf35835bf291b6 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:17:24 +0200 Subject: [PATCH 08/18] Added values for ccs --- .../values/credentials-config-service/Chart.yaml | 12 ++++++++++++ .../values/credentials-config-service/values.yaml | 14 ++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/Chart.yaml new file mode 100644 index 0000000..fe36544 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: marketplace-ccs +description: CCS Chart + +type: application +version: 0.0.1 +appVersion: "0.0.1" + +dependencies: + - name: credentials-config-service + version: 0.0.1 + repository: https://fiware.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/values.yaml new file mode 100644 index 0000000..e5937d1 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/credentials-config-service/values.yaml @@ -0,0 +1,14 @@ +credentials-config-service: + deployment: + image: + repository: quay.io/fiware/credentials-config-service + tag: 0.0.1 + database: + persistence: true + host: mysql-marketplace + username: root + name: ccs + existingSecret: + enabled: true + name: mysql-secret + key: dbPassword \ No newline at end of file From 901386290d01006bfc939504f56caae9879364f0 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:27:19 +0200 Subject: [PATCH 09/18] Added values for verifier --- .../values/verifier/Chart.yaml | 12 ++++++++ .../values/verifier/values.yaml | 29 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/Chart.yaml new file mode 100644 index 0000000..2a5e279 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: vcverifier +description: Verifier Chart + +type: application +version: 0.0.8 +appVersion: "0.0.1" + +dependencies: + - name: vcverifier + version: 1.0.9 + repository: https://i4Trust.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/values.yaml new file mode 100644 index 0000000..211c48f --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/verifier/values.yaml @@ -0,0 +1,29 @@ +vcverifier: + deployment: + image: + repository: quay.io/fiware/vcverifier + tag: 2.0.5 + pullPolicy: Always + logging: + level: DEBUG + pathsToSkip: + - "/health" + ssikit: + auditorUrl: http://waltid-vcwaltid:7003 + verifier: + tirAddress: https://tir.beka-t-m.apps.fiware.fiware.dev/v3/issuers + did: did:web:marketplace.beka-t-m.fiware.dev:did + configRepo: + configEndpoint: http://ccs-credentials-config-service:8080/ + + route: + enabled: true + host: verifier-marketplace.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + From 0e3c817d2f975d2c4745e056548adc9d57b90eea Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:31:50 +0200 Subject: [PATCH 10/18] Added values for mysql-bae --- .../values/marketplace/values-mysql.yml | 14 ------------- .../values/mysql-bae/Chart.yaml | 13 ++++++++++++ .../values/mysql-bae/values.yaml | 20 +++++++++++++++++++ 3 files changed, 33 insertions(+), 14 deletions(-) delete mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml deleted file mode 100644 index fb8bc24..0000000 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mysql.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Values for t3n/mysql Helm Chart -# -# Chart values file: -# ref: https://github.com/t3n/helm-charts/blob/master/mysql/values.yaml -# - -image: "mysql" -imageTag: "5.7" - -existingSecret: mysql-secret - -## Security context (might be necessary on OpenShift) -#securityContext: -# enabled: false diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/Chart.yaml new file mode 100644 index 0000000..b4acf05 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: mysql-bae +description: Chart holder for argo-cd + +type: application +version: 1.0.0 +appVersion: "5.7" + +dependencies: +- name: mysql + version: 1.0.0 + repository: https://storage.googleapis.com/t3n-helm-charts + diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/values.yaml new file mode 100644 index 0000000..9d9958f --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mysql-bae/values.yaml @@ -0,0 +1,20 @@ +mysql: + # Values for t3n/mysql Helm Chart + # + # Chart values file: + # ref: https://github.com/t3n/helm-charts/blob/master/mysql/values.yaml + + image: "quay.io/i4trust/mysql" + imageTag: "5.7" + busybox: + image: "quay.io/i4trust/busybox" + + existingSecret: mysql-secret + + ## Persist data to a persistent volume + persistence: + enabled: true + + ## Security context + securityContext: + enabled: false From 3da0f52831f632fb7ec073243efc2030ae6763b9 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:38:47 +0200 Subject: [PATCH 11/18] Added values for elastic --- .../values/elastic/Chart.yaml | 12 +++++++++++ .../elastic/templates/role-binding.yaml | 17 ++++++++++++++++ .../elastic/templates/role-openshift.yaml | 19 ++++++++++++++++++ .../elastic/templates/service-account.yaml | 9 +++++++++ .../values/elastic/values.yaml | 18 +++++++++++++++++ .../values/marketplace/values-elastic.yml | 20 ------------------- 6 files changed, 75 insertions(+), 20 deletions(-) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-binding.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-openshift.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/service-account.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/values.yaml delete mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/Chart.yaml new file mode 100644 index 0000000..b177ab2 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: elasticsearch +description: Elasticsearch Chart + +type: application +version: 0.1.0 +appVersion: "7.5.1" + +dependencies: +- name: elasticsearch + version: 7.5.1 + repository: https://helm.elastic.co \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-binding.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-binding.yaml new file mode 100644 index 0000000..75a8928 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.openshift -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-elasticsearch-rb + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +subjects: + - kind: ServiceAccount + name: elasticsearch-sa + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: {{ .Release.Name }}-elasticsearch-scc-anyuid + apiGroup: rbac.authorization.k8s.io +{{- end -}} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-openshift.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-openshift.yaml new file mode 100644 index 0000000..d2738db --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/role-openshift.yaml @@ -0,0 +1,19 @@ +{{- if .Values.openshift }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-elasticsearch-scc-anyuid + labels: + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{- end }} diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/service-account.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/service-account.yaml new file mode 100644 index 0000000..375d022 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/templates/service-account.yaml @@ -0,0 +1,9 @@ +{{- if .Values.openshift -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elasticsearch-sa + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- end -}} \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/values.yaml new file mode 100644 index 0000000..723f9a2 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/elastic/values.yaml @@ -0,0 +1,18 @@ +elasticsearch: + replicas: 1 + minimumMasterNodes: 1 + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" + + persistence: + enabled: false + + rbac: + create: false + serviceAccountName: elasticsearch-sa + + image: "quay.io/i4trust/elasticsearch" + imageTag: "7.5.1" + imagePullPolicy: "IfNotPresent" + +openshift: + enabled: true diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml deleted file mode 100644 index 9ce7fe6..0000000 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-elastic.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Values for elastic/elasticsearch Helm Chart -# -# Chart values file: -# ref: https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml -# - -image: "docker.elastic.co/elasticsearch/elasticsearch" -imageTag: "7.5.1" -imagePullPolicy: "IfNotPresent" - -replicas: 1 -minimumMasterNodes: 1 -clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" - -# When running on OpenShift, a service account with root access is required -rbac: - serviceAccountName: - -# In local environments, specific setup may be required. For more info, see: -# https://github.com/elastic/helm-charts/tree/master/elasticsearch#how-to-deploy-this-chart-on-a-specific-k8s-distribution From 761b91c0eb41a136b3c1901429eb2f1622a88256 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 10:49:36 +0200 Subject: [PATCH 12/18] Added values for mongodb --- .../values/marketplace/values-mongodb.yml | 99 ------------------- .../values/mongodb/Chart.yaml | 12 +++ .../values/mongodb/templates/configmap.yaml | 41 ++++++++ .../values/mongodb/templates/secrets.yaml | 16 +++ .../values/mongodb/values.yaml | 20 ++++ 5 files changed, 89 insertions(+), 99 deletions(-) delete mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/secrets.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml deleted file mode 100644 index aa5b4a0..0000000 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/marketplace/values-mongodb.yml +++ /dev/null @@ -1,99 +0,0 @@ -# Values for bitnami/mongodb Helm Chart -# -# Chart values file: -# ref: https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml -# - -image: - ## Bitnami MongoDB image name - ## - repository: bitnami/mongodb - ## Bitnami MongoDB image tag - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## - tag: 4.4.13 - -## MongoDB architecture. Allowed values: standalone or replicaset -## -architecture: standalone - -## Use StatefulSet instead of Deployment when deploying standalone -## -useStatefulSet: false - -## MongoDB Authentication parameters -## -auth: - ## Enable authentication - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: true - ## MongoDB root password - ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run - ## - rootPassword: password - -serviceAccount: - create: true -rbac: - create: true - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - anyuid - resources: - - securitycontextconstraints - verbs: - - use - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## -## This creates the required databases and users for the charging backend -## and logic proxy (belp) BAE components. Make sure to set these DB user -## configurations and databases for the corresponding components. -## -## If you omit the creation of databases and users during deployment, make sure -## to create these databases and users afterwards manually before proceeding with the -## BAE deployment. -## -initdbScripts: - init_db.js: | - // Setup charging DB - db = db.getSiblingDB('charging_db'); - db.createUser( - { - user: "charging", - pwd: "charging-password", - roles: [ - { - role: "readWrite", - db: "charging_db" - } - ] - }); - // Setup proxy DB - db = db.getSiblingDB('belp_db'); - db.createUser( - { - user: "belp", - pwd: "belp-password", - roles: [ - { - role: "readWrite", - db: "belp_db" - } - ] - }); -## MongoDB pods' Security Context. (might be necessary on OpenShift) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -#podSecurityContext: -# enabled: false - -## MongoDB containers' Security Context (main and metrics container). (might be necessary on OpenShift) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## -#containerSecurityContext: -# enabled: false diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/Chart.yaml new file mode 100644 index 0000000..854a0c8 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: mongo-db-one +description: MongoDB Chart + +type: application +version: 0.1.0 +appVersion: "4.4.12" + +dependencies: +- name: mongodb + version: 11.0.4 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml new file mode 100644 index 0000000..add3f3a --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-beka-t-m-configmap + namespace: beka-t-m +data: + init-db.sh: | + mongo < Date: Fri, 23 Jun 2023 11:16:54 +0200 Subject: [PATCH 13/18] Added values for orion-ld --- .../values/orion-ld/Chart.yaml | 12 ++++++++++++ .../values/orion-ld/values.yaml | 19 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/Chart.yaml new file mode 100644 index 0000000..7f3cf82 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: orion-ld +description: Orion-LD Chart + +type: application +version: 0.1.0 +appVersion: "1.0.1" + +dependencies: +- name: orion + version: 1.1.0 + repository: https://fiware.github.io/helm-charts \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/values.yaml new file mode 100644 index 0000000..a94bee4 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/orion-ld/values.yaml @@ -0,0 +1,19 @@ +orion: + deployment: + additionalAnnotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8000' + broker: + db: + auth: + user: root + mech: "SCRAM-SHA-1" + hosts: + - mongodb + user: root + existingSecret: + name: mongodb-secret + key: mongodb-root-password + mongo: + # we want to use the individually deployed mongodb + enabled: false From 0445cc27aa5f1a7a41a155b97a1789c277c13060 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 11:22:29 +0200 Subject: [PATCH 14/18] Added values for tir --- .../trusted-issuers-registry/Chart.yaml | 12 + .../trusted-issuers-registry/values.yaml | 226 ++++++++++++++++++ 2 files changed, 238 insertions(+) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/values.yaml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/Chart.yaml new file mode 100644 index 0000000..5176843 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: trusted-issuers-registry-wrapper +description: TIR Helm + +type: application +version: 0.0.1 +appVersion: "0.0.1" + +dependencies: + - name: trusted-issuers-registry + version: 0.0.3 + repository: https://fiware.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/values.yaml new file mode 100644 index 0000000..af26c68 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/trusted-issuers-registry/values.yaml @@ -0,0 +1,226 @@ +trusted-issuers-registry: + replicaCount: 1 + deployment: + image: + tag: 0.3.2-PRE-9 + pullPolicy: Always + route: + enabled: true + host: tir.beka-t-m.apps.fiware.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + + tir: + ngsiBroker: + url: http://orion-ld:1026/ + contextUrl: "https://registry.lab.dsba.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" + satellite: + id: "EU.EORI.FIWARESATELLITE" + key: | + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAvEn4Tip8LAqXMXBl86H2n+TmtVQElw6r9tZUELVrPSgc6EiW + AyeA8x+jCyFW7Da03roMhew9sm4M6qkNfYoHjY+z2WJm8Jc0PwfXkGkaQMI3TReI + dXEKV1Qi0i2vf1sLcVeoU3U7P/Xq97QohotXwntR4IJf8pBAuDsWKtwgM5p3yO08 + JiO9taC3T15G8jOOiB20Dq8v3ShV442n98rq+OpPTXxHNxHd1uL6nSC1RdYIxVIm + PBEFUzXEd0QV4mkIB8hHG3z3M5UDiuuxMmgPpidYMNAORRanhhc7urwj1/0nx1Mx + 79IwIMooNkDnTMuQA9RA7NRdQzdEEQkqOEyCK8/e7QNDrvhealbvSamI3kvfwKG3 + bPTv7UYwMoOralRNE4fSssscPQid5td9eiTabuACCCQR2hBPxKPRWfyWf16xZ9Es + HSaICrRl/gArjLbCLLs0H4VeKnB2SlgRvm7VhXpKiUBJNANbjFfCoaMoNPIaKNUP + qdbj4sdhNF+lAGA4RoHQ8RsZwxGYAS+MkII6Fsw3v6wDwY75XIXTx/UFIFLMZVWv + MojbssfKWW+NMikQki+COTli5N+/7GKsbJY6aG4SZd/dGBN+S34ZqimUoVTJzQ3s + UEPdqPiw+zDy4Uq1ai9KPwwyJc7jncp5Z8qeawMw4ga//gcA6mF4RL+XxmUCAwEA + AQKCAgAty7/9IxA4lgrYF4J0k3wsv7vtdpX3N7ZTvyWLOtTudwcw6Ba0hbMzbwp0 + 9pLxuQyc75uEJ0WKVIIHwT5qvlu/7qfLw8dN1Tj766hek3GzNonE0mh6SBg/zVL6 + 0+nPjBFoa+2g/u5+TA3uWX9R2ipqPxxXAt7bXIKhTJ3Dpu6eHn/r+ueaTy8hMgnj + 4AZZeni8Wp0kxS9bFyhsxFOKTWyBRlwreILJviq6zVIvTXlJlxljBOwPyAQHjRhP + +dtoyisN2YSSBv8JKMFH1LOwkubbfs5QcQpHe48baiM48/Gz4vr93BpVPkY+c2z8 + ZSTc5NYOWF3CPJTCeHqxugzuzI0MOB7qE55Epqlet5L0Q6DNCjaS3JS46OGKKZEa + gh2FGAJajXycQuUWuZHtClMAyDNKpi+4aOXLToktEbR5oubPaTFAJGFeHREGrpeG + l4AzWBbNNJzCeie303Av1octfxQAS3tULC9VBZzt8TLNLRygzVBkLvm2z0BDdkeJ + uH2h5eNFaL2DACt+n7PQGPV54t3ctNQzuD/psSxY8Uo85mfRmYzlHs1m6EHiq9Xg + 7T9JlDAFGBdZZjX+luFC7jTsoCEK6uidD58SaUHwo8NMwYvLDOV2iu04Fbj3zKrX + hs5JdxUONPjG6o+/DT12EINS1lvBa06RDgqtDNzPl55bEfOwAQKCAQEA3vz9S0Um + EjwPzhZh6dm3Q+QEqrifYxpkE0gW7rpBO9lsLyoJhCWEnTzUvQ6soT9w01cqUWQe + jpUkCK8E26q7GgBsrNFFindKRCPDjHkr9mXTTSYNQnTl8yofubkjjlJR5uYA067g + Q4fhxDjAVK/30FPM+OP/3H3eeF4t55t+k5ovUfWd5oNTkw2vvPck6bqLI+KmiQKa + 3FSA+I2nNrQa+wWEcdIGdJEaxBkXIzWUBALwwHHvH9V43uZVJEJpH26VpeV066/f + XxT8PsqJpPg4YzVcotKc5KzuXWcSupIf9lz0BCArd62OaWBZIEARrAk3558i5P9A + bGeiS0pY9/NHZQKCAQEA2CnqSCU0FgaD4/pxDemZ2HOGuQJw2CN5uyxlBY5OdYuz + 8KqPddaCeoeSxhV1Qoc5g0hHfURfw/QhGxPCq1paNOCgV+qCUqbjAZm0luuSJeQi + QaIIYr1LgVgw704yk+nN5AVlzmKs1hZKkPT+7EfVrEJR2T/OlHaMIya+QvwK1TUA + 9ZuJuAx3JuBneEadgWAjetXUAZrppsp4BDJvXSw184VfxU8bq9KsWeUW0jeEIrcD + ZkFo6Q9uwGsyIx0zPgtv6nzbfltQVxBOMS1T9h2nLpm3RRLXv8qwn3x2aIl6xV56 + wurt8hL80Swav4eXnkCIoJzKTMxycw+KspMfGngTAQKCAQBVWeal8fDRl/XAv2Z4 + +SGhtdxncEVpzIczritA8z/W5bD4GJIN58Jr4QXY244OJldMPZfwEW90yfdB76Pf + ZOk62aC/QVbp2iEuFbZaxWKjbHRFmmQG5PHDcoM0Nn46kp3Q0IbOf6hNkOxEjChq + AfTL49eYCMU9o1wNHJdbiHQZkTG9oFLxEaFiryFuJfcWE5YAhVeTJ9EYtquq96Vi + Vevh20nHu0lHQudI2gW2L2LZajq2nqWVvMMIJoe+WkEci9px5nMrZ2ULYt/uNN4c + q/oBV0J+/Dibeum+DJ7plNbxGME59wpMQ7037m4O3xckj167pHjZyC3jkINZaDrH + pXHVAoIBAQCySfAITVcmi30g/iFdHj1b//0wf0jfnHL85GL2MCeaX/2sFKF6ydCY + i1WNt4kdtDbFh0ofkdOC5cqgcK3xcvZQAq19ldijny5A1avThrzmL8HpbGGKPyMV + rc2+szqYMRE2bxVHIq/3bC9YXBoefClKiPDFRRF39kcjfwMScJvmum7uJLl0aiOk + lxYAaA3k9YyN9euE32azwO84VvjvWlWtY2ZYcSUblQm+o2stO8jqcRSGtJB5Gdd5 + MXEK8TygggJu30iScXJUPQihGwfTSSXpE7PLbv0wHVeMU7W+BxaRz5llRyu2q96G + D+CH9KgjSIroHinlKgODz1/QZfQTetIBAoIBADQ6LW/LgCktUoROROwWQCre55ME + NmcPqeEX7/qi4TY0oic1QEmKVof+65bijBwqqCuFWvjCX+XNkbcMDzRUm0Q4ZQnn + m/unPz6SGOHc0NYY6RQlTQAHVHsmvj+rOwO4mxWKjwnixPVfBFAniFc59fu7ooSm + 6aAQJUHKIiMiAj849KcSdb9BsLjNQHVenJYm2IZrdlgisihY/OyiWZlGi8rNgySM + UTKVAKxJU/hK7TitNodM8cfP+lwIITA5MUaDsSPY0feDzMK5Tecqipwyqztm2RqI + c4K8QbMTx6Awc/BTqruNkJN2Ky0Ce8cyW1O02mytyPPLOaBO0zRMmFpEcfk= + -----END RSA PRIVATE KEY----- + certificate: | + -----BEGIN CERTIFICATE----- + MIIGhjCCBG6gAwIBAgIUUliLPK6R7OeviNDRY2dtI/G7YQIwDQYJKoZIhvcNAQEL + BQAwgYwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xHzAdBgNVBAoMFkZp + d2FyZSBGb3VuZGF0aW9uIGUuVi4xCzAJBgNVBAsMAklUMRwwGgYDVQQDDBNGSVdB + UkVfSU5URVJNRURJQVRFMSAwHgYJKoZIhvcNAQkBFhFmaXdhcmVAZml3YXJlLm9y + ZzAeFw0yMjExMDkwNzU0MjBaFw0yNzExMDgwNzU0MjBaMIGkMQswCQYDVQQGEwJE + RTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEjAQBgNVBAoMCVNh + dGVsbGl0ZTEYMBYGA1UEAwwPRklXQVJFU0FURUxMSVRFMSMwIQYJKoZIhvcNAQkB + FhRzYXRlbGxpdGVAZml3YXJlLm9yZzEgMB4GA1UEBRMXRVUuRU9SSS5GSVdBUkVT + QVRFTExJVEUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8SfhOKnws + CpcxcGXzofaf5Oa1VASXDqv21lQQtWs9KBzoSJYDJ4DzH6MLIVbsNrTeugyF7D2y + bgzqqQ19igeNj7PZYmbwlzQ/B9eQaRpAwjdNF4h1cQpXVCLSLa9/WwtxV6hTdTs/ + 9er3tCiGi1fCe1Hggl/ykEC4OxYq3CAzmnfI7TwmI721oLdPXkbyM46IHbQOry/d + KFXjjaf3yur46k9NfEc3Ed3W4vqdILVF1gjFUiY8EQVTNcR3RBXiaQgHyEcbfPcz + lQOK67EyaA+mJ1gw0A5FFqeGFzu6vCPX/SfHUzHv0jAgyig2QOdMy5AD1EDs1F1D + N0QRCSo4TIIrz97tA0Ou+F5qVu9JqYjeS9/Aobds9O/tRjAyg6tqVE0Th9Kyyxw9 + CJ3m1316JNpu4AIIJBHaEE/Eo9FZ/JZ/XrFn0SwdJogKtGX+ACuMtsIsuzQfhV4q + cHZKWBG+btWFekqJQEk0A1uMV8Khoyg08hoo1Q+p1uPix2E0X6UAYDhGgdDxGxnD + EZgBL4yQgjoWzDe/rAPBjvlchdPH9QUgUsxlVa8yiNuyx8pZb40yKRCSL4I5OWLk + 37/sYqxsljpobhJl390YE35LfhmqKZShVMnNDexQQ92o+LD7MPLhSrVqL0o/DDIl + zuOdynlnyp5rAzDiBr/+BwDqYXhEv5fGZQIDAQABo4HFMIHCMAkGA1UdEwQCMAAw + EQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVy + YXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBwGLZR583u1g+bTzyl9 + lQsDLoa5MB8GA1UdIwQYMBaAFCdVXai4piVrVEDg/6LNuF4f0o0OMA4GA1UdDwEB + /wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcN + AQELBQADggIBAH9QGWANJEikCdoUAprRTbap2Yr44KUks3df/BawYnvWfTxBfhNZ + 5k9Fln5uGoOKb7MYmBAQ0ZuooPrb6srPZOEORdluxxbCgp9PoukOvLmHype13msA + 0yIvBuDLgPj5HesJ2dSdTwOThisZAov3B6+gt4MMt+4WPD24cfbB7sUgJWnTaKzC + jivLdt+j/ymZFl41tb5kGcKv3OmYYTiy5V5DMxataZargN71mM0QElxR6kKWgkgK + 6slcvwMHOyn+o/DezgoUkdtA7gwa9sFnwHoxbId427BQd0BdtEVMyiQqutYquQbQ + wwbB6K5+7rcpdsFRl7OzQmmll6SGKcjmm1stZANlZj41lWKg5IG0Xw+8Ei3lHL62 + imVFD1YgPuAAOcCkLpvnoAtcWvMInAhUMev8XukgrBO4tdyB8qteQelRLYYvWOf5 + gzscb/B2g18g4KtSM6IGd8/QzsU9dJE2e0VcXTgkIJgRVIX5VJy53YxHEsKOWqm7 + /t2baJSFLhS3aDmcC+BUtnQcOQzMTy+Idb96sU/pUdJCmJBlJ6g4Kg4zsZAiFbou + ZUkzFO9WH+elKhqHZRw6MFFZ4Srb8JSpkCh7DP/H5XDKOCsGtgZKCHd1bC29mcer + lYGR6nNL82ub8PwlYAom7eVFiwLpZwKp/hQoAtDF84bCNOwhQbIw3HTq + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIGAjCCA+qgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCREUx + DzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMR8wHQYDVQQKDBZGaXdh + cmUgRm91bmRhdGlvbiBlLlYuMQswCQYDVQQLDAJJVDESMBAGA1UEAwwJRklXQVJF + X0NBMSAwHgYJKoZIhvcNAQkBFhFmaXdhcmVAZml3YXJlLm9yZzAeFw0yMjExMDkw + NzM5MzdaFw0zMDAyMTAwNzM5MzdaMIGMMQswCQYDVQQGEwJERTEPMA0GA1UECAwG + QmVybGluMR8wHQYDVQQKDBZGaXdhcmUgRm91bmRhdGlvbiBlLlYuMQswCQYDVQQL + DAJJVDEcMBoGA1UEAwwTRklXQVJFX0lOVEVSTUVESUFURTEgMB4GCSqGSIb3DQEJ + ARYRZml3YXJlQGZpd2FyZS5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK + AoICAQDFawfVVoUqE/HYcgHNPjjK4xHA5ClWIx4lvXskCshK95KnePdkOSK8Lhp5 + sQB/K0A6bU9IA7LeNhloTQ1u+pn0H/ml0XAH+1QVmDURxy50mC0FKp4scMVsW6Ps + 21A2QaRYADZj9BjFt7UeuCWAtDXupuEw/+SPLnDByfY3nEnhOWerNfdXiAhp2STY + pOa1A/OTARLWz/wJSrTynC7sWcE/QCW5YuK+kOH1KyUlFY/NLY+7n9E6rHte2hjG + Sgie4EH7xps2VLcmJhKe5sUXWcmoPnIY42iNgMFcYy0xQT9oWY4fohL9Qy6yB30p + yKFuuejF39ntB6VMJ0Jozg816CigJoP9yjNmNSLhNGCp9sqD83qnV5nIJtoQijCZ + j15vYLdKvG7iM9jkOP09V9kY6QUWBeFTuHe0n77D4FMey6rC1GHeNXTwSOretbD9 + zl9Tx9BNPRsX9MNKoXif2sT2eKA0IJs2gUAPCncVORMax6YuXkdZKByhRitNl33p + LLATANzdg2YgHwBeggY1HfFYDVc++t1cZUitHTKXeQ5YW+b2Rs+5+d/aNA8pAipG + ZoML9GoE2lDPTFegjXn4vDg7FaVFIy6G1D6TWSmb6WJ6b+zAk3Gflc3wuYXtpI5Y + x6ynpd++OZ7oVCcKmu7aSfE+K2kefd0MaIM28meu0qQ10j447QIDAQABo2YwZDAd + BgNVHQ4EFgQUJ1VdqLimJWtUQOD/os24Xh/SjQ4wHwYDVR0jBBgwFoAUWcEwA+U0 + c5pQNn+5hlX5EhaiZCcwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC + AYYwDQYJKoZIhvcNAQELBQADggIBAETCN8uSZ+C7eTs4SsscUTivlw+eI6Zi7lvP + AjRkHLSpCSkgtH5Ep+QtXLjj1li4OyLL81G6VvJqektr0CCk94AkxLy4DZHAWBtA + vL0k8UYHvdhSZUBWhMcRum51g8yvVFIJCKPfOCsfzbjGKdOkv4T5RKBrAcFIFCvL + dBl1j7dHRARtCy+Gyup4oPqlult5COtvTJJ7Yvd6Mmqg8TbDvD4C5vh7k6wT/ar+ + rlWiMJ8VG8CpEJD/7MGWP3woHRf6WUNLxj5VRsS+4O6b5cXsrrxog1YkkRN6ZDuH + G8NdsdufE2JzK2wOlfxhGsgRIVheQqS3kgxXEpeFB8FXJKt57e+RD3fnqh8UA+ng + 3ghIanWL7kPI0/jQc8yxoZxAZ8pjiTuoU2JO7/eYHALJ/GFkDTkyDDKY2cbiVEFP + FYM6lL3OV7dV99BRGclv2niuo2FfL/XTkUJPCeAnI7n9NgOKY+VXD5yEfAsLVqZm + AAnJqYcdqN3WANfn30Q6wRiaimLSwRMY8g4DXsFy8xMiZcf4tKpLg/Ip/mUuMNZB + tKpDMSCikMoQiuu1+AkkGtWImwvS3JnXipEA6ZuABYTHzIGEcc76T3sg9KIgZVKR + a510g7F8CAaaAUkqXPpmWC0SXjZ50srIiFinaE8x45BElmWCHlcIT9gKzkatqbVO + jDOUKVLp + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIGCTCCA/GgAwIBAgIUE4eZnRRqaub9kC+3PqDYNfVU8IcwDQYJKoZIhvcNAQEL + BQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl + cmxpbjEfMB0GA1UECgwWRml3YXJlIEZvdW5kYXRpb24gZS5WLjELMAkGA1UECwwC + SVQxEjAQBgNVBAMMCUZJV0FSRV9DQTEgMB4GCSqGSIb3DQEJARYRZml3YXJlQGZp + d2FyZS5vcmcwHhcNMjIxMTA5MDcyNDU2WhcNMzIxMTA2MDcyNDU2WjCBkzELMAkG + A1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMR8wHQYD + VQQKDBZGaXdhcmUgRm91bmRhdGlvbiBlLlYuMQswCQYDVQQLDAJJVDESMBAGA1UE + AwwJRklXQVJFX0NBMSAwHgYJKoZIhvcNAQkBFhFmaXdhcmVAZml3YXJlLm9yZzCC + AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOoPnXAtWFG6Bsdr4TvBUW12 + wpcRYH9fiDm5Mc6g6VdiL9I1tWMbhfO7DPyOaoqh6xloDL+XoeREmoIfJJpY3bdu + zPswTinaMd7H+aMP6wWDsAIABhmw5Pui3UbpUZeFeo3RMe5f8JjL4KPgjWCX1llx + O6yxy1e8gSfGpBkEHpJc8lKQwDE9zgyuiOLRUPRtSe0NJajcBrrXiaSPGdXvG39N + YzjAARo5PAEBG+UHHzZFeS11MT+GbryZrx9KbdmVshdlsGqL/2sTY9veFrz53XLR + Gmq86U+IQZEEvp6Z5k5ZwamBiACiRDbSwh1Ngp+BKNG26wCvB4gfxTOuSHIfzRkP + D8vdV7mZwyeFHXogsNqF/8Pmdy0ONcqThh7w7lUFMVygk9q531n6QGRRpwCgKAjy + jYN5r2Mo68+tmxNCejIPpo/JsAEKlPsh9lH7KhSEjIaHx//Q2f/nll1Z4GkXj7Sk + ALz3P4ljT3ePeT2wnlSpyrCEPIeMXT47Z2xdc9MgXhqxidep7sUWFMaJwKhq1m1U + JXI216GKUN3y//WSvRu7tqzyuUR9qsfY946EUF6m4XQjj9wke6H7vTpY9U/zwc9j + yx+fXnJiuYht6k2cHav9GK0wnZ5Ct6A1+43eRR43EJ11OM9Ml+J4tdfukSrW6ppm + z+4Yxfe5RRtzPeXxncjbAgMBAAGjUzBRMB0GA1UdDgQWBBRZwTAD5TRzmlA2f7mG + VfkSFqJkJzAfBgNVHSMEGDAWgBRZwTAD5TRzmlA2f7mGVfkSFqJkJzAPBgNVHRMB + Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQDGFxElC2Sq6/EOcbzQ7tjaqc5d + v2FCWTTQYQLiS+VQqcJqGnMnEwWUDCeacQ6BaxdTW+jb1zX66DgfNJ40Yr2YDVv4 + qr+KKCW+q8cKQUte/XmcpLJtrXtYZQMeLUfwBlF2yAvmb3/2cda0VIhsem2BIFCE + 227+wOYqHSqpkqfVcizljnYLTwvTBQz5P0Jq9/wPcjB7fxfko2mZjaPQFfEuLPMT + Jttv7711TJCrp0gzmnICS1Ba3vtcdZN+rd6IoSQmudnOcGDJkslL77T4BzjXDkax + fuCoQ6f/hwXJuJF3fQHd6OsJHDgVAJQ78Nyb5P/2KMpdY/nkudeBG3ZcEJP7uptc + QnWmMMLbfuGuXmAvXyKJJ3bw01F9+Vfo5OLud4IVnv0QDlXLHBDdGErBTT6m5XZN + SyBXbqp1xIui+Jufm4HY0Y7kX0QzfSHdMXWgiIdmR8z0x15PQg/uFihXjp/RyqDr + G+Tin3TXBqJRdDxYCwdnoutQnqtYCbsidoLv2ZA0vQiGfykPMpU49dGKwVCZBw1y + Lf8X0QG5Vxp9O42jXzSy5rYwrF76FTpy+h7UqmZNOBXJG1roKrQWZ2OieFMp/rTD + YURyhqWqqW2u7UehYs6emmSwYv8j0v4CzpH517jp2RJNyinI3TZmgD0AAKzyJAl/ + Zqat8t/baTS3TUdIKg== + -----END CERTIFICATE----- + + trustedList: + - name: FIWARE_CA + crt: | + -----BEGIN CERTIFICATE----- + MIIGCTCCA/GgAwIBAgIUE4eZnRRqaub9kC+3PqDYNfVU8IcwDQYJKoZIhvcNAQEL + BQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl + cmxpbjEfMB0GA1UECgwWRml3YXJlIEZvdW5kYXRpb24gZS5WLjELMAkGA1UECwwC + SVQxEjAQBgNVBAMMCUZJV0FSRV9DQTEgMB4GCSqGSIb3DQEJARYRZml3YXJlQGZp + d2FyZS5vcmcwHhcNMjIxMTA5MDcyNDU2WhcNMzIxMTA2MDcyNDU2WjCBkzELMAkG + A1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMR8wHQYD + VQQKDBZGaXdhcmUgRm91bmRhdGlvbiBlLlYuMQswCQYDVQQLDAJJVDESMBAGA1UE + AwwJRklXQVJFX0NBMSAwHgYJKoZIhvcNAQkBFhFmaXdhcmVAZml3YXJlLm9yZzCC + AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOoPnXAtWFG6Bsdr4TvBUW12 + wpcRYH9fiDm5Mc6g6VdiL9I1tWMbhfO7DPyOaoqh6xloDL+XoeREmoIfJJpY3bdu + zPswTinaMd7H+aMP6wWDsAIABhmw5Pui3UbpUZeFeo3RMe5f8JjL4KPgjWCX1llx + O6yxy1e8gSfGpBkEHpJc8lKQwDE9zgyuiOLRUPRtSe0NJajcBrrXiaSPGdXvG39N + YzjAARo5PAEBG+UHHzZFeS11MT+GbryZrx9KbdmVshdlsGqL/2sTY9veFrz53XLR + Gmq86U+IQZEEvp6Z5k5ZwamBiACiRDbSwh1Ngp+BKNG26wCvB4gfxTOuSHIfzRkP + D8vdV7mZwyeFHXogsNqF/8Pmdy0ONcqThh7w7lUFMVygk9q531n6QGRRpwCgKAjy + jYN5r2Mo68+tmxNCejIPpo/JsAEKlPsh9lH7KhSEjIaHx//Q2f/nll1Z4GkXj7Sk + ALz3P4ljT3ePeT2wnlSpyrCEPIeMXT47Z2xdc9MgXhqxidep7sUWFMaJwKhq1m1U + JXI216GKUN3y//WSvRu7tqzyuUR9qsfY946EUF6m4XQjj9wke6H7vTpY9U/zwc9j + yx+fXnJiuYht6k2cHav9GK0wnZ5Ct6A1+43eRR43EJ11OM9Ml+J4tdfukSrW6ppm + z+4Yxfe5RRtzPeXxncjbAgMBAAGjUzBRMB0GA1UdDgQWBBRZwTAD5TRzmlA2f7mG + VfkSFqJkJzAfBgNVHSMEGDAWgBRZwTAD5TRzmlA2f7mGVfkSFqJkJzAPBgNVHRMB + Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQDGFxElC2Sq6/EOcbzQ7tjaqc5d + v2FCWTTQYQLiS+VQqcJqGnMnEwWUDCeacQ6BaxdTW+jb1zX66DgfNJ40Yr2YDVv4 + qr+KKCW+q8cKQUte/XmcpLJtrXtYZQMeLUfwBlF2yAvmb3/2cda0VIhsem2BIFCE + 227+wOYqHSqpkqfVcizljnYLTwvTBQz5P0Jq9/wPcjB7fxfko2mZjaPQFfEuLPMT + Jttv7711TJCrp0gzmnICS1Ba3vtcdZN+rd6IoSQmudnOcGDJkslL77T4BzjXDkax + fuCoQ6f/hwXJuJF3fQHd6OsJHDgVAJQ78Nyb5P/2KMpdY/nkudeBG3ZcEJP7uptc + QnWmMMLbfuGuXmAvXyKJJ3bw01F9+Vfo5OLud4IVnv0QDlXLHBDdGErBTT6m5XZN + SyBXbqp1xIui+Jufm4HY0Y7kX0QzfSHdMXWgiIdmR8z0x15PQg/uFihXjp/RyqDr + G+Tin3TXBqJRdDxYCwdnoutQnqtYCbsidoLv2ZA0vQiGfykPMpU49dGKwVCZBw1y + Lf8X0QG5Vxp9O42jXzSy5rYwrF76FTpy+h7UqmZNOBXJG1roKrQWZ2OieFMp/rTD + YURyhqWqqW2u7UehYs6emmSwYv8j0v4CzpH517jp2RJNyinI3TZmgD0AAKzyJAl/ + Zqat8t/baTS3TUdIKg== + -----END CERTIFICATE----- + additionalConfigs: + logger: + levels: + ROOT: DEBUG From 79a3910cfbf8f09c39edb515e671159c0a2405c0 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 11:45:52 +0200 Subject: [PATCH 15/18] Added values for keyrock --- .../values/keyrock/Chart.yaml | 12 ++ .../values/keyrock/templates/post-hook.yaml | 33 +++++ .../values/keyrock/templates/script-cm.yaml | 27 ++++ .../values/keyrock/templates/secrets.yaml | 8 ++ .../values/keyrock/values.yaml | 116 ++++++++++++++++++ .../values/values-keyrock.yml | 64 ---------- 6 files changed, 196 insertions(+), 64 deletions(-) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/post-hook.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/script-cm.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/secrets.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/values.yaml delete mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-keyrock.yml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/Chart.yaml new file mode 100644 index 0000000..5f53c82 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: keyrock +description: Keyrock Chart + +type: application +version: 0.6.0 +appVersion: "8.1.0" + +dependencies: + - name: keyrock + version: 0.6.0 + repository: https://fiware.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/post-hook.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/post-hook.yaml new file mode 100644 index 0000000..417d59d --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/post-hook.yaml @@ -0,0 +1,33 @@ +{{- if .Values.keyrock.initScript.initEnabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: keyrock-app-create-{{ randAlphaNum 5 | lower }} + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "1" +spec: + containers: + - name: app-create + image: quay.io/wi_stefan/mysql:5.7 + command: + - /bin/sh + - /scripts/create.sh + volumeMounts: + - name: scripts + mountPath: /scripts + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: keyrock-secret + key: dbPassword + - name: APP_SECRET + value: {{ .Values.marketplace.secret | quote }} + volumes: + - name: scripts + configMap: + name: keyrock-app-create-cm + restartPolicy: Never +{{- end }} diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/script-cm.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/script-cm.yaml new file mode 100644 index 0000000..51d4613 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/templates/script-cm.yaml @@ -0,0 +1,27 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: keyrock-app-create-cm + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "1" +data: + create.sh: |- + + mysql -h {{ .Values.keyrock.db.host }} -u {{ .Values.keyrock.db.user }} -p$DB_PASSWORD {{ .Values.keyrock.initScript.dbName }} < - -## admin configuration for accessing keyrock -admin: - ## username of the initial keyrock admin - user: admin - ## password of the initial admin - password: - ## email address of the admin user - email: my@mail.org - -## -- Configuration of local key and certificate for validation and generation of tokens -token: - # -- Enable storage of local key and certificate - enabled: false - -## a list of additional env vars to be set, check the keyrock docu for all available options -## ref: https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/environment_variables/index.html -additionalEnvVars: - # Title to be displayed on default theme UI - - name: IDM_TITLE - value: i4Trust Marketplace IDP - # Name of the database to be created within the MySQL - - name: IDM_DB_NAME - value: idm - # Initialize and seed database on startup - - name: IDM_DB_SEED - value: "true" From 77b76d914b9bd343afbda3450466d584256b3fd7 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 12:57:35 +0200 Subject: [PATCH 16/18] Added values for bae --- .../i4Trust-Marketplace/values/bae/Chart.yaml | 12 + .../values/bae/templates/secrets.yaml | 35 ++ .../values/bae/values.yaml | 337 ++++++++++++++++++ .../values/values-marketplace.yml | 291 --------------- 4 files changed, 384 insertions(+), 291 deletions(-) create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/Chart.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/templates/secrets.yaml create mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml delete mode 100644 PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-marketplace.yml diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/Chart.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/Chart.yaml new file mode 100644 index 0000000..0f0314b --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: bae +description: BAE Chart + +type: application +version: 0.6.11 +appVersion: "8.1.0" + +dependencies: + - name: business-api-ecosystem + version: 0.6.4 + repository: https://fiware.github.io/helm-charts diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/templates/secrets.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/templates/secrets.yaml new file mode 100644 index 0000000..f2f3aa2 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/templates/secrets.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Secret +metadata: + name: bae-apis-secret +type: Opaque +stringData: + dbPassword: 'password' +--- +apiVersion: v1 +kind: Secret +metadata: + name: bae-rss-secret +type: Opaque +stringData: + dbPassword: 'password' +--- +apiVersion: v1 +kind: Secret +metadata: + name: bae-cb-secret +type: Opaque +stringData: + dbPassword: 'password' + paypalClientSecret: 'password' + pluginsIdmPassword: 'password' + smtpPassword: 'password' +--- +apiVersion: v1 +kind: Secret +metadata: + name: bae-lp-secret +type: Opaque +stringData: + dbPassword: 'password' + oauthClientSecret: 'password' \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml new file mode 100644 index 0000000..da5abf0 --- /dev/null +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml @@ -0,0 +1,337 @@ +business-api-ecosystem: + # is the target environment openshift? + openshift: true + + initContainer: + mysql: + image: "quay.io/i4trust/mysql" + apis: + image: "quay.io/i4trust/busybox:1.32" + + ## Marketplace OAuth and IdM configuration + ## + oauth: + # URL of the FIWARE IDM used for user authentication + server: https://idp-marketplace.beka-t-m.apps.fiware.fiware.dev + # OAuth2 Client ID of the BAE applicaiton + clientId: marketplace-id + # -- Callback URL path of frontend logic proxy for receiving the access tokens + callbackPath: /auth/fiware/callback + # -- IDP provider for passport strategy (fiware, keycloak, github, ...) + provider: fiware + # -- Default role: Role to be used if no role is assigned to user (optional) + defaultRole: seller + + siop: + enabled: true + clientId: marketplace-client + verifier: + host: https://verifier-marketplace.beka-t-m.apps.fiware.fiware.dev + # Configuration for the Credential Config Service initiation + ccs: + endpoint: "http://ccs-credentials-config-service.beka-t-m.svc.cluster.local:8080" + credentials: + - type: "VerifiableCredential" + trustedParticipantsLists: [ + "https://tir.beka-t-m.apps.fiware.fiware.dev" + ] + trustedIssuersLists: [ + ] + - type: "MarketplaceUserCredential" + trustedParticipantsLists: [ + "https://tir.beka-t-m.apps.fiware.fiware.dev" + ] + trustedIssuersLists: [ + ] + + ## External URL used to access the BAE frontend (logic proxy) + ## Should match the host of the Ingress or Route of the Logic Proxy + ## + externalUrl: https://marketplace.beka-t-m.apps.fiware.fiware.dev + + ## Configuration for biz-ecosystem-apis component + ## + bizEcosystemApis: + + ## Service account + serviceAccount: + create: false + + ## Security context + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + # Existing Secret + existingSecret: bae-apis-secret + + ## -- deployment specific configuration + deployment: + ## -- configuration of the image to be used + image: + ## -- BAE APIs image name + ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-apis + repository: quay.io/fiware/biz-ecosystem-apis + ## -- tag of the image to be used + tag: v8.1.0-rc1 + ## -- specification of the image pull policy + pullPolicy: IfNotPresent + + ## port that the APIs container uses + port: 8080 + + ## database configuration for APIs + db: + ## host of the database to be used + host: mysql-bae + ## password for connecting the database + #password: dbPassword + + + ## Configuration for biz-ecosystem-rss component + ## + bizEcosystemRss: + + ## Service account + serviceAccount: + create: false + + ## Security context + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + # Existing Secret + existingSecret: bae-rss-secret + + ## -- deployment specific configuration + deployment: + ## -- configuration of the image to be used + image: + ## -- BAE RSS image name + ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-rss + repository: quay.io/fiware/biz-ecosystem-rss + ## -- tag of the image to be used + tag: v8.0.0 + ## -- specification of the image pull policy + pullPolicy: IfNotPresent + #pullPolicy: Always + + ## port that the RSS container uses + port: 8080 + + ## database configuration for RSS + db: + ## host of the database to be used + host: mysql-bae + ## URL connection string of the database to be used + url: jdbc:mysql://mysql-bae:3306/RSS + ## password for connecting the database + #password: dbPassword + + + ## Configuration for biz-ecosystem-charging-backend component + ## + bizEcosystemChargingBackend: + + ## Service account + serviceAccount: + create: false + + ## Security context + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + # Existing Secret + existingSecret: bae-cb-secret + + ## -- deployment specific configuration + deployment: + ## -- configuration of the image to be used + image: + ## -- BAE Charging backend image name + ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-charging-backend + repository: quay.io/fiware/biz-ecosystem-charging-backend + ## -- tag of the image to be used + tag: v8.1.0-dev-rc1 + ## -- specification of the image pull policy + #pullPolicy: IfNotPresent + pullPolicy: Always + + ## -- PVC configuration for charging backend plugins + plugins: + ## -- Enable the PVC for plugins storage + enabled: true + ## -- Annotations + annotations: + helm.sh/resource-policy: "keep" + + ## -- PVC configuration for charging backend media directories (/assets and /bills) + media: + # -- Enable the PVC for media storage + enabled: true + + ## port that the charging backend container uses + port: 8006 + + # -- Loglevel + loglevel: debug + + ## payment configuration + payment: + ## method: paypal or None (testing mode payment disconected) + method: None + + ## database configuration for Charging backend (MongoDB) + db: + ## host of the database to be used + host: mongodb + ## Database name for connecting the database + database: charging_db + ## username for connecting the database + user: charging + ## password for connecting the database + #password: charging + + ## -- Configuration for backing up the pvcs of the charging backend into a gcs-bucket + backup: + ## -- should the backup for file data be enabled + enabled: false + + # -- Sets wehther to expect the user access token in each request from the logic proxy + propagateToken: false + + # -- Base app path of charging backend (for versions < 8.1.0: /business-ecosystem-charging-backend, for versions >= 8.1.0: /opt/business-ecosystem-charging-backend) + basePath: /opt/business-ecosystem-charging-backend + + # -- List of additional ENV vars to be set, e.g., to be used in asset plugins + extraEnvVars: + - name: BAE_PLUGIN_VC + value: "ewogICJ0eXBlIiA6IFsgIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkFjdGl2YXRpb25TZXJ2aWNlIiBdLAogICJAY29udGV4dCIgOiBbICJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsICJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIgXSwKICAiaWQiIDogInVybjp1dWlkOmM3ZTdkNGExLTc1NzktNDBhMy1iNDE4LTU5ZjZhOWYyZjZiMSIsCiAgImlzc3VlciIgOiAiZGlkOndlYjptYXJrZXRwbGFjZS5kc2JhLmZpd2FyZS5kZXY6ZGlkIiwKICAiaXNzdWFuY2VEYXRlIiA6ICIyMDIzLTA2LTA3VDA3OjQ1OjA2WiIsCiAgImlzc3VlZCIgOiAiMjAyMy0wNi0wN1QwNzo0NTowNloiLAogICJ2YWxpZEZyb20iIDogIjIwMjMtMDYtMDdUMDc6NDU6MDZaIiwKICAiZXhwaXJhdGlvbkRhdGUiIDogIjIwMzItMTItMDhUMTM6MDU6MDZaIiwKICAiY3JlZGVudGlhbFNjaGVtYSIgOiB7CiAgICAiaWQiIDogImh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9GSVdBUkUtT3BzL2k0dHJ1c3QtcHJvdmlkZXIvbWFpbi9kb2NzL3NjaGVtYS5qc29uIiwKICAgICJ0eXBlIiA6ICJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEiCiAgfSwKICAiY3JlZGVudGlhbFN1YmplY3QiIDogewogICAgImlkIiA6ICIwYjg3NjAwMC0zNmM3LTQ3ZWQtYjg5Ni01YjVlYzE2MzY2M2EiLAogICAgInJvbGVzIiA6IFsgewogICAgICAibmFtZXMiIDogWyAiQ1JFQVRFX0lTU1VFUiIgXSwKICAgICAgInRhcmdldCIgOiAiZGlkOndlYjpwYWNrZXRkZWxpdmVyeS5kc2JhLmZpd2FyZS5kZXY6ZGlkIgogICAgfSBdLAogICAgImVtYWlsIiA6ICJtYXJrZXRwbGFjZUBteW1haWwuY29tIgogIH0sCiAgInByb29mIiA6IHsKICAgICJ0eXBlIiA6ICJKc29uV2ViU2lnbmF0dXJlMjAyMCIsCiAgICAiY3JlYXRvciIgOiAiZGlkOndlYjptYXJrZXRwbGFjZS5kc2JhLmZpd2FyZS5kZXY6ZGlkIiwKICAgICJjcmVhdGVkIiA6ICIyMDIzLTA2LTA3VDA3OjQ1OjA2WiIsCiAgICAidmVyaWZpY2F0aW9uTWV0aG9kIiA6ICJkaWQ6d2ViOm1hcmtldHBsYWNlLmRzYmEuZml3YXJlLmRldjpkaWQjNmY0YzEyNTVmNGE1NDA5MGJjOGZmNzM2NWIxM2E5YjciLAogICAgImp3cyIgOiAiZXlKaU5qUWlPbVpoYkhObExDSmpjbWwwSWpwYkltSTJOQ0pkTENKaGJHY2lPaUpRVXpJMU5pSjkuLlRoU0pWNHZWaGx4WVUzTjdPU2s2LXRuS3ZkQUNmWTltaFJxQ1ZJZjBlTENDU2JrRXlZVjRzZXZkN0FDLUhHWUoyS1dtTXlKVG0tLWdOb2d0NUl1VGFhNS1vVGVnWUJUeVJJY190aFpneEo0NF83V2ZwTy13QVk0dXl1S3p0LVRZVmhRU1dRNWxBX0NwVDltTDcyTkFHUDR2bk5vVnZTa1hoSUNCX2c3YTJLcWw0eHNSLXdaNmh0VjhXNGJlRGV2aHUzYWpPLVE2NUtYUVBad0lub1VwV2gxcmNyRWl5Ukp6OXBJMzE0NmQ3NmlrakxEZTByUVNNTWttMGJEUTg2b3NuY3VHLUhZSWJ3VkY5eEtpZWI2V19NdXBtV2FaUlVudmV3am0xX1pRQ0ZyS3czVUNMNkplU2hkbzdMSnBNX2JSa1hjSU5FUFhCV0pwNzc0eXYxaXlpQSIKICB9Cn0=" + + ## -- Configuration of local key and certificate for validation and generation of tokens + token: + enabled: false + + + + ## Configuration for biz-ecosystem-logic-proxy component + ## + bizEcosystemLogicProxy: + + ## Service account + serviceAccount: + create: false + + ## Security context + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + # Existing Secret + existingSecret: bae-lp-secret + + ## -- statefulset specific configuration + statefulset: + ## -- configuration of the image to be used + image: + ## -- BAE Logic Proxy image name + ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-logic-proxy + repository: quay.io/beknazar/baelp-demo4 + ## -- tag of the image to be used + tag: 3baa4e44db9971b62c65721680a87d264952b35b + ## -- specification of the image pull policy + pullPolicy: Always + #pullPolicy: IfNotPresent + + ## openshift specific route definition. Will not work on plain k8s + route: + ## -- should the deployment create openshift routes + enabled: true + # -- Routes that should be created + routes: + - host: marketplace.beka-t-m.apps.fiware.fiware.dev + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + + ## ingress configuration + ## OpenShift: oc label namespace marketplace ingress=nginx + ingress: + ## should there be an ingress to connect keyrock with the public internet + enabled: false + + + ## port that the logic proxy container uses + port: 8004 + + ## Deployment in development or in production + nodeEnvironment: development + + ## database configuration for Logic Proxy (MongoDB) + db: + # host of the database to be used + host: mongodb + # Database name for connecting the database + database: belp_db + # username for connecting the database + user: belp + # password for connecting the database + #password: belp + + ## -- elasticsearch configuration + elastic: + ## -- indexing engine of logic proxy + engine: elasticsearch + ## -- URL of elasticsearch service + url: elasticsearch-master:9200 + ## -- API version of elasticsearch + version: 7.5 + + # -- Base app path of logic proxy (for versions < 8.1.0: /business-ecosystem-logic-proxy, for versions >= 8.1.0: /opt/business-ecosystem-logic-proxy) + basePath: /opt/business-ecosystem-logic-proxy + #basePath: /business-ecosystem-logic-proxy + + ## -- Custom theme configuration + theme: + ## -- Enable theme + enabled: true + ## -- Name of the theme + name: i4trust + ## -- Size of PVC to be created + size: 4Gi + ## Image which holds the theme files + image: quay.io/wi_stefan/bae-i4trust-theme:1.0.1 + # -- specification of the image pull policy + imagePullPolicy: Always + ## Path to the source theme files inside the container + # Files will be copied to /themes/{{name}} with the PVC mounted at /themes + sourcePath: /bae-i4trust-theme + + ## -- Configuration for external IDPs + externalIdp: + # -- Enable usage of external IDPs + enabled: true + # -- Show login button for local IDP + showLocalLogin: true + + # -- Sets wehther the logic proxy should propagate the user access token to the backend components + propagateToken: false + + ## -- Configuration of local key and certificate for validation and generation of tokens + token: + enabled: false + diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-marketplace.yml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-marketplace.yml deleted file mode 100644 index d84e610..0000000 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/values-marketplace.yml +++ /dev/null @@ -1,291 +0,0 @@ -# Values for fiware/business-api-ecosystem Helm Chart -# -# Chart values file: -# ref: https://github.com/FIWARE/helm-charts/blob/main/charts/business-api-ecosystem/values.yaml -# - - -## Marketplace OAuth and IdM configuration -## -oauth: - # URL of the FIWARE IDM dedicated to the BAE used for user authentication (administrative access) - # Should match the host of the Ingress or Route of the Keyrock instance - server: https://keyrock.domain.org - # OAuth2 Client ID of the BAE application within Keyrock - clientId: - # OAuth2 Client Secret of the BAE application within Keyrock - clientSecret: - - -## External URL used to access the BAE frontend (logic proxy) -## Should match the host of the Ingress or Route of the Logic Proxy -## -externalUrl: https://marketplace.domain.org - - -## Configuration for biz-ecosystem-apis component -## -bizEcosystemApis: - ## -- deployment specific configuration - deployment: - ## -- configuration of the image to be used - image: - ## -- tag of the image to be used - tag: v8.1.0-rc1 - ## -- specification of the image pull policy - pullPolicy: IfNotPresent - - ## database configuration for APIs (MySQL) - db: - ## host of the database to be used (K8s internal service hostname) - host: mysql.marketplace.svc.cluster.local - ## password for connecting the database (MySQL root password) - password: - - ## port that the APIs container uses - port: 8080 - - ## Service account (might be necessary on OpenShift) - #serviceAccount: - # create: false - # name: - - ## Security context (might be necessary on OpenShift) - #securityContext: - ## -- specifies the user UID - # runAsUser: 0 - ## -- specifies the group GID - # runAsGroup: 0 - - -## Configuration for biz-ecosystem-rss component -## -bizEcosystemRss: - ## -- deployment specific configuration - deployment: - ## -- configuration of the image to be used - image: - ## -- tag of the image to be used - tag: v8.0.0 - ## -- specification of the image pull policy - pullPolicy: IfNotPresent - - ## database configuration for RSS (MySQL) - db: - ## host of the database to be used (K8s internal service hostname) - host: mysql.marketplace.svc.cluster.local - ## URL connection string of the database to be used (leave the port and DB name RSS unchanged) - url: jdbc:mysql://mysql.marketplace.svc.cluster.local:3306/RSS - ## password for connecting the database (MySQL root password) - password: - - ## port that the RSS container uses - port: 8080 - - ## Service account (might be necessary on OpenShift) - #serviceAccount: - # create: false - # name: - - ## Security context (might be necessary on OpenShift) - #securityContext: - ## -- specifies the user UID - # runAsUser: 0 - ## -- specifies the group GID - # runAsGroup: 0 - - -## Configuration for biz-ecosystem-charging-backend component -## -bizEcosystemChargingBackend: - ## -- deployment specific configuration - deployment: - ## -- configuration of the image to be used - image: - ## -- BAE Charging backend image name - ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-charging-backend - repository: fiware/biz-ecosystem-charging-backend - ## -- tag of the image to be used - tag: v8.1.0-dev - ## -- specification of the image pull policy - pullPolicy: IfNotPresent - - ## -- PVC configuration for charging backend plugins - ## Enable to allow loading plugins from PVC. - plugins: - ## -- Enable the PVC for plugins storage - enabled: true - - ## database configuration for Charging backend (MongoDB) - db: - ## host of the database to be used (K8s internal service hostname) - host: mongodb.marketplace.svc.cluster.local - ## Database name for connecting the database - database: charging_db - ## username for connecting the database - user: charging - ## password for connecting the database (MongoDB password of user charging) - password: charging-password - - ## port that the charging backend container uses - port: 8006 - - ## payment configuration - payment: - ## method: paypal or None - method: None - - ## Paypal Oauth2 configuration (if payment.method == paypal) - #paypal: - ## Paypal Client-ID - # clientId: - ## Paypal Client-Secret - # clientSecret: - - # -- Sets wehther to expect the user access token in each request from the logic proxy - propagateToken: false - - ## -- Configuration of local key and certificate for validation and generation of tokens - token: - enabled: true - identifier: "EU.EORI.NLMARKETPLA" - key: | - -----BEGIN PRIVATE KEY----- - - -----END PRIVATE KEY----- - cert: | - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - - ## Service account (might be necessary on OpenShift) - #serviceAccount: - # create: false - # name: - - ## Security context (might be necessary on OpenShift) - #securityContext: - ## -- specifies the user UID - # runAsUser: 0 - ## -- specifies the group GID - # runAsGroup: 0 - - - -## Configuration for biz-ecosystem-logic-proxy component -## -bizEcosystemLogicProxy: - ## Set either an ingress or openshift route for making the Marketplace UI externally available - ## - ## openshift specific route definition. Will not work on plain k8s - route: - ## -- should the deployment create openshift routes - enabled: false - ## ingress configuration - ingress: - ## -- should there be an ingress to connect the logic proxy with the public internet - enabled: false - - ## -- statefulset specific configuration - statefulset: - ## -- configuration of the image to be used - image: - ## -- BAE Logic Proxy image name - ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-logic-proxy - repository: fiware/biz-ecosystem-logic-proxy - ## -- tag of the image to be used - tag: v8.1.0-dev - ## -- specification of the image pull policy - pullPolicy: IfNotPresent - - ## database configuration for Logic Proxy (MongoDB) - db: - # host of the database to be used (K8s internal service hostname) - host: mongodb.marketplace.svc.cluster.local - # Database name for connecting the database - database: belp_db - # username for connecting the database - user: belp - # password for connecting the database (MongoDB password of user charging) - password: belp-password - - ## -- elasticsearch configuration - elastic: - ## -- indexing engine of logic proxy - engine: elasticsearch - ## -- URL of elasticsearch service - url: elasticsearch-master.marketplace.svc.cluster.local:9200 - ## -- API version of elasticsearch - version: 7.5 - - ## -- Base app path of logic proxy - basePath: /opt/business-ecosystem-logic-proxy - - ## Deployment in development or in production - nodeEnvironment: production - - ## port that the logic proxy container uses - port: 8004 - - ## -- Custom theme configuration - theme: - ## -- Enable theme - enabled: true - ## -- Name of the theme - name: i4trust - ## -- Size of PVC to be created - size: 4Gi - ## Image which holds the theme files - image: i4trust/bae-i4trust-theme:1.0.1 - # -- specification of the image pull policy - imagePullPolicy: Always - ## Path to the source theme files inside the container - # Files will be copied to /themes/{{name}} with the PVC mounted at /themes - sourcePath: /bae-i4trust-theme - - ## -- Configuration for external IDPs - externalIdp: - # -- Enable usage of external IDPs - enabled: true - # -- Show login button for local IDP - showLocalLogin: true - - # -- Sets wehther the logic proxy should propagate the user access token to the backend components - propagateToken: false - - ## -- Configuration of local key and certificate for validation and generation of tokens - token: - enabled: true - identifier: "EU.EORI.NLMARKETPLA" - key: | - -----BEGIN PRIVATE KEY----- - - -----END PRIVATE KEY----- - cert: | - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - - ## Service account (might be necessary on OpenShift) - #serviceAccount: - # create: false - # name: - - ## Security context (might be necessary on OpenShift) - #securityContext: - ## -- specifies the user UID - # runAsUser: 0 - ## -- specifies the group GID - # runAsGroup: 0 From e2cb9515af1e0625852e270b138e658d24f3b988 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Fri, 23 Jun 2023 13:14:12 +0200 Subject: [PATCH 17/18] Updated README --- .../i4Trust-Marketplace/README.md | 116 ++++++++++++++++-- 1 file changed, 104 insertions(+), 12 deletions(-) diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md index b9e8a7d..a9f2388 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md @@ -3,9 +3,10 @@ The following describes how to setup a full instance of the FIWARE Business API Ecosystem (BAE) in the context of an i4Trust Data Space. This includes the BAE itself, as well as the required databases and an Identity Provider (Keyrock) for administrative -access to the BAE. +access to the BAE. If you would like to add login with [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) to +the Marketplace, there is optional section for that. -This repository provides examples of the [Helm values files](./values) which show the minimum configuration +This repository provides examples of the [Helm values files](./values), which shows the minimum configuration parameters to be set. Adapt these for your setup before proceeding with the instructions. The helm chart of the BAE with all possible configuration values can be found here: @@ -26,9 +27,10 @@ helm repo add fiware https://fiware.github.io/helm-charts/ helm repo update ``` -We will assume that all components will be deployed within the namespace `marketplace`. +We will assume that all components will be deployed within the namespace `demo-marketplace`. So, if you have another +name for the namespace, make sure to replace it everywhere. ```shell -kubectl create ns marketplace +kubectl create ns demo-marketplace ``` Due to the iSHARE specification, requests can contain very large headers with the signed JWTs. @@ -57,19 +59,25 @@ The following databases are required: First modify the corresponding [values files](./values) according to your needs and then deploy the required databases MongoDB, MySQL and elasticsearch using `helm`. ```shell +# Deploy MySQL for Credentials Config Service and Trusted Issuers List +helm dependency build mysql/ +helm install -f ./mysql/values.yaml --namespace demo-marketplace mysql ./mysql + # Deploy elasticsearch -helm install -f ./values/values-elastic.yml --namespace marketplace elasticsearch elastic/elasticsearch --version 7.5.1 +helm dependency build elastic/ +helm install -f ./elastic/values.yaml --namespace demo-marketplace elasticsearch ./elastic -# Deploy MySQL: -helm install -f ./values/values-mysql.yml --namespace marketplace mysql t3n/mysql --version 1.0.0 +# Deploy MySQL for Marketplace: +helm dependency build mysql-bae/ +helm install -f ./mysql-bae/values.yaml --namespace demo-marketplace mysql-bae ./mysql-bae # Deploy MongoDB -helm install -f ./values/values-mongodb.yml --namespace marketplace mongodb bitnami/mongodb --version 12.1.31 +helm dependency build mongodb/ +helm install -f ./mongodb/values.yaml --namespace demo-marketplace mongodb ./mongodb ``` - ## Identity Provider (Keyrock) An instance of the Keyrock Identity Provider dedicated to the BAE is required in order to have @@ -82,7 +90,8 @@ Modify the Keyrock [values file](./values/values-keyrock.yml) according to your Make sure to setup an Ingress or OpenShift route in the values file for external access of the UI (e.g. https://keyrock.domain.org). ```shell -helm install -f ./values/values-keyrock.yml --namespace marketplace keyrock fiware/keyrock --version 0.6.0 +helm dependency build keyrock/ +helm install -f ./keyrock/values.yaml --namespace demo-marketplace keyrock ./keyrock ``` In a browser open the Keyrock UI (e.g. https://keyrock.domain.org) and login with the admin credentials provided in @@ -108,10 +117,92 @@ basically only need the `admin` role. Service providers and consumers will login +## Setting up environment for login with verifiable credentials + + +### WaltId + +Adjust values file for [walt-id](https://github.com/i4Trust/helm-charts/blob/main/charts/vcwaltid/values.yaml) +according to your needs and install it on your cluster: +```shell +helm dependency build walt-id/ +helm install --namespace demo-marketplace waltid ./walt-id/ -f ./walt-id/values.yaml +``` + + +### Keycloak + +Adjust values file for [keycloak](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/values.yaml) according +to your needs and install them on your cluster: +```shell +helm dependency build keycloak/ +helm install --namespace demo-marketplace keycloak ./keycloak/ -f ./keycloak/values.yaml +``` + + +### Trusted Issuers List + +Adjust values file for [trusted issuers list](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-list/values.yaml) +according to your needs and install them on your cluster: +```shell +helm dependency build trusted-issuers-list/ +helm install --namespace demo-marketplace til ./trusted-issuers-list/ -f ./trusted-issuers-list/values.yaml +``` + + +### Orion-LD + +Adjust values file for [orion-ld](https://github.com/FIWARE/helm-charts/blob/main/charts/orion/values.yaml) +according to your needs and install them on your cluster: +```shell +helm dependency build orion-ld/ +helm install --namespace demo-marketplace orion-ld ./orion-ld/ -f ./orion-ld/values.yaml +``` + + +### Trusted Issuers Registry + +Adjust values file for [trusted issuers registry](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-registry/values.yaml) +according to your needs and install them on your cluster: +```shell +helm dependency build trusted-issuers-registry/ +helm install --namespace demo-marketplace til ./trusted-issuers-registry/ -f ./trusted-issuers-registry/values.yaml +``` + + +### Credentials Config Service + +[Verifier](https://github.com/FIWARE/VCVerifier) is responsible to communicate with wallets and verify the credentials +they provide. To get this done, it needs information about: + +* the credentials to be requested from a wallet +* the credentials and claims an issuer is allowed to issue + +To do so, it requires a service that provides such information, e.g. the [Credentials Config Service] +(https://github.com/fiware/credentials-config-service) + +Adjust values file for [credentials-config-service](https://github.com/FIWARE/helm-charts/blob/main/charts/credentials-config-service/values.yaml) +according to your needs and install them on your cluster: +```shell +helm dependency build credentials-config-service/ +helm install --namespace demo-marketplace ccs ./credentials-config-service/ -f ./credentials-config-service/values.yaml +``` + + +### Verifier + +Adjust values file for [verifier](https://github.com/i4Trust/helm-charts/blob/main/charts/vcverifier/values.yaml) +according to your needs and install them on your cluster: +```shell +helm dependency build verifier/ +helm install --namespace demo-marketplace verifier ./verifier/ -f ./verifier/values.yaml +``` + + ## Business API Ecosystem (Marketplace) Finally, install the Business API Ecosystem. Make sure to setup an Ingress or OpenShift route in the -[values file](./values/values-marketplace.yml) for external +[values file](values/marketplace/values-marketplace.yml) for external access of the Marketplace UI / Logic Proxy (e.g. https://marketplace.domain.org). Furthermore adapt the configuration options for the databases, elasticsearch and Keyrock instance which have been setup before. This includes setting the OAuth2 credentials noted down before (parameters `oauth.clientId` and `oauth.clientSecret`). @@ -124,7 +215,8 @@ login dialog of the marketplace UI. The private key and certificate chain issued for the marketplace must be added in PEM format. ```shell # Deploy BAE -helm install -f ./values/values-marketplace.yml --namespace marketplace bae fiware/business-api-ecosystem --version 0.5.0 +helm dependency build bae/ +helm install -f ./bae/values.yaml --namespace demo-marketplace bae ./bae ``` The deployment of all components will take some time. When the logic proxy component has been deployed and changed to the running state, From f1813b145bd9cb447405b462e9b0394b38676844 Mon Sep 17 00:00:00 2001 From: Beknazar Esenbek Date: Mon, 26 Jun 2023 11:34:33 +0200 Subject: [PATCH 18/18] Replaced custom domains with dummy one and updated readme --- .../i4Trust-Marketplace/README.md | 36 ++++++++++--------- .../values/bae/values.yaml | 20 +++++------ .../values/keycloak/values.yaml | 6 ++-- .../values/keyrock/values.yaml | 16 ++++----- .../values/mongodb/templates/configmap.yaml | 3 +- .../values/mongodb/values.yaml | 2 +- .../values/trusted-issuers-list/values.yaml | 4 +-- .../trusted-issuers-registry/values.yaml | 2 +- .../values/verifier/values.yaml | 6 ++-- .../values/walt-id/values.yaml | 4 +-- 10 files changed, 51 insertions(+), 48 deletions(-) diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md index a9f2388..aa2c0ee 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/README.md @@ -86,7 +86,7 @@ on the standard OAuth2 protocol, whereas the Identity Providers deployed at the service consumers follow the OpenID Connect protocol based on iSHARE specifications. Therefore this Keyrock instance does not require any iSHARE-specific configuration. -Modify the Keyrock [values file](./values/values-keyrock.yml) according to your needs and deploy the Keyrock Identity Provider. +Modify the Keyrock [values file](./values/keyrock/values.yaml) according to your needs and deploy the Keyrock Identity Provider. Make sure to setup an Ingress or OpenShift route in the values file for external access of the UI (e.g. https://keyrock.domain.org). ```shell @@ -122,8 +122,9 @@ basically only need the `admin` role. Service providers and consumers will login ### WaltId -Adjust values file for [walt-id](https://github.com/i4Trust/helm-charts/blob/main/charts/vcwaltid/values.yaml) -according to your needs and install it on your cluster: +Adjust values file for [waltid](./values/walt-id/values.yaml) +according to your needs and install it on your cluster. Default values could be checked at +[chart repo](https://github.com/i4Trust/helm-charts/blob/main/charts/vcwaltid/values.yaml) ```shell helm dependency build walt-id/ helm install --namespace demo-marketplace waltid ./walt-id/ -f ./walt-id/values.yaml @@ -132,8 +133,9 @@ helm install --namespace demo-marketplace waltid ./walt-id/ -f ./walt-id/values. ### Keycloak -Adjust values file for [keycloak](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/values.yaml) according -to your needs and install them on your cluster: +Adjust values file for [keycloak](./values/keycloak/values.yaml) according +to your needs. Check the [chart repo](https://github.com/bitnami/charts/blob/main/bitnami/keycloak/values.yaml) +for default values. ```shell helm dependency build keycloak/ helm install --namespace demo-marketplace keycloak ./keycloak/ -f ./keycloak/values.yaml @@ -142,8 +144,9 @@ helm install --namespace demo-marketplace keycloak ./keycloak/ -f ./keycloak/val ### Trusted Issuers List -Adjust values file for [trusted issuers list](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-list/values.yaml) -according to your needs and install them on your cluster: +Modify values file for [trusted issuers list](./values/trusted-issuers-list/values.yaml) and install it on your cluster. +Check [chart repo](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-list/values.yaml) for more +details. ```shell helm dependency build trusted-issuers-list/ helm install --namespace demo-marketplace til ./trusted-issuers-list/ -f ./trusted-issuers-list/values.yaml @@ -152,8 +155,8 @@ helm install --namespace demo-marketplace til ./trusted-issuers-list/ -f ./trust ### Orion-LD -Adjust values file for [orion-ld](https://github.com/FIWARE/helm-charts/blob/main/charts/orion/values.yaml) -according to your needs and install them on your cluster: +Orion-LD also needs to be installed, since TIR component depends on it. Check [chart repo](https://github.com/FIWARE/helm-charts/blob/main/charts/orion/values.yaml) +to see the default values to install it. ```shell helm dependency build orion-ld/ helm install --namespace demo-marketplace orion-ld ./orion-ld/ -f ./orion-ld/values.yaml @@ -162,8 +165,9 @@ helm install --namespace demo-marketplace orion-ld ./orion-ld/ -f ./orion-ld/val ### Trusted Issuers Registry -Adjust values file for [trusted issuers registry](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-registry/values.yaml) -according to your needs and install them on your cluster: +Adjust values file for [trusted issuers registry](./values/trusted-issuers-registry/values.yaml) according to your needs +and install it on your cluster. Check [chart repo](https://github.com/FIWARE/helm-charts/blob/main/charts/trusted-issuers-registry/values.yaml) +for more details. ```shell helm dependency build trusted-issuers-registry/ helm install --namespace demo-marketplace til ./trusted-issuers-registry/ -f ./trusted-issuers-registry/values.yaml @@ -181,8 +185,8 @@ they provide. To get this done, it needs information about: To do so, it requires a service that provides such information, e.g. the [Credentials Config Service] (https://github.com/fiware/credentials-config-service) -Adjust values file for [credentials-config-service](https://github.com/FIWARE/helm-charts/blob/main/charts/credentials-config-service/values.yaml) -according to your needs and install them on your cluster: +Modify values file for [credentials-config-service](./values/credentials-config-service/values.yaml) +and install it on your cluster. To see the default values, see [chart repo](https://github.com/FIWARE/helm-charts/blob/main/charts/credentials-config-service/values.yaml). ```shell helm dependency build credentials-config-service/ helm install --namespace demo-marketplace ccs ./credentials-config-service/ -f ./credentials-config-service/values.yaml @@ -191,8 +195,8 @@ helm install --namespace demo-marketplace ccs ./credentials-config-service/ -f . ### Verifier -Adjust values file for [verifier](https://github.com/i4Trust/helm-charts/blob/main/charts/vcverifier/values.yaml) -according to your needs and install them on your cluster: +Adjust values file for [verifier](./values/verifier/values.yaml) according to your needs and install it on your cluster. +Check the [chart repo](https://github.com/i4Trust/helm-charts/blob/main/charts/vcverifier/values.yaml) for more details. ```shell helm dependency build verifier/ helm install --namespace demo-marketplace verifier ./verifier/ -f ./verifier/values.yaml @@ -202,7 +206,7 @@ helm install --namespace demo-marketplace verifier ./verifier/ -f ./verifier/val ## Business API Ecosystem (Marketplace) Finally, install the Business API Ecosystem. Make sure to setup an Ingress or OpenShift route in the -[values file](values/marketplace/values-marketplace.yml) for external +[values file](values/bae/values.yaml) for external access of the Marketplace UI / Logic Proxy (e.g. https://marketplace.domain.org). Furthermore adapt the configuration options for the databases, elasticsearch and Keyrock instance which have been setup before. This includes setting the OAuth2 credentials noted down before (parameters `oauth.clientId` and `oauth.clientSecret`). diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml index da5abf0..4eb03fd 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/bae/values.yaml @@ -12,7 +12,7 @@ business-api-ecosystem: ## oauth: # URL of the FIWARE IDM used for user authentication - server: https://idp-marketplace.beka-t-m.apps.fiware.fiware.dev + server: https://idp-marketplace.domain.org # OAuth2 Client ID of the BAE applicaiton clientId: marketplace-id # -- Callback URL path of frontend logic proxy for receiving the access tokens @@ -26,20 +26,20 @@ business-api-ecosystem: enabled: true clientId: marketplace-client verifier: - host: https://verifier-marketplace.beka-t-m.apps.fiware.fiware.dev + host: https://verifier-marketplace.domain.org # Configuration for the Credential Config Service initiation ccs: - endpoint: "http://ccs-credentials-config-service.beka-t-m.svc.cluster.local:8080" + endpoint: "http://ccs-credentials-config-service.demo.svc.cluster.local:8080" credentials: - type: "VerifiableCredential" trustedParticipantsLists: [ - "https://tir.beka-t-m.apps.fiware.fiware.dev" + "https://tir.domain.org" ] trustedIssuersLists: [ ] - type: "MarketplaceUserCredential" trustedParticipantsLists: [ - "https://tir.beka-t-m.apps.fiware.fiware.dev" + "https://tir.domain.org" ] trustedIssuersLists: [ ] @@ -47,7 +47,7 @@ business-api-ecosystem: ## External URL used to access the BAE frontend (logic proxy) ## Should match the host of the Ingress or Route of the Logic Proxy ## - externalUrl: https://marketplace.beka-t-m.apps.fiware.fiware.dev + externalUrl: https://marketplace.domain.org ## Configuration for biz-ecosystem-apis component ## @@ -246,11 +246,11 @@ business-api-ecosystem: image: ## -- BAE Logic Proxy image name ## ref: https://hub.docker.com/r/fiware/biz-ecosystem-logic-proxy - repository: quay.io/beknazar/baelp-demo4 + repository: fiware/biz-ecosystem-logic-proxy ## -- tag of the image to be used - tag: 3baa4e44db9971b62c65721680a87d264952b35b + tag: v8.1.0-dev ## -- specification of the image pull policy - pullPolicy: Always + pullPolicy: IfNotPresent #pullPolicy: IfNotPresent ## openshift specific route definition. Will not work on plain k8s @@ -259,7 +259,7 @@ business-api-ecosystem: enabled: true # -- Routes that should be created routes: - - host: marketplace.beka-t-m.apps.fiware.fiware.dev + - host: marketplace.domain.org tls: termination: edge insecureEdgeTerminationPolicy: Redirect diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml index 66a5c60..b070a48 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keycloak/values.yaml @@ -1,6 +1,6 @@ route: enabled: true - host: marketplace-kc.beka-t-m.apps.fiware.fiware.dev + host: marketplace-kc.domain.org tls: insecureEdgeTerminationPolicy: Redirect termination: edge @@ -56,7 +56,7 @@ keycloak: - name: KEYCLOAK_LOG_LEVEL value: INFO - name: VCISSUER_ISSUER_DID - value: "did:web:marketplace.beka-t-m.fiware.dev:did" + value: "did:web:marketplace.demo.fiware.dev:did" - name: VCISSUER_WALTID_ADDRESS value: "http://waltid-vcwaltid" @@ -115,4 +115,4 @@ keycloak: name: keycloak waltid: - host: marketplace.beka-t-m.apps.fiware.fiware.dev \ No newline at end of file + host: marketplace.domain.org \ No newline at end of file diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/values.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/values.yaml index da4c9c1..5b93678 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/values.yaml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/keyrock/values.yaml @@ -24,12 +24,12 @@ keyrock: existingSecret: keyrock-secret - host: https://idp-marketplace.beka-t-m.apps.fiware.fiware.dev + host: https://idp-marketplace.domain.org route: enabled: true routes: - - host: idp-marketplace.beka-t-m.apps.fiware.fiware.dev + - host: idp-marketplace.domain.org tls: termination: edge insecureEdgeTerminationPolicy: Redirect @@ -49,7 +49,7 @@ keyrock: # -- Enable usage of authorisation registry enabled: true # -- Identifier (EORI) of AR - identifier: "did:web:marketplace.beka-t-m.fiware.dev:did" + identifier: "did:web:marketplace.demo.fiware.dev:did" # -- URL of AR url: "internal" @@ -60,11 +60,11 @@ keyrock: # -- Identifier (EORI) of satellite identifier: "EU.EORI.FIWARESATELLITE" # -- URL of satellite - url: "https://tir.beka-t-m.apps.fiware.fiware.dev" + url: "https://tir.domain.org" # -- Token endpoint of satellite - tokenEndpoint: "https://tir.beka-t-m.apps.fiware.fiware.dev/token" + tokenEndpoint: "https://tir.domain.org/token" # -- Parties endpoint of satellite - partiesEndpoint: "https://tir.beka-t-m.apps.fiware.fiware.dev/parties" + partiesEndpoint: "https://tir.domain.org/parties" ## -- Configuration of local key and certificate for validation and generation of tokens token: @@ -109,8 +109,8 @@ marketplace: secret: f7e11746-b84f-4748-86e5-107146e888h7 name: Marketplace description: Keyrock client for the marketplace. - url: https://marketplace.beka-t-m.apps.fiware.fiware.dev - redirectUrl: https://marketplace.beka-t-m.apps.fiware.fiware.dev/auth/fiware/callback + url: https://marketplace.domain.org + redirectUrl: https://marketplace.domain.org/auth/fiware/callback grantType: authorization_code,refresh_token responseType: code tokenTypes: bearer diff --git a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml index add3f3a..5a78e1c 100644 --- a/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml +++ b/PacketDelivery-ReferenceExample/i4Trust-Marketplace/values/mongodb/templates/configmap.yaml @@ -1,8 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: mongodb-beka-t-m-configmap - namespace: beka-t-m + name: mongodb-demo-configmap data: init-db.sh: | mongo <