Merge pull request #106 from eclipse-tractusx/release/v0.1.0-localdev

release(localdev): : merge in main

.github/workflows/chart-release.yaml

@@ -60,10 +60,12 @@ jobs:
         run: |
           cd charts/localdev
           helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm repo add bitnami https://charts.bitnami.com/bitnami
           helm repo add pgadmin4 https://helm.runix.net
           helm dependency update
 
       - name: Run chart-releaser
         uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_SKIP_EXISTING: "true"

.github/workflows/localdev-chart-test.yaml

@@ -136,8 +136,9 @@ jobs:
       - name: Run helm install
         run: |
           helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm repo add bitnami https://charts.bitnami.com/bitnami
           helm repo add pgadmin4 https://helm.runix.net
-          helm install local charts/localdev
+          helm install local charts/localdev --timeout 20m
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
       #   # Upgrade the released localdev chart version with the locally available chart

charts/localdev/Chart.yaml

@@ -20,7 +20,7 @@
 apiVersion: v2
 name: localdev-portal-iam
 type: application
-version: 0.0.1
+version: 0.1.0
 description: Setup of CX Portal & IAM for local development
 home: https://github.com/eclipse-tractusx/portal-cd
 sources:
@@ -33,16 +33,21 @@ dependencies:
   - condition: portal.enabled
     name: portal
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.6.0
+    version: 1.7.0-alpha
   - condition: centralidp.enabled
     name: centralidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.2.0
+    version: 2.0.0-alpha
   - condition: sharedidp.enabled
     name: sharedidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.2.0
+    version: 2.0.0-alpha
   - condition: pgadmin4.enabled
     name: pgadmin4
     repository: https://helm.runix.net
     version: 1.17.x
+  - condition: postgresql.enabled
+    name: postgresql
+    alias: postgresportal
+    repository: https://charts.bitnami.com/bitnami
+    version: 12.12.x

charts/localdev/README.md.gotmpl

@@ -4,38 +4,35 @@
 
 This umbrella chart installs the helm charts of the [CX Portal](https://github.com/eclipse-tractusx/portal-cd/blob/portal-1.6.0/charts/portal/README.md) and of the [CX IAM](https://github.com/eclipse-tractusx/portal-iam) Keycloak instances ([centralidp](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-1.2.0/charts/centralidp/README.md) and [sharedidp](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-1.2.0/charts/sharedidp/README.md)).
 
-This chart also sets up a [pgadmin4](https://artifacthub.io/packages/helm/runix/pgadmin4) instance for easy access to the deployed Postgres databases which are only available from within the Kubernetes cluster.
+It's intended for the local setup of the those components in order to aid the local development. To integrate your local development, adapt the address values in the Values file for [Portal Frontend](./values.yaml#L23) and/or [Portal Backend](./values.yaml#L27).
 
-For detailed information about the default configuration values, please have a look at the [Values table](#values) and/or [Values file](./values.yaml).
+This chart also sets up an additional [postgresql](https://artifacthub.io/packages/helm/bitnami/postgresql) instance to support the Portal Backend development as well as a [pgadmin4](https://artifacthub.io/packages/helm/runix/pgadmin4) instance for easy access to the deployed Postgres databases which are only available from within the Kubernetes cluster.
 
-It's intended for the local setup of the those components in order to aid the local development. In order to integrate with the local development adapt the address values in the Values file for [Portal Frontend](./values.yaml#L23) and/or [Portal Backend](./values.yaml#L27).
+For detailed information about the default configuration values, please have a look at the [Values table](#values) and/or [Values file](./values.yaml).
 
 ## Usage
 
-The following steps describe how to setup the LocalDev chart into the default namespace of your started [**Minikube**](https://minikube.sigs.k8s.io/docs/start) cluster:
+The following steps describe how to setup the LocalDev chart into the namespace 'localdev' of your started [**Minikube**](https://minikube.sigs.k8s.io/docs/start) cluster:
 
 > **Note**
 >
 > In its current state of development, this chart as well as the following installation guide have been tested on Linux and Mac.
 >
-> Please be aware that most of the installed images are only available in amd64 architecture and that the installation on Mac (specifically on Apple Silicon) may come with performance issues or even crashing behavior.
->
-> **Linux** is the **preferred platform** to install this chart on.
-> Very generally speaking, amd64 architecture is quite common with Linux devices and also the network setup with Minikube is very straightforward on Linux.
+> **Linux** is the **preferred platform** to install this chart on as the network setup with Minikube is very straightforward on Linux.
 >
 > We plan to test the chart's reliability also on Windows and to update the installation guide accordingly.
 
 > **Recommendations**
 >
 > Resources for Minikube
->| OS     | CPU(cores) | Memory(GB) |
->| :------| :--------: | :--------: |
->| Linux  |     2      |      6     |
->| Mac    |     4      |      8     |
+> | CPU(cores) | Memory(GB) |
+> | :--------: | :--------: |
+> |     2      |      6     |
+>
+> Use the dashboard provided by Minikube to get an overview about the deployed components:
 >
-> Use the dashboard provided by Minikube to get an overview about the deployment on the cluster
 > ```bash 
-> $ minikube dashboard
+> minikube dashboard
 > ```
 
 1. [Prepare self-signed TLS setup](#1-prepare-self-signed-tls-setup)
@@ -52,7 +49,8 @@ helm repo update
 ```bash
 helm install \
   cert-manager jetstack/cert-manager \
-  --namespace default \
+  --namespace localdev \
+  --create-namespace \
   --version v1.13.0 \
   --set installCRDs=true
 ```
@@ -70,7 +68,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: my-selfsigned-ca
-  namespace: default
+  namespace: localdev
 spec:
   isCA: true
   commonName: cx.local
@@ -106,13 +104,13 @@ See [cert-manager self-signed](https://cert-manager.io/docs/configuration/selfsi
 In order to enable the local access via ingress, use the according addon for Minikube:
 
 ```bash
-$ minikube addons enable ingress
+minikube addons enable ingress
 ```
 
 Make sure that the DNS resolution for the hostnames is in place:
 
 ```bash
-$ minikube addons enable ingress-dns
+minikube addons enable ingress-dns
 ```
 And execute installation step [3 Add the `minikube ip` as a DNS server](https://minikube.sigs.k8s.io/docs/handbook/addons/ingress-dns) for your OS:
 
@@ -127,7 +125,7 @@ Replace 192.168.49.2 with your minikube ip.
 To find out the IP address of your Minikube:
 
 ```bash 
-$ minikube ip
+minikube ip
 ```
 
 Additional network setup for Mac only:
@@ -143,14 +141,14 @@ Necessary due to [#7332](https://github.com/kubernetes/minikube/issues/7332).
 Install the chart with the release name 'local':
 
 ```bash
-$ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
-$ helm install local tractusx-dev/{{ template "chart.name" . }}
+helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+helm install local tractusx-dev/{{ template "chart.name" . }} --namespace localdev
 ```
 
 To set your own configuration and secret values, install the helm chart with your own values file:
 
 ```bash
-$ helm install -f your-values.yaml local tractusx-dev/{{ template "chart.name" . }}
+helm install -f your-values.yaml local tractusx-dev/{{ template "chart.name" . }} --namespace localdev
 ```
 
 #### From [portal-cd](https://github.com/eclipse-tractusx/portal-cd) repository:
@@ -160,34 +158,34 @@ Make sure to clone the [portal-cd](https://github.com/eclipse-tractusx/portal-cd
 Then change to the chart directory:
 
 ```bash
-$ cd charts/localdev/
+cd charts/localdev/
 ```
 Download the chart dependencies:
 
 ```bash
-$ helm dependency update
+helm dependency update
 ```
 
 Install the chart with the release name 'local':
 
 ```bash
-$ helm install local .
+helm install local . --namespace localdev
 ```
 
 To set your own configuration and secret values, install the helm chart with your own values file:
 
 ```bash
-$ helm install local -f your-values.yaml .
+helm install local -f your-values.yaml . --namespace localdev
 ```
 
 ### 4. Perform first login
 
 Make sure to accept the risk of the self-signed certificates for the following hosts using the continue option:
-- [centralidp.example.org](https://centralidp.example.org)
-- [sharedidp.example.org](https://sharedidp.example.org)
+- [centralidp.example.org/auth/](https://centralidp.example.org/auth/)
+- [sharedidp.example.org/auth/](https://sharedidp.example.org/auth/)
 - [portal-backend.example.org](https://portal-backend.example.org)
 - [portal.example.org](https://portal.example.org)
-- [pgadmin4.example.org](https://pdadmin.example.org)
+- [pgadmin4.example.org](https://pgadmin4.example.org)
 
 Then proceed with the login to [portal.example.org](https://portal.example.org).
 

charts/localdev/templates/centralidp-tls.yaml → charts/localdev/templates/centralidp-spi.yaml

@@ -21,22 +21,20 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: centralidp-tls
+  name: centralidp-spi
   namespace: {{ .Release.Namespace }}
 type: Opaque
 # use lookup function to check if secret exists
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace "centralidp-tls") }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace "centralidp-spi") }}
 {{ if $secret -}}
 data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  tls-keystore-password: {{ ( .Values.centralidp.secrets.auth.tls.keystore | b64enc ) | default ( index $secret.data "tls-keystore-password" ) }}
-  tls-truststore-password: {{ ( .Values.centralidp.secrets.auth.tls.truststore | b64enc ) | default ( index $secret.data "tls-truststore-password" ) }}
+  spi-truststore-password: {{ ( .Values.centralidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( index $secret.data "spi-truststore-password" ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
-  tls-keystore-password: {{ ( .Values.centralidp.secrets.auth.tls.keystore | b64enc ) | default ( randAlphaNum 32 | quote ) }}
-  tls-truststore-password: {{ ( .Values.centralidp.secrets.auth.tls.truststore | b64enc ) | default ( randAlphaNum 32 | quote ) }}
+  spi-truststore-password: {{ ( .Values.centralidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( randAlphaNum 32 | quote ) }}
 {{ end }}
 {{- end -}}

charts/localdev/templates/configmap-backend-postgres-init.yaml

@@ -0,0 +1,57 @@
+{{- /*
+* Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{- if .Values.postgresportal.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.postgresportal.primary.initdb.scriptsConfigMap }}
+  namespace: {{ .Release.Namespace }}
+data:
+  01-init-db-user.sh: |
+    postgresql_create_portal_user() {
+      local -r escaped_password="${PORTAL_PASSWORD//\'/\'\'}"
+      info "Creating user portal"
+      export PGPASSWORD="$POSTGRES_PASSWORD"
+      echo "CREATE USER portal WITH PASSWORD '${escaped_password}';" | psql -U postgres
+    }
+    postgresql_create_portal_user
+    postgresql_create_provisioning_user() {
+      local -r escaped_password="${PROVISIONING_PASSWORD//\'/\'\'}"
+      info "Creating user provisioning"
+      export PGPASSWORD="$POSTGRES_PASSWORD"
+      echo "CREATE USER provisioning WITH PASSWORD '${escaped_password}';" | psql -U postgres
+    }
+    postgresql_create_provisioning_user
+  02-init-db.sql: |
+    CREATE SCHEMA portal;
+    ALTER SCHEMA portal OWNER TO portal;
+    CREATE SCHEMA provisioning;
+    ALTER SCHEMA provisioning OWNER TO provisioning;
+    CREATE TABLE public.__efmigrations_history_portal (
+        migration_id character varying(150) NOT NULL,
+        product_version character varying(32) NOT NULL
+    );
+    ALTER TABLE public.__efmigrations_history_portal OWNER TO portal;
+    CREATE TABLE public.__efmigrations_history_provisioning (
+        migration_id character varying(150) NOT NULL,
+        product_version character varying(32) NOT NULL
+    );
+    ALTER TABLE public.__efmigrations_history_provisioning OWNER TO provisioning;
+{{- end -}}

charts/localdev/templates/secret-postgres-init.yaml

@@ -0,0 +1,46 @@
+{{- /*
+* Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
+
+{{- if .Values.postgresportal.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.postgresportal.auth.existingSecret }}
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+# use lookup function to check if secret exists
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresportal.auth.existingSecret) }}
+{{ if $secret -}}
+data:
+  # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
+  # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
+  # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
+  postgres-password: {{ ( .Values.postgresportal.auth.password | b64enc )  | default ( index $secret.data "postgres-password" ) | quote }}
+  replication-password: {{ ( .Values.postgresportal.auth.replicationPassword | b64enc )  | default ( index $secret.data "replication-password" ) | quote }}
+  portal-password: {{ ( .Values.postgresportal.auth.portalPassword | b64enc ) | default ( index $secret.data "portal-password" ) | quote }}
+  provisioning-password: {{ ( .Values.postgresportal.auth.provisioningPassword | b64enc ) | default ( index $secret.data "provisioning-password" ) | quote }}
+{{ else -}}
+stringData:
+  # if secret doesn't exist, use provided value from values file or generate a random one
+  postgres-password: {{ .Values.postgresportal.auth.password | default ( randAlphaNum 32 ) | quote }}
+  replication-password: {{ .Values.postgresportal.auth.replicationPassword | default ( randAlphaNum 32 ) | quote }}
+  portal-password: {{ .Values.postgresportal.auth.portalPassword | default ( randAlphaNum 32 ) | quote }}
+  provisioning-password: {{ .Values.postgresportal.auth.provisioningPassword | default ( randAlphaNum 32 ) | quote }}
+{{ end }}
+{{- end -}}

charts/localdev/templates/sharedidp-tls.yaml → charts/localdev/templates/sharedidp-spi.yaml

@@ -21,22 +21,20 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: sharedidp-tls
+  name: sharedidp-spi
   namespace: {{ .Release.Namespace }}
 type: Opaque
 # use lookup function to check if secret exists
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace "sharedidp-tls") }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace "sharedidp-spi") }}
 {{ if $secret -}}
 data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  tls-keystore-password: {{ ( .Values.sharedidp.secrets.auth.tls.keystore | b64enc ) | default ( index $secret.data "tls-keystore-password" ) }}
-  tls-truststore-password: {{ ( .Values.sharedidp.secrets.auth.tls.truststore | b64enc ) | default ( index $secret.data "tls-truststore-password" ) }}
+  spi-truststore-password: {{ ( .Values.sharedidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( index $secret.data "spi-truststore-password" ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
-  tls-keystore-password: {{ ( .Values.sharedidp.secrets.auth.tls.keystore | b64enc ) | default ( randAlphaNum 32 | quote ) }}
-  tls-truststore-password: {{ ( .Values.sharedidp.secrets.auth.tls.truststore | b64enc ) | default ( randAlphaNum 32 | quote ) }}
+  spi-truststore-password: {{ ( .Values.sharedidp.secrets.auth.spi.truststorePassword | b64enc ) | default ( randAlphaNum 32 | quote ) }}
 {{ end }}
 {{- end -}}