Skip to content

Commit

Permalink
Merge pull request #57 from eclipse-tractusx/chore/add-miw-and-vault
Browse files Browse the repository at this point in the history
Chore/add miw and vault
  • Loading branch information
ds-jhartmann authored Apr 4, 2024
2 parents 61f5331 + 1e08179 commit e3548fb
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 1 deletion.
12 changes: 11 additions & 1 deletion charts/umbrella/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ sources:
- https://github.com/eclipse-tractusx/e2e-testing

type: application
version: 0.5.0
version: 0.6.0

dependencies:
# # TODO: update edc components to R23.12
Expand Down Expand Up @@ -70,3 +70,13 @@ dependencies:
name: sdfactory
repository: https://eclipse-tractusx.github.io/charts/dev
version: 2.1.12
# vault
- name: vault
condition: vault.enabled
repository: https://helm.releases.hashicorp.com
version: 0.20.0
# miw
- name: managed-identity-wallet
repository: https://eclipse-tractusx.github.io/charts/dev
version: 0.4.0
condition: managed-identity-wallet.enabled
62 changes: 62 additions & 0 deletions charts/umbrella/templates/post-install-vault-setup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# #############################################################################
# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
# #############################################################################
---
{{ if .Values.vault.enabled }}
{{- $vaultToken := .Values.vault.token -}}
{{- $vaultUrl := tpl .Values.vault.url . -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-post-install-vault-setup
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
containers:
- name: post-install-job
image: "ubuntu:mantic"
command:
- "/bin/sh"
- "-c"
- |
apt-get update && apt-get install -y --no-install-recommends wget
{{- range $key, $value := .Values.vault.secrets }}
wget --retry-connrefused --waitretry=1 --read-timeout=20 --timeout=15 -t 0 --header 'Content-Type: application/json' \
--header 'X-Vault-Token: {{ $vaultToken }}' \
--post-data '{"data": {"content": "{{ $value }}"}}' \
"{{ $vaultUrl }}/v1/secret/data/{{ $key }}"
{{- end }}
{{ end }}
54 changes: 54 additions & 0 deletions charts/umbrella/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -216,3 +216,57 @@ sdfactory:
clearingHouseClientId: ""
# -- Details for Clearing House Client Secret
clearingHouseClientSecret: ""

vault:
enabled: true
token: &vault-token root
url: http://{{ .Release.Name }}-vault:8200
secrets:
# TODO add test secret or secret reference. Can this be generated?
edc-test-miw-keycloak-secret: miw_private_client
# TODO add certificate or secret reference. Can Key Pairs be generated?
tokenSignerPublicKey: >-
-----BEGIN CERTIFICATE-----\n
test\n
-----END CERTIFICATE-----
# TODO add certificate or secret reference. Can Key Pairs be generated?
tokenSignerPrivateKey: >-
-----BEGIN PRIVATE KEY-----\n
test\n
-----END PRIVATE KEY-----
# TODO add test secret or secret reference. Can this be generated?
tokenEncryptionAesKey: test
injector:
enabled: false
server:
dev:
enabled: true
devRootToken: *vault-token
ingress:
enabled: false

managed-identity-wallet:
nameOverride: miw
fullnameOverride: miw
enabled: true
miw:
authorityWallet:
bpn: &authority-bpn "BPNL000000000000"
database:
host: "{{ .Release.Name }}-miw-postgres"
secret: "{{ .Release.Name }}-miw-postgres"
keycloak:
url: "https://centralidp.example.org"
clientId: &miw_client miw_private_client # TODO switch to existing user
postgresql:
nameOverride: miw-postgres
primary:
persistence:
enabled: false
size: 1Gi
keycloak:
enabled: false
livenessProbe:
initialDelaySeconds: 90
readinessProbe:
initialDelaySeconds: 90
1 change: 1 addition & 0 deletions hack/helm-dependencies.bash
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
if ! helm repo list ; then
echo "Need to add repos"
helm repo add tractusx https://eclipse-tractusx.github.io/charts/dev
helm repo add hashicorp https://helm.releases.hashicorp.com
fi

# This hack script will download all chart/umbrella dependency charts.
Expand Down

0 comments on commit e3548fb

Please sign in to comment.