Merge pull request #8 from fabiodmota/main

fix Release 3 findings , remove arq42 not approved for merge request …

charts/vas/Chart.yaml → charts/country-risk-frontend-charts/Chart.yaml

@@ -1,6 +1,25 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 apiVersion: v2
-name: vas-frontend
-description: A Helm chart for deploying the VAS service
+name: country-risk-frontend
+description: A Helm chart for deploying the Country Risk service
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,7 +34,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.0
+version: 2.0.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/country-risk-frontend-charts/README.md

@@ -0,0 +1,144 @@
+# Country Risk Helm Chart
+
+This Helm Chart deploys the Country Risk Frontend service to a Kubernetes environment.
+
+## Prerequisites
+
+* [Kubernetes Cluster](https://kubernetes.io/)
+* [Helm](https://helm.sh/docs/)
+
+In an existing Kubernetes cluster the application can be deployed with the following command:
+
+```bash
+helm install release_name ./charts/country-risk-frontend-charts --namespace your_namespace
+```
+
+This will install a new release of the Country Risk in the given namespace.
+On default values this release deploys the latest image tagged as `v1.0.0` from the repository's GitHub Container Registry.
+The application is run on default profile (you can run it on a dev profile or local).
+
+Per default ingress is disabled, as well as no authentication for endpoints.
+You can configure your own ingress to access the app or use something like port forward if you are running locally in you cluster
+By giving your own values file you can configure the Helm deployment of the Country Risk freely:
+
+```bash
+helm install release_name ./charts/country-risk-frontend-charts --namespace your_namespace -f ./path/to/your/values.yaml
+```
+
+In the following sections you can have a look at the most important configuration options.
+
+## Image Tag
+
+Per default, the Helm deployment references a certain Country Risk release version where the newest Helm release points to the newest Country Risk version.
+This is a stable tag pointing to a fixed release version of the Country Risk.
+For your deployment you might want to follow the latest application releases instead.
+
+In your values file you can overwrite the default tag:
+
+```yaml
+image:
+  tag: "latest"
+```
+
+## Profiles
+
+You can also activate the env profiles in which the Country Risk should be run.
+
+
+```bash
+npm run start:dev
+```
+
+Each endpoint can be configured in the env file, each endpoint represents a request made to our backend that contains the information to populate our dashboard, without it we will only have the components rendered.
+
+
+```yaml
+REACT_APP_DASHBOARD_URL=http://localhost:8080/api/dashboard/getTableInfo?
+```
+
+
+## Ingress
+
+You can specify your own ingress configuration for the Helm deployment to make the Country Risk available over Ingress.
+Note that you need to have the appropriate Ingress controller installed in your cluster first.
+For example, consider a Kubernetes cluster with an [Ingress-Nginx](https://kubernetes.github.io/ingress-nginx/) installed.
+An Ingress configuration for the Country Risk deployment could look like this:
+
+```yaml
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/frontend-protocol: "HTTP"
+  hosts:
+    - host: vas-country-risk-frontend.your-domain.net
+      paths:
+        - path: /
+          pathType: Prefix
+```
+
+## Country Risk Configuration
+
+The Helm deployment comes with the ability to configure the Country Risk application directly over the values file.
+This way you are able to overwrite any configuration property of the `.env` files.
+
+
+## Values.Yaml Chart explanation 
+
+# country-risk-frontend
+
+![Version: 2.0.7](https://img.shields.io/badge/Version-2.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+A Helm chart for deploying the Country Risk service
+
+## Values
+
+| Key | Type | Default                                                      | Description |
+|-----|------|--------------------------------------------------------------|-------------|
+| affinity..podAffinityTerm.labelSelector.matchExpressions[0] | object | `{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}` | Match Pod rules |
+| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"`                                   | Key that is used to determine the topology of the cluster |
+| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100`                                                        |  |
+| appName | string | `"vas-country-risk-frontend"`                                | Name of the backend service |
+| applicationSecret | object | `{"enabled":false}`                                          | Defines the client secret and client ID |
+| autoscaling | object | `{"enabled":false}`                                          | Specifies whether autoscaling should be enabled for the pod |
+| certificate.host | string | `"localhost"`                                                | Hostname for the certificate |
+| configmap.create | bool | `true`                                                       |  |
+| elastic.enabled | bool | `false`                                                      | Should elastic be enabled or not |
+| elastic.security.tls | object | `{"restEncryption":false}`                                   | Information about the transport layer security (TLS) |
+| elastic.security.tls.restEncryption | bool | `false`                                                      | Encryption for the REST requests made to the Elastic cluster |
+| image.name | string | `"catenax-ng/tx-vas-country-risk-frontend"`                  | Name of the docker image |
+| image.pullPolicy | string | `"Always"`                                                   |  |
+| image.registry | string | `"ghcr.io"`                                                  |  |
+| image.tag | string | `""`                                                         | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]`                                                         | List of secrets to be used |
+| ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"`                                                     | HTTP traffic should be redirected to HTTPS |
+| ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"`                                                     | Ingress controller should pass SSL traffic directly to the backend pods |
+| ingress.className | string | `"nginx"`                                                    | Class name |
+| ingress.enabled | bool | `false`                                                      | Ingress enabled or not |
+| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}`        | Determines if a pod is still alive or not |
+| livenessProbe.initialDelaySeconds | int | `10`                                                         | Number of seconds to wait before performing the first liveness probe |
+| livenessProbe.periodSeconds | int | `1000`                                                       | Number of seconds to wait between consecutive probes |
+| livenessProbe.successThreshold | int | `1`                                                          | Number of consecutive successful probes before a pod is considered healthy |
+| livenessProbe.timeoutSeconds | int | `1000`                                                       | Number of seconds after which a liveness probe times out |
+| nodeSelector | object | `{}`                                                         | Node placement constraints |
+| podAnnotations | object | `{}`                                                         | Annotations to be added to the running pod |
+| podSecurityContext | object | `{"fsGroup":2000}`                                           | Configuration for security-related options of the running pod |
+| podSecurityContext.fsGroup | int | `2000`                                                       | Set the file system group ID for all containers in the pod |
+| readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}`        | Determine when a pod is ready to start accepting requests |
+| replicaCount | int | `1`                                                          | Number of replicas of a Kubernetes deployment |
+| resources.limits | object | `{"cpu":"800m","memory":"2Gi"}`                              | Maximum amount of resources that the deployment should be able to consume |
+| resources.requests | object | `{"cpu":"300m","memory":"1Gi"}`                              | Minimum amount of resources that the deployment should be guaranteed to receive |
+| securityContext.allowPrivilegeEscalation | bool | `false`                                                      | Specifies if processes running inside the container can gain more privileges than its initial user |
+| securityContext.capabilities | object | `{"drop":["ALL"]}`                                           | Capabilities that the process inside the container should have |
+| securityContext.runAsGroup | int | `3000`                                                       | Specifies the group ID that the process inside the container should run |
+| securityContext.runAsNonRoot | bool | `true`                                                       | Specifies whether the process inside the container should run as a non-root user |
+| securityContext.runAsUser | int | `10001`                                                      | Specifies the user ID that the process inside the container should run |
+| service | object | `{"port":8080,"type":"ClusterIP"}`                           | Service that should be created for the pod |
+| service.port | int | `8080`                                                       | Service port |
+| service.type | string | `"ClusterIP"`                                                | Type of service to be used |
+| springProfiles[0] | string | `"dev"`                                                      |  |
+| tolerations | list | `[]`                                                         | Pod toleration constraints |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+

charts/country-risk-frontend-charts/templates/configmap.yaml

@@ -0,0 +1,27 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+{{- if .Values.configmap.create -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-frontend
+data:
+  {{- toYaml .Values.configmap.data | nindent 2 }}
+{{- end -}}

charts/vas/templates/deployment.yaml → charts/country-risk-frontend-charts/templates/deployment.yaml

@@ -1,3 +1,22 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,13 +43,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      # @url: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
+      automountServiceAccountToken: false
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: {{ .Values.image.registry }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
             - configMapRef:

charts/vas/templates/ingress.yaml → charts/country-risk-frontend-charts/templates/ingress.yaml

@@ -1,17 +1,37 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   # name of the ingress resource. -ingress suffix as suggestion for clear naming convention
   name: {{ .Values.appName }}-ingress
+  {{- with .Values.ingress.annotations }}
   annotations:
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.className }}
   rules:
     # IMPORTANT: specifies the entrypoint (domain), myApp will be accessible from
-    - host: {{ .Values.appName }}.{{ .Values.environment }}.demo.catena-x.net
+    - host: {{ .Values.certificate.host }}
       http:
         paths:
           # specific path the app should be reachable on the host
@@ -29,7 +49,7 @@ spec:
                   number: {{ .Values.service.port }}
   tls:
     - hosts:
-        - {{ .Values.appName }}-{{ .Values.environment }}.demo.catena-x.net
+        - {{ .Values.certificate.host }}
       # Default secret for certificate creation already provided to your namespace
       secretName: tls-secret
 

charts/country-risk-frontend-charts/templates/service.yaml

@@ -0,0 +1,32 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "vas.fullname" . }}-service
+  labels:
+    {{- include "vas.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+
+  selector:
+    {{- include "vas.selectorLabels" . | nindent 4 }}

charts/country-risk-frontend-charts/values-dev.yaml

@@ -0,0 +1,37 @@
+###############################################################
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+springProfiles:
+  - dev
+
+appName: vas-country-risk-frontend
+environment: dev
+
+image:
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "dev"
+
+ingress:
+  host: catenax-vas-dev.demo.catena-x.net
+  enabled: true
+
+certificate:
+  host: "country-risk-dashboard.dev.demo.catena-x.net"
+