From d5f6667473cc524f587732b709334a3d9a354d0e Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 14:08:07 +0200 Subject: [PATCH 01/10] chore(helm-chart): enable k8s secrets --- .../bdrs-server-memory/templates/_helpers.tpl | 11 +++++++ .../templates/deployment.yaml | 5 +++- .../bdrs-server-memory/templates/secrets.yaml | 29 +++++++++++++++++++ charts/bdrs-server-memory/values.yaml | 2 ++ charts/bdrs-server/templates/_helpers.tpl | 18 ++++++++++++ charts/bdrs-server/templates/deployment.yaml | 10 +++++-- charts/bdrs-server/templates/secrets.yaml | 29 +++++++++++++++++++ charts/bdrs-server/values.yaml | 2 ++ 8 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 charts/bdrs-server-memory/templates/secrets.yaml create mode 100644 charts/bdrs-server/templates/secrets.yaml diff --git a/charts/bdrs-server-memory/templates/_helpers.tpl b/charts/bdrs-server-memory/templates/_helpers.tpl index 614b384..4a6c610 100644 --- a/charts/bdrs-server-memory/templates/_helpers.tpl +++ b/charts/bdrs-server-memory/templates/_helpers.tpl @@ -84,3 +84,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Determine secret name. +*/}} +{{- define "bdrs.secretName" -}} +{{- if .Values.existingSecret -}} +{{- .Values.existingSecret }} +{{- else -}} +{{- include "bdrs.fullname" . -}} +{{- end -}} +{{- end -}} diff --git a/charts/bdrs-server-memory/templates/deployment.yaml b/charts/bdrs-server-memory/templates/deployment.yaml index e18d5c5..a814a43 100644 --- a/charts/bdrs-server-memory/templates/deployment.yaml +++ b/charts/bdrs-server-memory/templates/deployment.yaml @@ -146,7 +146,10 @@ spec: # API # ####### - name: "EDC_API_AUTH_KEY" - value: {{ .Values.server.endpoints.management.authKey | required ".Values.runtime.endpoints.management.authKey is required" | quote }} + valueFrom: + secretKeyRef: + name: "{{ template "bdrs.secretName" . }}" + key: "auth-key" - name: "WEB_HTTP_PORT" value: {{ .Values.server.endpoints.default.port | quote }} - name: "WEB_HTTP_PATH" diff --git a/charts/bdrs-server-memory/templates/secrets.yaml b/charts/bdrs-server-memory/templates/secrets.yaml new file mode 100644 index 0000000..727f446 --- /dev/null +++ b/charts/bdrs-server-memory/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{- /* +* Copyright (c) 2024 Contributors to the Eclipse Foundation +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if not .Values.server.endpoints.management.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "bdrs.secretName" . }} + namespace: {{ .Release.Namespace | quote }} +type: Opaque +data: + auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }} +{{- end }} diff --git a/charts/bdrs-server-memory/values.yaml b/charts/bdrs-server-memory/values.yaml index 9081787..0332da7 100644 --- a/charts/bdrs-server-memory/values.yaml +++ b/charts/bdrs-server-memory/values.yaml @@ -85,6 +85,8 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" + # -- secret containing the auth-key for incoming api calls + existingSecret: "" # -- directory API directory: # -- port for incoming api calls diff --git a/charts/bdrs-server/templates/_helpers.tpl b/charts/bdrs-server/templates/_helpers.tpl index 614b384..466009f 100644 --- a/charts/bdrs-server/templates/_helpers.tpl +++ b/charts/bdrs-server/templates/_helpers.tpl @@ -84,3 +84,21 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Determine secret name. +*/}} +{{- define "bdrs.secretName" -}} +{{- if .Values.existingSecret -}} +{{- .Values.existingSecret }} +{{- else -}} +{{- include "bdrs.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Define secret name of postgresql dependency. +*/}} +{{- define "bdrs.postgresqlSecretName" -}} +{{- printf "%s-%s" .Release.Name "bdrs-postgresql" }} +{{- end }} diff --git a/charts/bdrs-server/templates/deployment.yaml b/charts/bdrs-server/templates/deployment.yaml index d71aded..2fe447c 100644 --- a/charts/bdrs-server/templates/deployment.yaml +++ b/charts/bdrs-server/templates/deployment.yaml @@ -146,7 +146,10 @@ spec: # API # ####### - name: "EDC_API_AUTH_KEY" - value: {{ .Values.server.endpoints.management.authKey | required ".Values.runtime.endpoints.management.authKey is required" | quote }} + valueFrom: + secretKeyRef: + name: "{{ template "bdrs.secretName" . }}" + key: "auth-key" - name: "WEB_HTTP_PORT" value: {{ .Values.server.endpoints.default.port | quote }} - name: "WEB_HTTP_PATH" @@ -170,7 +173,10 @@ spec: - name: "EDC_DATASOURCE_DIDENTRY_USER" value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - name: "EDC_DATASOURCE_DIDENTRY_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + valueFrom: + secretKeyRef: + name: "{{ template "bdrs.postgresqlSecretName" . }}" + key: "password" - name: "EDC_DATASOURCE_DIDENTRY_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} diff --git a/charts/bdrs-server/templates/secrets.yaml b/charts/bdrs-server/templates/secrets.yaml new file mode 100644 index 0000000..727f446 --- /dev/null +++ b/charts/bdrs-server/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{- /* +* Copyright (c) 2024 Contributors to the Eclipse Foundation +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if not .Values.server.endpoints.management.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "bdrs.secretName" . }} + namespace: {{ .Release.Namespace | quote }} +type: Opaque +data: + auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }} +{{- end }} diff --git a/charts/bdrs-server/values.yaml b/charts/bdrs-server/values.yaml index 2825c11..9714a53 100644 --- a/charts/bdrs-server/values.yaml +++ b/charts/bdrs-server/values.yaml @@ -89,6 +89,8 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" + # -- secret containing the auth-key for incoming api calls + existingSecret: "" # -- directory API directory: # -- port for incoming api calls From d23c3aa8f3198c7c072b87d894bd898ee1fef885 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 14:27:28 +0200 Subject: [PATCH 02/10] chore: update helm-docs --- charts/bdrs-server-memory/README.md | 7 ++++--- charts/bdrs-server/README.md | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/bdrs-server-memory/README.md b/charts/bdrs-server-memory/README.md index 2cc0d44..62515a2 100644 --- a/charts/bdrs-server-memory/README.md +++ b/charts/bdrs-server-memory/README.md @@ -52,15 +52,16 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.debug.enabled | bool | `false` | | | server.debug.port | int | `1044` | | | server.debug.suspendOnStart | bool | `false` | | -| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane | +| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane | | server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | server.endpoints.default.path | string | `"/api"` | path for incoming api calls | | server.endpoints.default.port | int | `8080` | port for incoming api calls | | server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API | | server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls | | server.endpoints.directory.port | int | `8082` | port for incoming api calls | -| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | +| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | +| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | @@ -140,4 +141,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index e099b41..02e0622 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -62,15 +62,16 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.debug.enabled | bool | `false` | | | server.debug.port | int | `1044` | | | server.debug.suspendOnStart | bool | `false` | | -| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane | +| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane | | server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | server.endpoints.default.path | string | `"/api"` | path for incoming api calls | | server.endpoints.default.port | int | `8080` | port for incoming api calls | | server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API | | server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls | | server.endpoints.directory.port | int | `8082` | port for incoming api calls | -| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | +| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | +| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | @@ -150,4 +151,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) From 6e65f23298a21067b29c516f4aea3275e524075d Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 14:29:29 +0200 Subject: [PATCH 03/10] chore: don't change helm docs version --- charts/bdrs-server-memory/README.md | 2 +- charts/bdrs-server/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/bdrs-server-memory/README.md b/charts/bdrs-server-memory/README.md index 62515a2..d0441cc 100644 --- a/charts/bdrs-server-memory/README.md +++ b/charts/bdrs-server-memory/README.md @@ -141,4 +141,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index 02e0622..1e500be 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -151,4 +151,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) From 99cd9d1c3bea931aece5ae378e8d992b6165c861 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 14:55:23 +0200 Subject: [PATCH 04/10] fix: set secret for db dependency --- charts/bdrs-server/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/bdrs-server/values.yaml b/charts/bdrs-server/values.yaml index 9714a53..2924410 100644 --- a/charts/bdrs-server/values.yaml +++ b/charts/bdrs-server/values.yaml @@ -281,3 +281,4 @@ postgresql: database: "bdrs" username: "postgres" password: "password" + existingSecret: "{{ .Release.Name }}-bdrs-postgresql" From 4d6aa5f469f6631c51cbd76cbcfe2aee2e44758e Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 15:40:54 +0200 Subject: [PATCH 05/10] chore: change definition of secret name for db subchart and to custom db user --- charts/bdrs-server/templates/_helpers.tpl | 13 +++++++++++-- charts/bdrs-server/values.yaml | 3 +-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/bdrs-server/templates/_helpers.tpl b/charts/bdrs-server/templates/_helpers.tpl index 466009f..f519486 100644 --- a/charts/bdrs-server/templates/_helpers.tpl +++ b/charts/bdrs-server/templates/_helpers.tpl @@ -100,5 +100,14 @@ Determine secret name. Define secret name of postgresql dependency. */}} {{- define "bdrs.postgresqlSecretName" -}} -{{- printf "%s-%s" .Release.Name "bdrs-postgresql" }} -{{- end }} +{{- if .Values.postgresql.fullnameOverride -}} +{{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "postgresql" .Values.postgresql.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/bdrs-server/values.yaml b/charts/bdrs-server/values.yaml index 2924410..c292aa5 100644 --- a/charts/bdrs-server/values.yaml +++ b/charts/bdrs-server/values.yaml @@ -279,6 +279,5 @@ postgresql: enabled: false auth: database: "bdrs" - username: "postgres" + username: "bdrs" password: "password" - existingSecret: "{{ .Release.Name }}-bdrs-postgresql" From 4df1df82d7f630100da7144278ca37342416fc65 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 15:42:57 +0200 Subject: [PATCH 06/10] chore: update helm-docs --- charts/bdrs-server/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index 1e500be..466e465 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -49,7 +49,7 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | nameOverride | string | `""` | | | postgresql.auth.database | string | `"bdrs"` | | | postgresql.auth.password | string | `"password"` | | -| postgresql.auth.username | string | `"postgres"` | | +| postgresql.auth.username | string | `"bdrs"` | | | postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/bdrs"` | | | postgresql.primary.persistence.enabled | bool | `false` | | | postgresql.readReplicas.persistence.enabled | bool | `false` | | From 5562c7f077c8b22975cd41c6f1fe31797b5ad65b Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Fri, 19 Apr 2024 16:18:32 +0200 Subject: [PATCH 07/10] chore: update dependencies file --- DEPENDENCIES | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 7412f80..f529ce8 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -130,9 +130,9 @@ maven/mavencentral/org.apache.xbean/xbean-reflect/3.7, Apache-2.0, approved, cle maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.assertj/assertj-core/3.25.1, Apache-2.0, approved, #12585 maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585 -maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14235 -maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14237 -maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14238 +maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434 +maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433 +maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435 maven/mavencentral/org.ccil.cowan.tagsoup/tagsoup/1.2.1, Apache-2.0, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.27.0, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined From 5cce935b5d22f2fdac4ba989e9ada4006e94c6fb Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 22 Apr 2024 08:26:29 +0200 Subject: [PATCH 08/10] fix: change path to existing secret and improve docs --- charts/bdrs-server-memory/README.md | 2 +- charts/bdrs-server-memory/templates/_helpers.tpl | 2 +- charts/bdrs-server-memory/values.yaml | 2 +- charts/bdrs-server/README.md | 2 +- charts/bdrs-server/templates/_helpers.tpl | 2 +- charts/bdrs-server/values.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/bdrs-server-memory/README.md b/charts/bdrs-server-memory/README.md index d0441cc..b462d45 100644 --- a/charts/bdrs-server-memory/README.md +++ b/charts/bdrs-server-memory/README.md @@ -61,7 +61,7 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.endpoints.directory.port | int | `8082` | port for incoming api calls | | server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | -| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls | +| server.endpoints.management.existingSecret | string | `""` | existing secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | diff --git a/charts/bdrs-server-memory/templates/_helpers.tpl b/charts/bdrs-server-memory/templates/_helpers.tpl index 4a6c610..32621dc 100644 --- a/charts/bdrs-server-memory/templates/_helpers.tpl +++ b/charts/bdrs-server-memory/templates/_helpers.tpl @@ -89,7 +89,7 @@ Create the name of the service account to use Determine secret name. */}} {{- define "bdrs.secretName" -}} -{{- if .Values.existingSecret -}} +{{- if .Values.server.endpoints.management.existingSecret -}} {{- .Values.existingSecret }} {{- else -}} {{- include "bdrs.fullname" . -}} diff --git a/charts/bdrs-server-memory/values.yaml b/charts/bdrs-server-memory/values.yaml index 0332da7..168ccb2 100644 --- a/charts/bdrs-server-memory/values.yaml +++ b/charts/bdrs-server-memory/values.yaml @@ -85,7 +85,7 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" - # -- secret containing the auth-key for incoming api calls + # -- existing secret containing the auth-key for incoming api calls existingSecret: "" # -- directory API directory: diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index 466e465..f7f6d81 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -71,7 +71,7 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.endpoints.directory.port | int | `8082` | port for incoming api calls | | server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | -| server.endpoints.management.existingSecret | string | `""` | secret containing the auth-key for incoming api calls | +| server.endpoints.management.existingSecret | string | `""` | existing secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | diff --git a/charts/bdrs-server/templates/_helpers.tpl b/charts/bdrs-server/templates/_helpers.tpl index f519486..27d8de8 100644 --- a/charts/bdrs-server/templates/_helpers.tpl +++ b/charts/bdrs-server/templates/_helpers.tpl @@ -89,7 +89,7 @@ Create the name of the service account to use Determine secret name. */}} {{- define "bdrs.secretName" -}} -{{- if .Values.existingSecret -}} +{{- if .Values.server.endpoints.management.existingSecret -}} {{- .Values.existingSecret }} {{- else -}} {{- include "bdrs.fullname" . -}} diff --git a/charts/bdrs-server/values.yaml b/charts/bdrs-server/values.yaml index c292aa5..4d65132 100644 --- a/charts/bdrs-server/values.yaml +++ b/charts/bdrs-server/values.yaml @@ -89,7 +89,7 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" - # -- secret containing the auth-key for incoming api calls + # -- existing secret containing the auth-key for incoming api calls existingSecret: "" # -- directory API directory: From 7c21e9bbb284547cd84fd933ce6e202f90498934 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 22 Apr 2024 12:58:36 +0200 Subject: [PATCH 09/10] chore: revert change for api key --- charts/bdrs-server-memory/README.md | 7 ++--- .../templates/deployment.yaml | 5 +--- .../bdrs-server-memory/templates/secrets.yaml | 29 ------------------- charts/bdrs-server-memory/values.yaml | 2 -- charts/bdrs-server/README.md | 7 ++--- charts/bdrs-server/templates/_helpers.tpl | 11 ------- charts/bdrs-server/templates/deployment.yaml | 5 +--- charts/bdrs-server/templates/secrets.yaml | 29 ------------------- charts/bdrs-server/values.yaml | 2 -- 9 files changed, 8 insertions(+), 89 deletions(-) delete mode 100644 charts/bdrs-server-memory/templates/secrets.yaml delete mode 100644 charts/bdrs-server/templates/secrets.yaml diff --git a/charts/bdrs-server-memory/README.md b/charts/bdrs-server-memory/README.md index b462d45..5068b96 100644 --- a/charts/bdrs-server-memory/README.md +++ b/charts/bdrs-server-memory/README.md @@ -52,16 +52,15 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.debug.enabled | bool | `false` | | | server.debug.port | int | `1044` | | | server.debug.suspendOnStart | bool | `false` | | -| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane | +| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane | | server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | server.endpoints.default.path | string | `"/api"` | path for incoming api calls | | server.endpoints.default.port | int | `8080` | port for incoming api calls | | server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API | | server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls | | server.endpoints.directory.port | int | `8082` | port for incoming api calls | -| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | +| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | -| server.endpoints.management.existingSecret | string | `""` | existing secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | @@ -141,4 +140,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/bdrs-server-memory/templates/deployment.yaml b/charts/bdrs-server-memory/templates/deployment.yaml index a814a43..4d3badb 100644 --- a/charts/bdrs-server-memory/templates/deployment.yaml +++ b/charts/bdrs-server-memory/templates/deployment.yaml @@ -146,10 +146,7 @@ spec: # API # ####### - name: "EDC_API_AUTH_KEY" - valueFrom: - secretKeyRef: - name: "{{ template "bdrs.secretName" . }}" - key: "auth-key" + value: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | quote }} - name: "WEB_HTTP_PORT" value: {{ .Values.server.endpoints.default.port | quote }} - name: "WEB_HTTP_PATH" diff --git a/charts/bdrs-server-memory/templates/secrets.yaml b/charts/bdrs-server-memory/templates/secrets.yaml deleted file mode 100644 index 727f446..0000000 --- a/charts/bdrs-server-memory/templates/secrets.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- /* -* Copyright (c) 2024 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -*/}} - -{{- if not .Values.server.endpoints.management.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "bdrs.secretName" . }} - namespace: {{ .Release.Namespace | quote }} -type: Opaque -data: - auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }} -{{- end }} diff --git a/charts/bdrs-server-memory/values.yaml b/charts/bdrs-server-memory/values.yaml index 168ccb2..9081787 100644 --- a/charts/bdrs-server-memory/values.yaml +++ b/charts/bdrs-server-memory/values.yaml @@ -85,8 +85,6 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" - # -- existing secret containing the auth-key for incoming api calls - existingSecret: "" # -- directory API directory: # -- port for incoming api calls diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index f7f6d81..061d728 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -62,16 +62,15 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | server.debug.enabled | bool | `false` | | | server.debug.port | int | `1044` | | | server.debug.suspendOnStart | bool | `false` | | -| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}}` | endpoints of the control plane | +| server.endpoints | object | `{"default":{"path":"/api","port":8080},"directory":{"path":"/api/directory","port":8082},"management":{"authKey":"password","path":"/api/management","port":8081}}` | endpoints of the control plane | | server.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | | server.endpoints.default.path | string | `"/api"` | path for incoming api calls | | server.endpoints.default.port | int | `8080` | port for incoming api calls | | server.endpoints.directory | object | `{"path":"/api/directory","port":8082}` | directory API | | server.endpoints.directory.path | string | `"/api/directory"` | path for incoming api calls | | server.endpoints.directory.port | int | `8082` | port for incoming api calls | -| server.endpoints.management | object | `{"authKey":"password","existingSecret":"","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | +| server.endpoints.management | object | `{"authKey":"password","path":"/api/management","port":8081}` | management api, used by internal users, can be added to an ingress and must not be internet facing | | server.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each 'X-Api-Key' request header | -| server.endpoints.management.existingSecret | string | `""` | existing secret containing the auth-key for incoming api calls | | server.endpoints.management.path | string | `"/api/management"` | path for incoming api calls | | server.endpoints.management.port | int | `8081` | port for incoming api calls | | server.env | object | `{}` | | @@ -151,4 +150,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/bdrs-server/templates/_helpers.tpl b/charts/bdrs-server/templates/_helpers.tpl index 27d8de8..5e959b9 100644 --- a/charts/bdrs-server/templates/_helpers.tpl +++ b/charts/bdrs-server/templates/_helpers.tpl @@ -85,17 +85,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* -Determine secret name. -*/}} -{{- define "bdrs.secretName" -}} -{{- if .Values.server.endpoints.management.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "bdrs.fullname" . -}} -{{- end -}} -{{- end -}} - {{/* Define secret name of postgresql dependency. */}} diff --git a/charts/bdrs-server/templates/deployment.yaml b/charts/bdrs-server/templates/deployment.yaml index 2fe447c..d646e8b 100644 --- a/charts/bdrs-server/templates/deployment.yaml +++ b/charts/bdrs-server/templates/deployment.yaml @@ -146,10 +146,7 @@ spec: # API # ####### - name: "EDC_API_AUTH_KEY" - valueFrom: - secretKeyRef: - name: "{{ template "bdrs.secretName" . }}" - key: "auth-key" + value: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | quote }} - name: "WEB_HTTP_PORT" value: {{ .Values.server.endpoints.default.port | quote }} - name: "WEB_HTTP_PATH" diff --git a/charts/bdrs-server/templates/secrets.yaml b/charts/bdrs-server/templates/secrets.yaml deleted file mode 100644 index 727f446..0000000 --- a/charts/bdrs-server/templates/secrets.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- /* -* Copyright (c) 2024 Contributors to the Eclipse Foundation -* -* See the NOTICE file(s) distributed with this work for additional -* information regarding copyright ownership. -* -* This program and the accompanying materials are made available under the -* terms of the Apache License, Version 2.0 which is available at -* https://www.apache.org/licenses/LICENSE-2.0. -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -* License for the specific language governing permissions and limitations -* under the License. -* -* SPDX-License-Identifier: Apache-2.0 -*/}} - -{{- if not .Values.server.endpoints.management.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "bdrs.secretName" . }} - namespace: {{ .Release.Namespace | quote }} -type: Opaque -data: - auth-key: {{ .Values.server.endpoints.management.authKey | required ".Values.server.endpoints.management.authKey is required" | b64enc | quote }} -{{- end }} diff --git a/charts/bdrs-server/values.yaml b/charts/bdrs-server/values.yaml index 4d65132..41647ba 100644 --- a/charts/bdrs-server/values.yaml +++ b/charts/bdrs-server/values.yaml @@ -89,8 +89,6 @@ server: path: /api/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "password" - # -- existing secret containing the auth-key for incoming api calls - existingSecret: "" # -- directory API directory: # -- port for incoming api calls From 8b56d3bab7153b03d5d1172669f2832316e4f8f3 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Mon, 22 Apr 2024 13:20:59 +0200 Subject: [PATCH 10/10] chore: revert helm docs version change --- charts/bdrs-server-memory/README.md | 2 +- charts/bdrs-server/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/bdrs-server-memory/README.md b/charts/bdrs-server-memory/README.md index 5068b96..2cc0d44 100644 --- a/charts/bdrs-server-memory/README.md +++ b/charts/bdrs-server-memory/README.md @@ -140,4 +140,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/bdrs-server/README.md b/charts/bdrs-server/README.md index 061d728..a250311 100644 --- a/charts/bdrs-server/README.md +++ b/charts/bdrs-server/README.md @@ -150,4 +150,4 @@ helm install my-release tractusx-edc/bdrs-server --version 0.0.2 \ | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)