build: add configuration for stable environment (#200)

* Add configuration for stable environment * chore: fix values files * chore: add argo cd template files * chore: fix tag for int env --------- Co-authored-by: Evelyn Gurschler <evelyn.gurschler@bmw.de> eclipse-tractusx/portal#408
eclipse-tractusx · Oct 16, 2024 · 89ac91c · 89ac91c
1 parent 789c09e
commit 89ac91c
Show file tree

Hide file tree

Showing 6 changed files with 253 additions and 2 deletions.
diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: deploy/349-to-association-env
+    targetRevision: v4.0.0-alpha.1
     plugin:
       env:
         - name: AVP_SECRET

diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
@@ -0,0 +1,38 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: centralidp
+spec:
+  destination:
+    namespace: product-portal
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/centralidp
+    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
+    targetRevision: v4.0.0-alpha.1
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+        - name: helm_args
+          value: '-f values.yaml -f ../../environments/helm-values/centralidp/values-stable.yaml'
+  project: project-portal
diff --git a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: deploy/349-to-association-env
+    targetRevision: v4.0.0-alpha.1
     plugin:
       env:
         - name: AVP_SECRET

diff --git a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml
@@ -0,0 +1,38 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sharedidp
+spec:
+  destination:
+    namespace: product-portal
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/sharedidp
+    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
+    targetRevision: v4.0.0-alpha.1
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+        - name: helm_args
+          value: '-f values.yaml -f ../../environments/helm-values/sharedidp/values-stable.yaml'
+  project: project-portal
diff --git a/environments/helm-values/centralidp/values-stable.yaml b/environments/helm-values/centralidp/values-stable.yaml
@@ -0,0 +1,112 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+keycloak:
+  production: true
+  proxy: edge
+  auth:
+    adminPassword: "<path:portal/data/stable/iam/centralidp-keycloak#admin-password>"
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hostname: centralidp.stable.catena-x.net
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+      nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+      nginx.ingress.kubernetes.io/cors-allow-origin: https://centralidp.stable.catena-x.net
+      nginx.ingress.kubernetes.io/enable-cors: "true"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+      nginx.ingress.kubernetes.io/proxy-buffering: "on"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+      nginx.ingress.kubernetes.io/use-regex: "true"
+    tls: true
+  postgresql:
+    auth:
+      password: "<path:portal/data/stable/iam/centralidp-keycloak#postgres-custom-user>"
+      postgresPassword: "<path:portal/data/stable/iam/centralidp-keycloak#postgres-admin-user>"
+
+realmSeeding:
+  clients:
+    registration:
+      redirects:
+        - https://portal.stable.catena-x.net/*
+        - http://localhost:3000/*
+    portal:
+      rootUrl: https://portal.stable.catena-x.net/home
+      redirects:
+        - https://portal.stable.catena-x.net/*
+        - http://localhost:3000/*
+    semantics:
+      redirects:
+        - https://portal.stable.catena-x.net/*
+    miw:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#custodian-client>"
+      redirects:
+        - https://managed-identity-wallets.stable.catena-x.net/*
+    bpdm:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-client>"
+      redirects:
+        - https://partners-pool.stable.catena-x.net/*
+    bpdmGate:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdmGate-client>"
+      redirects:
+        - https://partners-gate.stable.catena-x.net/*
+    bpdmOrchestrator:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdmOrchestrator-client>"
+  serviceAccounts:
+    clientSecrets:
+      - clientId: "sa-cl1-reg-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#reg-central-sa>"
+      - clientId: "sa-cl2-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-clearinghouse-1-sa>"
+      - clientId: "sa-cl2-02"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-clearinghouse-2-sa>"
+      - clientId: "sa-cl2-03"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#offerprovider-sa>"
+      - clientId: "sa-cl2-04"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-issuer-sa>"
+      - clientId: "sa-cl2-05"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#dim-portal-sa>"
+      - clientId: "sa-cl3-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#semantic-hub>"
+      - clientId: "sa-cl5-custodian-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#custodian-sa>"
+      - clientId: "sa-cl7-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-1>"
+      - clientId: "sa-cl7-cx-5"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-2>"
+      - clientId: "sa-cl7-cx-7"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-3>"
+      - clientId: "sa-cl8-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-sdfactory-sa>"
+      - clientId: "sa-cl21-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#edc-discovery-sa>"
+      - clientId: "sa-cl22-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpn-discovery-sa>"
+      - clientId: "sa-cl24-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#issuer-sa>"
+      - clientId: "sa-cl25-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+      - clientId: "sa-cl25-cx-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+      - clientId: "sa-cl25-cx-3"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+  bpn: "BPNL00000003CRHK"
+  sharedidp: "https://sharedidp.stable.catena-x.net"
diff --git a/environments/helm-values/sharedidp/values-stable.yaml b/environments/helm-values/sharedidp/values-stable.yaml
@@ -0,0 +1,63 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+keycloak:
+  production: true
+  proxy: edge
+  auth:
+    adminPassword: "<path:portal/data/stable/iam/sharedidp-keycloak#admin-password>"
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hostname: sharedidp.stable.catena-x.net
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+      nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+      nginx.ingress.kubernetes.io/cors-allow-origin: https://sharedidp.stable.catena-x.net
+      nginx.ingress.kubernetes.io/enable-cors: "true"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+      nginx.ingress.kubernetes.io/proxy-buffering: "on"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+      nginx.ingress.kubernetes.io/use-regex: "true"
+    tls: true
+  postgresql:
+    auth:
+      password: "<path:portal/data/stable/iam/sharedidp-keycloak#postgres-custom-user>"
+      postgresPassword: "<path:portal/data/stable/iam/sharedidp-keycloak#postgres-admin-user>"
+
+realmSeeding:
+  realms:
+    cxOperator:
+      centralidp: "https://centralidp.stable.catena-x.net"
+      initialUser:
+        password: "<path:portal/data/stable/iam/sharedidp-keycloak#initial-operator-user>"
+      mailing:
+        host: "<path:portal/data/mailing#host>"
+        port: "<path:portal/data/mailing#port>"
+        username: "<path:portal/data/mailing#user>"
+        password: "<path:portal/data/mailing#password"
+        from: "<path:portal/data/mailing#senderMail>"
+        replyTo: "<path:portal/data/mailing#senderMail>"
+    master:
+      serviceAccounts:
+        provisioning:
+          clientSecret: "<path:portal/data/stable/iam/sharedidp-client-secrets#reg-shared-sa>"
+        saCxOperator:
+          clientSecret: "<path:portal/data/stable/iam/sharedidp-client-secrets#sa-operator>"