From db78e65ee220fee9bb6ef48864a6cb2b5cf34184 Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Fri, 11 Oct 2024 13:33:57 +0200 Subject: [PATCH 1/4] Add configuration for stable environment --- .../helm-values/centralidp/values-stable.yaml | 48 +++++++++++++++++++ .../helm-values/sharedidp/values-stable.yaml | 48 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 environments/helm-values/centralidp/values-stable.yaml create mode 100644 environments/helm-values/sharedidp/values-stable.yaml diff --git a/environments/helm-values/centralidp/values-stable.yaml b/environments/helm-values/centralidp/values-stable.yaml new file mode 100644 index 00000000..a2cdd11f --- /dev/null +++ b/environments/helm-values/centralidp/values-stable.yaml @@ -0,0 +1,48 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +keycloak: + production: true + proxy: edge + ingress: + enabled: true + ingressClassName: nginx + hostname: centralidp.stable.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS + nginx.ingress.kubernetes.io/cors-allow-origin: https://centralidp.stable.catena-x.net + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/proxy-buffering: "on" + nginx.ingress.kubernetes.io/proxy-buffers-number: "20" + nginx.ingress.kubernetes.io/use-regex: "true" + tls: true + +secrets: + auth: + existingSecret: + adminpassword: "" + postgresql: + auth: + existingSecret: + postgrespassword: "" + password: "" + replicationPassword: "" diff --git a/environments/helm-values/sharedidp/values-stable.yaml b/environments/helm-values/sharedidp/values-stable.yaml new file mode 100644 index 00000000..fc1fb8ca --- /dev/null +++ b/environments/helm-values/sharedidp/values-stable.yaml @@ -0,0 +1,48 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +keycloak: + production: true + proxy: edge + ingress: + enabled: true + ingressClassName: nginx + hostname: sharedidp.stable.catena-x.net + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS + nginx.ingress.kubernetes.io/cors-allow-origin: https://sharedidp.stable.catena-x.net + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/proxy-buffering: "on" + nginx.ingress.kubernetes.io/proxy-buffers-number: "20" + nginx.ingress.kubernetes.io/use-regex: "true" + tls: true + +secrets: + auth: + existingSecret: + adminpassword: "" + postgresql: + auth: + existingSecret: + postgrespassword: "" + password: "" + replicationPassword: "" From a11b1633f28edf906394881d1d596dcbf3ea8442 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Wed, 16 Oct 2024 08:47:57 +0200 Subject: [PATCH 2/4] chore: fix values files --- .../helm-values/centralidp/values-stable.yaml | 82 +++++++++++++++++-- .../helm-values/sharedidp/values-stable.yaml | 33 ++++++-- 2 files changed, 97 insertions(+), 18 deletions(-) diff --git a/environments/helm-values/centralidp/values-stable.yaml b/environments/helm-values/centralidp/values-stable.yaml index a2cdd11f..88c3987d 100644 --- a/environments/helm-values/centralidp/values-stable.yaml +++ b/environments/helm-values/centralidp/values-stable.yaml @@ -20,6 +20,8 @@ keycloak: production: true proxy: edge + auth: + adminPassword: "" ingress: enabled: true ingressClassName: nginx @@ -35,14 +37,76 @@ keycloak: nginx.ingress.kubernetes.io/proxy-buffers-number: "20" nginx.ingress.kubernetes.io/use-regex: "true" tls: true - -secrets: - auth: - existingSecret: - adminpassword: "" postgresql: auth: - existingSecret: - postgrespassword: "" - password: "" - replicationPassword: "" + password: "" + postgresPassword: "" + +realmSeeding: + clients: + registration: + redirects: + - https://portal.stable.catena-x.net/* + - http://localhost:3000/* + portal: + rootUrl: https://portal.stable.catena-x.net/home + redirects: + - https://portal.stable.catena-x.net/* + - http://localhost:3000/* + semantics: + redirects: + - https://portal.stable.catena-x.net/* + miw: + clientSecret: "" + redirects: + - https://managed-identity-wallets.stable.catena-x.net/* + bpdm: + clientSecret: "" + redirects: + - https://partners-pool.stable.catena-x.net/* + bpdmGate: + clientSecret: "" + redirects: + - https://partners-gate.stable.catena-x.net/* + bpdmOrchestrator: + clientSecret: "" + serviceAccounts: + clientSecrets: + - clientId: "sa-cl1-reg-2" + clientSecret: "" + - clientId: "sa-cl2-01" + clientSecret: "" + - clientId: "sa-cl2-02" + clientSecret: "" + - clientId: "sa-cl2-03" + clientSecret: "" + - clientId: "sa-cl2-04" + clientSecret: "" + - clientId: "sa-cl2-05" + clientSecret: "" + - clientId: "sa-cl3-cx-1" + clientSecret: "" + - clientId: "sa-cl5-custodian-2" + clientSecret: "" + - clientId: "sa-cl7-cx-1" + clientSecret: "" + - clientId: "sa-cl7-cx-5" + clientSecret: "" + - clientId: "sa-cl7-cx-7" + clientSecret: "" + - clientId: "sa-cl8-cx-1" + clientSecret: "" + - clientId: "sa-cl21-01" + clientSecret: "" + - clientId: "sa-cl22-01" + clientSecret: "" + - clientId: "sa-cl24-01" + clientSecret: "" + - clientId: "sa-cl25-cx-1" + clientSecret: "" + - clientId: "sa-cl25-cx-2" + clientSecret: "" + - clientId: "sa-cl25-cx-3" + clientSecret: "" + bpn: "BPNL00000003CRHK" + sharedidp: "https://sharedidp.stable.catena-x.net" diff --git a/environments/helm-values/sharedidp/values-stable.yaml b/environments/helm-values/sharedidp/values-stable.yaml index fc1fb8ca..6aa9ed15 100644 --- a/environments/helm-values/sharedidp/values-stable.yaml +++ b/environments/helm-values/sharedidp/values-stable.yaml @@ -20,6 +20,8 @@ keycloak: production: true proxy: edge + auth: + adminPassword: "" ingress: enabled: true ingressClassName: nginx @@ -35,14 +37,27 @@ keycloak: nginx.ingress.kubernetes.io/proxy-buffers-number: "20" nginx.ingress.kubernetes.io/use-regex: "true" tls: true - -secrets: - auth: - existingSecret: - adminpassword: "" postgresql: auth: - existingSecret: - postgrespassword: "" - password: "" - replicationPassword: "" + password: "" + postgresPassword: "" + +realmSeeding: + realms: + cxOperator: + centralidp: "https://centralidp.stable.catena-x.net" + initialUser: + password: "" + mailing: + host: "" + port: "" + username: "" + password: "" + replyTo: "" + master: + serviceAccounts: + provisioning: + clientSecret: "" + saCxOperator: + clientSecret: "" From 54c3ad502277b73f3b1343cdd0be05de0dbe1420 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Wed, 16 Oct 2024 08:48:18 +0200 Subject: [PATCH 3/4] chore: add argo cd template files --- .../centralidp/appsetup-stable.yaml | 38 +++++++++++++++++++ .../sharedidp/appsetup-stable.yaml | 38 +++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 environments/argocd-app-templates/centralidp/appsetup-stable.yaml create mode 100644 environments/argocd-app-templates/sharedidp/appsetup-stable.yaml diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml new file mode 100644 index 00000000..f5fa2281 --- /dev/null +++ b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml @@ -0,0 +1,38 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: centralidp +spec: + destination: + namespace: product-portal + server: 'https://kubernetes.default.svc' + source: + path: charts/centralidp + repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' + targetRevision: v4.0.0-alpha.1 + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../environments/helm-values/centralidp/values-stable.yaml' + project: project-portal diff --git a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml new file mode 100644 index 00000000..1104e6c6 --- /dev/null +++ b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml @@ -0,0 +1,38 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sharedidp +spec: + destination: + namespace: product-portal + server: 'https://kubernetes.default.svc' + source: + path: charts/sharedidp + repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' + targetRevision: v4.0.0-alpha.1 + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../environments/helm-values/sharedidp/values-stable.yaml' + project: project-portal From 45a793d6a5f96a155971cc3694ca7f7098f75fa5 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Wed, 16 Oct 2024 08:48:35 +0200 Subject: [PATCH 4/4] chore: fix tag for int env --- environments/argocd-app-templates/centralidp/appsetup-int.yaml | 2 +- environments/argocd-app-templates/sharedidp/appsetup-int.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml index c918946f..64c95f70 100644 --- a/environments/argocd-app-templates/centralidp/appsetup-int.yaml +++ b/environments/argocd-app-templates/centralidp/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/centralidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: deploy/349-to-association-env + targetRevision: v4.0.0-alpha.1 plugin: env: - name: AVP_SECRET diff --git a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml index 59beeb63..c433969c 100644 --- a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml +++ b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: deploy/349-to-association-env + targetRevision: v4.0.0-alpha.1 plugin: env: - name: AVP_SECRET