diff --git a/charts/contract-management/Chart.yaml b/charts/contract-management/Chart.yaml new file mode 100644 index 00000000..c07e1c6c --- /dev/null +++ b/charts/contract-management/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +name: contract-management +version: 0.5.0 +appVersion: 0.0.1 +description: A Helm chart for running the contract-management on kubernetes. +icon: https://fiware.github.io/catalogue/img/fiware.png +keywords: + - FIWARE + - contract-management + - DSBA + - VerifiableCredentials + - IAM +sources: + - https://github.com/fiware/contract-management +maintainers: + - name: pulledtim + email: tim.smyth@fiware.org diff --git a/charts/contract-management/README.md b/charts/contract-management/README.md new file mode 100644 index 00000000..d6d89804 --- /dev/null +++ b/charts/contract-management/README.md @@ -0,0 +1,75 @@ +# contract-management + +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm chart for running the contract-management on kubernetes. + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| pulledtim | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalEnvVars | list | `[]` | a list of additional env vars to be set, check the til docu for all available options | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `10` | maximum number of running pods | +| autoscaling.metrics | list | `[]` | metrics to react on | +| autoscaling.minReplicas | int | `1` | minimum number of running pods | +| deployment.additionalAnnotations | object | `{}` | additional annotations for the deployment, if required | +| deployment.additionalLabels | object | `{}` | additional labels for the deployment, if required | +| deployment.affinity | object | `{}` | affinity template ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | +| deployment.healthPort | int | `9090` | port to request health information at | +| deployment.image.pullPolicy | string | `"Always"` | specification of the image pull policy pullPolicy: IfNotPresent | +| deployment.image.repository | string | `"quay.io/fiware/contract-management"` | til image name ref: https://quay.io/repository/fiware/contract-management | +| deployment.image.tag | string | `"1.0.0-PRE-1"` | tag of the image to be used | +| deployment.livenessProbe.initialDelaySeconds | int | `30` | | +| deployment.livenessProbe.periodSeconds | int | `10` | | +| deployment.livenessProbe.successThreshold | int | `1` | | +| deployment.livenessProbe.timeoutSeconds | int | `30` | | +| deployment.nodeSelector | object | `{}` | selector template ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| deployment.readinessProbe.initialDelaySeconds | int | `31` | | +| deployment.readinessProbe.periodSeconds | int | `10` | | +| deployment.readinessProbe.successThreshold | int | `1` | | +| deployment.readinessProbe.timeoutSeconds | int | `30` | | +| deployment.replicaCount | int | `1` | initial number of target replications, can be different if autoscaling is enabled | +| deployment.revisionHistoryLimit | int | `3` | number of old replicas to be retained | +| deployment.tolerations | list | `[]` | tolerations template ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| deployment.updateStrategy.rollingUpdate | object | `{"maxSurge":1,"maxUnavailable":0}` | new pods will be added gradually | +| deployment.updateStrategy.rollingUpdate.maxSurge | int | `1` | number of pods that can be created above the desired amount while updating | +| deployment.updateStrategy.rollingUpdate.maxUnavailable | int | `0` | number of pods that can be unavailable while updating | +| deployment.updateStrategy.type | string | `"RollingUpdate"` | type of the update | +| fullnameOverride | string | `""` | option to override the fullname config in the _helpers.tpl | +| nameOverride | string | `""` | option to override the name config in the _helpers.tpl | +| port | int | `8080` | port that the til container uses | +| prometheus.enabled | bool | `true` | should prometheus scrape be enabled | +| prometheus.path | string | `"/prometheus"` | path for prometheus scrape | +| prometheus.port | int | `9090` | port prometheus scrape is available at | +| service.annotations | object | `{}` | additional annotations, if required | +| service.port | int | `8080` | port to be used by the service | +| service.type | string | `"ClusterIP"` | service type | +| serviceAccount | object | `{"create":false}` | if a til specific service account should be used, it can be configured here ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| serviceAccount.create | bool | `false` | specifies if the account should be created | +| services.party.path | string | `"/tmf-api/party/v4"` | | +| services.party.read-timeout | int | `30` | | +| services.party.url | string | `"http://tm-forum-api-party-catalog:8080"` | | +| services.product.path | string | `"/tmf-api/productOrderingManagement/v4"` | | +| services.product.read-timeout | int | `30` | | +| services.product.url | string | `"http://tm-forum-api-product-ordering-management:8080"` | | +| services.til.path | string | `""` | | +| services.til.read-timeout | int | `30` | | +| services.til.url | string | `"http://trusted-issuers-list:8080"` | | +| til.claims[0].roles[0] | string | `"Consumer"` | | +| til.claims[0].roles[1] | string | `"Admin"` | | +| til.claims[0].target | string | `"did:some:service"` | | +| til.credentialType | string | `"MyCredential"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/contract-management/templates/_helpers.tpl b/charts/contract-management/templates/_helpers.tpl new file mode 100644 index 00000000..4ebfc4bf --- /dev/null +++ b/charts/contract-management/templates/_helpers.tpl @@ -0,0 +1,75 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "contract.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "contract.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "contract.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "contract.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "contract.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "contract.labels" -}} +app.kubernetes.io/name: {{ include "contract.name" . }} +helm.sh/chart: {{ include "contract.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Support for existing database secret +*/}} +{{- define "contract.secretName" -}} + {{- if .Values.database.existingSecret.enabled -}} + {{- printf "%s" (tpl .Values.database.existingSecret.name $) -}} + {{- else -}} + {{- printf "%s" (include "contract.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{- define "contract.passwordKey" -}} + {{- if and (.Values.database.existingSecret.enabled) (.Values.database.existingSecret.key) -}} + {{- printf "%s" (tpl .Values.database.existingSecret.key $) -}} + {{- else -}} + {{- printf "password" -}} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/contract-management/templates/configmap.yaml b/charts/contract-management/templates/configmap.yaml new file mode 100644 index 00000000..892396ad --- /dev/null +++ b/charts/contract-management/templates/configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "contract.fullname" . }} + labels: + {{ include "contract.labels" . | nindent 4 }} +data: + application.yaml: | + micronaut: + http: + services: + read-timeout: 30s + {{- toYaml .Values.services | nindent 10 }} + general: + name: {{ include "contract.fullname" . }} + basepath: "/callback" + port: {{ .Values.port}} + til: + {{- toYaml .Values.til | nindent 8 }} \ No newline at end of file diff --git a/charts/contract-management/templates/deployment.yaml b/charts/contract-management/templates/deployment.yaml new file mode 100644 index 00000000..2b1ac289 --- /dev/null +++ b/charts/contract-management/templates/deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "contract.fullname" . }} + labels: + {{ include "contract.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.deployment.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} + strategy: + {{- with .Values.deployment.updateStrategy }} + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "contract.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + {{ include "contract.labels" . | nindent 8 }} + {{- with .Values.deployment.additionalLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.deployment.additionalAnnotations -}} + annotations: + prometheus.io/scrape: {{ .Values.prometheus.enabled | quote }} + prometheus.io/path: {{ .Values.prometheus.path }} + prometheus.io/port: { { .Values.prometheus.port } } + {{- with .Values.deployment.additionalAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + spec: + serviceAccountName: {{ include "contract.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} + image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" + ports: + - name: http + containerPort: {{ .Values.port}} + protocol: TCP + - name: http-health + containerPort: {{ .Values.deployment.healthPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http-health + initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: /health + port: http-health + initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} + env: + - name: ENDPOINTS_ALL_PORT + value: {{ .Values.deployment.healthPort | quote }} + - name: MICRONAUT_SERVER_PORT + value: {{ .Values.port | quote }} + - name: MICRONAUT_METRICS_ENABLED + value: {{ .Values.prometheus.enabled | quote }} + - name: MICRONAUT_CONFIG_FILES + value: "/application.yaml" + {{- with .Values.additionalEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: application-yaml + mountPath: /application.yaml + subPath: application.yaml + resources: + {{- toYaml .Values.deployment.resources | nindent 12 }} + volumes: + - name: application-yaml + configMap: + name: {{ include "contract.fullname" . }} + items: + - key: application.yaml + path: application.yaml + {{- with .Values.deployment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.deployment.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/contract-management/templates/service.yaml b/charts/contract-management/templates/service.yaml new file mode 100644 index 00000000..8628f865 --- /dev/null +++ b/charts/contract-management/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "contract.fullname" . }} + {{- if .Values.service.annotations }} + annotations: + {{ toYaml .Values.service.annotations | nindent 4 }} + {{- end }} + labels: + {{ include "contract.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.port }} + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "contract.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/contract-management/templates/serviceaccount.yaml b/charts/contract-management/templates/serviceaccount.yaml new file mode 100644 index 00000000..97c07f12 --- /dev/null +++ b/charts/contract-management/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "contract.fullname" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} + labels: + {{ include "contract.labels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/contract-management/values.yaml b/charts/contract-management/values.yaml new file mode 100644 index 00000000..e4178add --- /dev/null +++ b/charts/contract-management/values.yaml @@ -0,0 +1,167 @@ +## Default values for til. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +# -- option to override the name config in the _helpers.tpl +nameOverride: "" +# -- option to override the fullname config in the _helpers.tpl +fullnameOverride: "" + +## configuration for the k8s service to access til +service: + # -- service type + type: ClusterIP + # -- port to be used by the service + port: 8080 + # -- additional annotations, if required + annotations: {} + +# -- if a til specific service account should be used, it can be configured here +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + # -- specifies if the account should be created + create: false + +## deployment specific configuration +deployment: + # -- initial number of target replications, can be different if autoscaling is enabled + replicaCount: 1 + # -- number of old replicas to be retained + revisionHistoryLimit: 3 + ## configuration of the til update strategy + updateStrategy: + # -- type of the update + type: RollingUpdate + # -- new pods will be added gradually + rollingUpdate: + # -- number of pods that can be created above the desired amount while updating + maxSurge: 1 + # -- number of pods that can be unavailable while updating + maxUnavailable: 0 + ## configuration of the image to be used + image: + # -- til image name + # ref: https://quay.io/repository/fiware/contract-management + repository: quay.io/fiware/contract-management + # -- tag of the image to be used + tag: 1.0.0-PRE-1 + # -- specification of the image pull policy + #pullPolicy: IfNotPresent + pullPolicy: Always + # -- additional labels for the deployment, if required + additionalLabels: {} + # -- additional annotations for the deployment, if required + additionalAnnotations: {} + ## til resource requests and limits, we leave the default empty to make that a concious choice by the user. + ## for the autoscaling to make sense, you should configure this. + # resources: + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # -- selector template + # ref: https://kubernetes.io/docs/user-guide/node-selection/ + nodeSelector: {} + # -- tolerations template + # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + # -- affinity template + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # -- port to request health information at + healthPort: 9090 + ## liveness and readiness probes + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + readinessProbe: + initialDelaySeconds: 31 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + +## pod autoscaling configuration, use for automatic scaling of the broker pods +autoscaling: + # -- should autoscaling be enabled for til + enabled: false + # -- minimum number of running pods + minReplicas: 1 + # -- maximum number of running pods + maxReplicas: 10 + # -- metrics to react on + metrics: [] + ## List of MetricSpecs to decide whether to scale + # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling + # scaler targets to hold average cpu around 80% + #- type: Resource + # resource: + # name: cpu + # target: + # type: Utilization + # averageUtilization: 80 + ## scaler targets to hold average memory around 80% + # - type: Resource + # resource: + # name: memory + # target: + # type: Utilization + # averageUtilization: 80 + +# -- port that the til container uses +port: 8080 + +## configuration for prometheus montioring +prometheus: + # -- should prometheus scrape be enabled + enabled: true + # -- path for prometheus scrape + path: /prometheus + # -- port prometheus scrape is available at + port: 9090 + +# -- a list of additional env vars to be set, check the til docu for all available options +additionalEnvVars: [] + +## Describes the configuration needed when adding entries to the Trusted Issuers List +til: + ## Type of Verifiable Credential necessary for accessing the service + credentialType: MyCredential + ## Claims with permissions granted to given Verifiable Credential + claims: + ## DID of the target service that is requiring the permissions + - target: "did:some:service" + ## Roles that are added/allowed for the given service + roles: + - Consumer + - Admin +## Configuration needed for accessing other services +services: + ## Config for Trusted Issuers List + til: + ## Path to be used + path: "" + ## URL of the Trusted Issuers List Service + url: http://trusted-issuers-list:8080 + ## Read timeout in sec + read-timeout: 30 + ## Config for the TM Forum Service hosting the Product Ordering API + product: + ## Path to be used + path: "/tmf-api/productOrderingManagement/v4" + ## URL of the TM Forum Service hosting the Product Ordering API + url: http://tm-forum-api-product-ordering-management:8080 + ## Read timeout in sec + read-timeout: 30 + ## Config for the TM Forum Service hosting the Party API + party: + ## Path to be used + path: "/tmf-api/party/v4" + ## URL of the TM Forum Service hosting the Party API + url: http://tm-forum-api-party-catalog:8080 + ## Read timeout in sec + read-timeout: 30 \ No newline at end of file