feat: Helm charts for revocation service

charts/managed-identity-wallet/.gitignore

@@ -1 +1,2 @@
-charts/
+charts/pgadmin4
+**/charts/*.tgz

charts/managed-identity-wallet/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
-- name: keycloak
-  repository: https://charts.bitnami.com/bitnami
-  version: 15.1.6
-- name: common
-  repository: https://charts.bitnami.com/bitnami
-  version: 2.13.3
-- name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.9.13
-- name: pgadmin4
-  repository: file://charts/pgadmin4
-  version: 1.19.0
+  - name: keycloak
+    repository: https://charts.bitnami.com/bitnami
+    version: 22.1.0
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    version: 2.13.3
+  - name: postgresql
+    repository: https://charts.bitnami.com/bitnami
+    version: 11.9.13
+  - name: pgadmin4
+    repository: file://charts/pgadmin4
+    version: 1.19.0
 digest: sha256:fb94864221b4fed31894b48ac56b72a2324da0dc1cb1d6888cc52c3490685df7
 generated: "2023-12-15T10:30:41.880265+01:00"

charts/managed-identity-wallet/Chart.yaml

@@ -22,7 +22,6 @@ name: managed-identity-wallet
 description: |
   Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
   And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains.
-
 type: application
 
 version: 1.0.0-develop.4
@@ -32,18 +31,15 @@ home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
   - Managed Identity Wallet
   - eclipse-tractusx
-
 sources:
   - https://github.com/eclipse-tractusx/managed-identity-wallet
-
 maintainers:
   - name: Dominik Pinsel
     email: dominik.pinsel@mercedes-benz.com
     url: https://github.com/DominikPinsel
-
 dependencies:
   - name: keycloak
-    version: 15.1.6
+    version: 22.1.0
     repository: https://charts.bitnami.com/bitnami
     condition: keycloak.enabled
   - name: common
@@ -52,11 +48,10 @@ dependencies:
       - bitnami-common
     version: 2.x.x
   - name: postgresql
-    version: 11.9.13
+    version: "16.x.x"
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
   - name: pgadmin4
-    repository: file://charts/pgadmin4  # https://helm.runix.net
-    # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE
+    repository: file://charts/pgadmin4
     version: 1.19.0
     condition: pgadmin4.enabled

charts/managed-identity-wallet/templates/NOTES.txt

@@ -17,6 +17,7 @@
 {{- else if contains "ClusterIP" .Values.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "managed-identity-wallet.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+  Visit http://127.0.0.1:8080 (MIW) and http://127.0.0.1:8081 (VCRS) to use your application
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8081:8081
 {{- end }}

charts/managed-identity-wallet/templates/_helpers.tpl

@@ -24,6 +24,10 @@ Expand the name of the chart.
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.name" -}}
+{{- default .Chart.Name .Values.vcrs.env.APPLICATION_NAME | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -42,13 +46,30 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.fullname" -}}
+{{- if .Values.vcrs.env.APPLICATION_NAME }}
+{{- .Values.vcrs.env.APPLICATION_NAME | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.vcrs.env.APPLICATION_NAME }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "managed-identity-wallet.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{/*
 Common labels
 */}}
@@ -61,6 +82,15 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.labels" -}}
+helm.sh/chart: {{ include "verifiable-credential-revocation-service.chart" . }}
+{{ include "verifiable-credential-revocation-service.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
 {{/*
 Selector labels
 */}}
@@ -69,6 +99,11 @@ app.kubernetes.io/name: {{ include "managed-identity-wallet.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "verifiable-credential-revocation-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

charts/managed-identity-wallet/templates/deployment.yaml → charts/managed-identity-wallet/templates/miw-deployment.yaml

@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 apiVersion: apps/v1
 kind: Deployment
@@ -117,7 +117,7 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
-          {{- with .Values.livenessProbe }}
+          {{- with .Values.miw.livenessProbe }}
           {{- if .enabled }}
           livenessProbe:
             httpGet:
@@ -130,7 +130,7 @@ spec:
             timeoutSeconds: {{ .timeoutSeconds }}
           {{- end }}
           {{- end }}
-          {{- with .Values.readinessProbe }}
+          {{- with .Values.miw.readinessProbe }}
           {{- if .enabled }}
           readinessProbe:
             httpGet:
@@ -162,4 +162,4 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
-        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}

charts/managed-identity-wallet/templates/ingress.yaml → charts/managed-identity-wallet/templates/miw-ingress.yaml

@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 {{ if .Values.ingress.enabled -}}
 {{- $fullName := include "managed-identity-wallet.fullname" . -}}

charts/managed-identity-wallet/templates/secret.yaml → charts/managed-identity-wallet/templates/miw-secret.yaml

@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 {{ if .Values.secrets -}}
 apiVersion: v1

charts/managed-identity-wallet/templates/service.yaml → charts/managed-identity-wallet/templates/miw-service.yaml

@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 apiVersion: v1
 kind: Service

charts/managed-identity-wallet/templates/networkpolicy.yaml

@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2024 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 {{- if .Values.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy

charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml

@@ -21,7 +21,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-pgadmin4-server-definitions
+  name: pgadmin4-server-definitions
   labels:
     {{- include "pgadmin.labels" . | nindent 4 }}
 data:

charts/managed-identity-wallet/templates/psql-pv.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-seed-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: standard

charts/managed-identity-wallet/templates/vcrs-configmap.yaml

@@ -0,0 +1,27 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+data:
+  {{- range $key, $val := .Values.vcrs.env }}
+  {{ $key }}: {{ $val | quote }}
+  {{- end}}

charts/managed-identity-wallet/templates/vcrs-deployment.yaml

@@ -0,0 +1,83 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+  labels:
+    {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
+  selector:
+    matchLabels:
+      {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 6 }}
+  replicas: {{ .Values.vcrs.replicaCount }}
+  revisionHistoryLimit: 2
+  template:
+    metadata:
+      labels:
+        {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+          image: {{ .Values.vcrs.image.repository }}:{{ default .Chart.AppVersion .Values.vcrs.image.tag }}
+          imagePullPolicy: {{ .Values.vcrs.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.vcrs.resources | nindent 12 }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.vcrs.secretName }}
+            - configMapRef:
+                name: {{ .Values.vcrs.configName }}
+          {{- with .Values.vcrs.livenessProbe }}
+          {{- if .enabled }}
+          ports:
+            - name: http
+              containerPort: 8081
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: 8081
+              scheme: HTTP
+            failureThreshold: {{ .failureThreshold }}
+            initialDelaySeconds: {{ .initialDelaySeconds }}
+            periodSeconds: {{ .periodSeconds }}
+            timeoutSeconds: {{ .timeoutSeconds }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.vcrs.readinessProbe }}
+          {{- if .enabled }}
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8081
+              scheme: HTTP
+            failureThreshold: {{ .failureThreshold }}
+            initialDelaySeconds: {{ .initialDelaySeconds }}
+            periodSeconds: {{ .periodSeconds }}
+            successThreshold: {{ .successThreshold }}
+            timeoutSeconds: {{ .timeoutSeconds }}
+          {{- end }}
+          {{- end }}