diff --git a/.github/workflows/portal-chart-test.yaml b/.github/workflows/portal-chart-test.yaml index 29d731478..dcee4a242 100644 --- a/.github/workflows/portal-chart-test.yaml +++ b/.github/workflows/portal-chart-test.yaml @@ -64,10 +64,11 @@ jobs: - name: Run chart-testing (lint) run: ct lint --charts charts/portal --config charts/chart-testing-config.yaml - # install the chart to the kind cluster and run helm test - # define charts to test with the --charts parameter - - name: Run chart-testing (install) - run: ct install --charts charts/portal --config charts/chart-testing-config.yaml + - name: Run helm install + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev + helm install portal charts/portal --namespace install --create-namespace if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' # Upgrade the released portal chart version with the locally available chart @@ -75,7 +76,7 @@ jobs: run: | helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev - helm install portal tractusx-dev/portal --version ${{ github.event.inputs.upgrade_from || '1.3.0' }} + helm install portal tractusx-dev/portal --version ${{ github.event.inputs.upgrade_from || '1.3.0' }} --namespace upgrade --create-namespace helm dependency update charts/portal - helm upgrade portal charts/portal + helm upgrade portal charts/portal --namespace upgrade if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' diff --git a/charts/portal/templates/cronjob-backend-portal-maintenance.yaml b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml index baeafabdd..3311c82f4 100644 --- a/charts/portal/templates/cronjob-backend-portal-maintenance.yaml +++ b/charts/portal/templates/cronjob-backend-portal-maintenance.yaml @@ -31,7 +31,11 @@ spec: containers: - name: {{ .Values.backend.portalmaintenance.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 16 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.portalmaintenance.image.name }}:{{ .Values.backend.portalmaintenance.image.portalmaintenancetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -57,3 +61,5 @@ spec: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + resources: + {{- toYaml .Values.backend.portalmaintenance.resources | nindent 14 }} diff --git a/charts/portal/templates/cronjob-backend-processes.yaml b/charts/portal/templates/cronjob-backend-processes.yaml index 7633bc674..c75378bb0 100644 --- a/charts/portal/templates/cronjob-backend-processes.yaml +++ b/charts/portal/templates/cronjob-backend-processes.yaml @@ -32,7 +32,11 @@ spec: containers: - name: {{ .Values.backend.processesworker.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 16 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.processesworker.image.name }}:{{ .Values.backend.processesworker.image.processesworkertag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -68,13 +72,17 @@ spec: - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} - - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__Cl2-CX-Portal__0" + - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.applicationActivation.applicationApprovalInitialRoles.portal.role0 }}" - name: "APPLICATIONACTIVATION__CLIENTTOREMOVEROLESONACTIVATION__0" value: "{{ .Values.backend.processesworker.applicationActivation.clientToRemoveRolesOnActivation.client0 }}" - name: "APPLICATIONACTIVATION__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__Cl1-CX-Registration__0" + - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.registration }}" + - name: "APPLICATIONACTIVATION__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.applicationActivation.applicationApprovalInitialRoles.registration.role0 }}" - name: "APPLICATIONACTIVATION__WELCOMENOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.processesworker.applicationActivation.welcomeNotificationTypeIds.type0 }}" @@ -130,6 +138,8 @@ spec: value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.processesworker.clearinghouse.callbackPath }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__BASEADDRESS" value: "{{ .Values.custodianAddress }}" + - name: "APPLICATIONCHECKLIST__CUSTODIAN__MEMBERSHIPERRORMESSAGE" + value: "{{ .Values.backend.processesworker.custodian.membershipErrorMessage }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__CLIENTID" value: "{{ .Values.backend.processesworker.custodian.clientId }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__CLIENTSECRET" @@ -219,7 +229,9 @@ spec: value: "{{ .Values.backend.provisioning.centralRealm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" - - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.registration }}" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__AUTH" value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.auth }}" @@ -244,13 +256,21 @@ spec: value: "{{ .Values.backend.provisioning.sharedRealmClient.clientId }}" - name: "OFFERSUBSCRIPTIONPROCESS__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEACCOUNTROLES__technical_roles_management__0" + - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEACCOUNTROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.technicalRolesManagement }}" + - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.serviceAccountRoles.role0 }}" - - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "OFFERSUBSCRIPTIONPROCESS__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.serviceManagerRoles.role0 }}" - - name: "OFFERSUBSCRIPTIONPROCESS__ITADMINROLES__Cl2-CX-Portal__0" + - name: "OFFERSUBSCRIPTIONPROCESS__ITADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "OFFERSUBSCRIPTIONPROCESS__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerSubscriptionProcess.itAdminRoles.role0 }}" - - name: "OFFERPROVIDER__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + - name: "OFFERPROVIDER__SERVICEMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "OFFERPROVIDER__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.processesworker.offerprovider.serviceManagerRoles.role0 }}" - name: "OFFERPROVIDER__CLIENTID" value: "{{ .Values.backend.processesworker.offerprovider.clientId }}" @@ -273,3 +293,5 @@ spec: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + resources: + {{- toYaml .Values.backend.processesworker.resources | nindent 14 }} diff --git a/charts/portal/templates/deployment-backend-administration.yaml b/charts/portal/templates/deployment-backend-administration.yaml index 1f8d45246..8bd6f1aeb 100644 --- a/charts/portal/templates/deployment-backend-administration.yaml +++ b/charts/portal/templates/deployment-backend-administration.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.backend.administration.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.administration.image.name }}:{{ .Values.backend.administration.image.administrationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -126,7 +130,9 @@ spec: - name: "APPLICATIONCHECKLIST__CLEARINGHOUSE__USERNAME" value: "{{ .Values.backend.placeholder }}" - name: "APPLICATIONCHECKLIST__CLEARINGHOUSE__CALLBACKURL" - value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.processesworker.clearinghouse.callbackPath }}" + value: "{{ .Values.portalBackendAddress }}{{ .Values.backend.processesworker.clearinghouse.callbackPath }}" + - name: "APPLICATIONCHECKLIST__CUSTODIAN__MEMBERSHIPERRORMESSAGE" + value: "{{ .Values.backend.processesworker.custodian.membershipErrorMessage }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__BASEADDRESS" value: "{{ .Values.custodianAddress }}" - name: "APPLICATIONCHECKLIST__CUSTODIAN__CLIENTID" @@ -231,7 +237,9 @@ spec: value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.headerUserId }}" - name: "IDENTITYPROVIDERADMIN__CSVSETTINGS__SEPARATOR" value: "{{ .Values.backend.administration.identityProviderAdmin.csvSettings.separator }}" - - name: "INVITATION__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + - name: "INVITATION__INVITEDUSERINITIALROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.registration }}" + - name: "INVITATION__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.administration.invitation.invitedUserInitialRoles.role0 }}" - name: "INVITATION__REGISTRATIONAPPADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.registration.portalRegistrationPath }}" @@ -288,7 +296,9 @@ spec: value: "{{ .Values.backend.provisioning.centralRealm }}" - name: "PROVISIONING__CENTRALREALMID" value: "{{ .Values.backend.provisioning.centralRealmId }}" - - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.registration }}" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - name: "PROVISIONING__SHAREDREALM__SMTPSERVER__AUTH" value: "{{ .Values.backend.provisioning.sharedRealm.smtpServer.auth }}" @@ -321,9 +331,11 @@ spec: value: "{{ .Values.backend.administration.userManagement.companyUserStatusIds.status0 }}" - name: "USERMANAGEMENT__COMPANYUSERSTATUSIDS__1" value: "{{ .Values.backend.administration.userManagement.companyUserStatusIds.status1 }}" - - name: "USERMANAGEMENT__USERADMINROLES__Cl2-CX-Portal__0" + - name: "USERMANAGEMENT__USERADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "USERMANAGEMENT__USERADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.administration.userManagement.userAdminRoles.role0 }}" - - name: "USERMANAGEMENT__USERADMINROLES__Cl2-CX-Portal__1" + - name: "USERMANAGEMENT__USERADMINROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.administration.userManagement.userAdminRoles.role1 }}" - name: "USERMANAGEMENT__PORTAL__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" @@ -364,7 +376,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.backend.administration.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-backend-appmarketplace.yaml b/charts/portal/templates/deployment-backend-appmarketplace.yaml index 87604fc58..236d3af9b 100644 --- a/charts/portal/templates/deployment-backend-appmarketplace.yaml +++ b/charts/portal/templates/deployment-backend-appmarketplace.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.backend.appmarketplace.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.appmarketplace.image.name }}:{{ .Values.backend.appmarketplace.image.appmarketplaceservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -72,9 +76,11 @@ spec: - name: "CONNECTIONSTRINGS__PROVISIONINGDB" value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};" {{- end }} - - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.activeAppCompanyAdminRoles.role0 }}" - - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__Cl2-CX-Portal__1" + - name: "APPMARKETPLACE__ACTIVEAPPCOMPANYADMINROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.appmarketplace.activeAppCompanyAdminRoles.role1 }}" - name: "APPMARKETPLACE__ACTIVEAPPNOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.activeAppNotificationTypeIds.type0 }}" @@ -94,36 +100,52 @@ spec: value: "{{ .Values.portalAddress }}{{ .Values.backend.appmarketplace.appOverviewPath }}" - name: "APPMARKETPLACE__APPROVEAPPNOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.approveAppNotificationTypeIds.type0 }}" - - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.approveAppUserRoles.role0 }}" - - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__Cl2-CX-Portal__1" + - name: "APPMARKETPLACE__APPROVEAPPUSERROLES__0__USERROLENAMES__1" value: "{{ .Values.backend.appmarketplace.approveAppUserRoles.role1 }}" - name: "APPMARKETPLACE__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - name: "APPMARKETPLACE__USERMANAGEMENTADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" - - name: "APPMARKETPLACE__CATENAADMINROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__CATENAADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__CATENAADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.catenaAdminRoles.role0 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_CONTRACT__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting0 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__ADDITIONAL_DETAILS__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting0 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_TECHNICAL_INFORMATION__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting0 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_LEADIMAGE__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting1 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_LEADIMAGE__1" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting2 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_LEADIMAGE__2" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting3 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_IMAGE__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting1 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_IMAGE__1" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting2 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__APP_IMAGE__2" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting3 }}" - - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__CONFORMITY_APPROVAL_BUSINESS_APPS__0" - value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.setting0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__0__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__0__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds0.mediaTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__1__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId1 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__1__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds1.mediaTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__1__MEDIATYPES__1" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds1.mediaTypeId1 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__1__MEDIATYPES__2" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds1.mediaTypeId2 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__2__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId2 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__2__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds2.mediaTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__2__MEDIATYPES__1" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds2.mediaTypeId1 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__2__MEDIATYPES__2" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds2.mediaTypeId2 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__3__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId3 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__3__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds3.mediaTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__4__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId4 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__4__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds4.mediaTypeId0 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__5__DOCUMENTTYPEID" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.documentTypeId5 }}" + - name: "APPMARKETPLACE__UPLOADAPPDOCUMENTTYPEIDS__5__MEDIATYPES__0" + value: "{{ .Values.backend.appmarketplace.uploadAppDocumentTypeIds.mediaTypeIds5.mediaTypeId0 }}" - name: "APPMARKETPLACE__DELETEDOCUMENTTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.deleteDocumentTypeIds.type0 }}" - name: "APPMARKETPLACE__DELETEDOCUMENTTYPEIDS__1" @@ -142,7 +164,9 @@ spec: value: "{{ .Values.backend.appmarketplace.submitAppDocumentTypeIds.type1 }}" - name: "APPMARKETPLACE__SUBMITAPPDOCUMENTTYPEIDS__2" value: "{{ .Values.backend.appmarketplace.submitAppDocumentTypeIds.type2 }}" - - name: "APPMARKETPLACE__ITADMINROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__ITADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.ITAdminRoles.role0 }}" - name: "APPMARKETPLACE__NOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.notificationTypeIds.type0 }}" @@ -150,17 +174,25 @@ spec: value: "{{ .Values.backend.appmarketplace.offerStatusIds.status0 }}" - name: "APPMARKETPLACE__OFFERSTATUSIDS__1" value: "{{ .Values.backend.appmarketplace.offerStatusIds.status1 }}" - - name: "APPMARKETPLACE__SALESMANAGERROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__SALESMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__SALESMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.salesManagerRoles.role0 }}" - - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__technical_roles_management__0" + - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.technicalRolesManagement }}" + - name: "APPMARKETPLACE__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.serviceAccountRoles.role0 }}" - - name: "APPMARKETPLACE__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.serviceManagerRoles.role0 }}" - name: "APPMARKETPLACE__SUBMITAPPNOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.appmarketplace.submitAppNotificationTypeIds.type0 }}" - name: "APPMARKETPLACE__TECHNICALUSERPROFILECLIENT" value: "{{ .Values.backend.appmarketplace.technicalUserProfileClient }}" - - name: "APPMARKETPLACE__COMPANYADMINROLES__Cl2-CX-Portal__0" + - name: "APPMARKETPLACE__COMPANYADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "APPMARKETPLACE__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.appmarketplace.companyAdminRoles.role0 }}" - name: "HEALTHCHECKS__0__PATH" value: "{{ .Values.backend.healthChecks.startup.path}}" @@ -255,7 +287,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.backend.appmarketplace.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-backend-notification.yaml b/charts/portal/templates/deployment-backend-notification.yaml index e3b12f453..8c87b25e0 100644 --- a/charts/portal/templates/deployment-backend-notification.yaml +++ b/charts/portal/templates/deployment-backend-notification.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.backend.notification.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.notification.image.name }}:{{ .Values.backend.notification.image.notificationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -156,7 +160,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.backend.notification.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-backend-registration.yaml b/charts/portal/templates/deployment-backend-registration.yaml index d691c3921..45f3fbde3 100644 --- a/charts/portal/templates/deployment-backend-registration.yaml +++ b/charts/portal/templates/deployment-backend-registration.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.backend.registration.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.registration.image.name }}:{{ .Values.backend.registration.image.registrationservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -134,7 +138,9 @@ spec: value: "{{ .Values.backend.mailing.user }}" - name: "PROVISIONING__CENTRALREALM" value: "{{ .Values.backend.provisioning.centralRealm }}" - - name: "PROVISIONING__INVITEDUSERINITIALROLES__Cl1-CX-Registration__0" + - name: "PROVISIONING__INVITEDUSERINITIALROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.registration }}" + - name: "APPMARKETPLACE__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.provisioning.invitedUserInitialRoles.registration }}" - name: "PROVISIONING__SERVICEACCOUNTCLIENTPREFIX" value: "{{ .Values.backend.provisioning.serviceAccountClientPrefix }}" @@ -156,6 +162,9 @@ spec: value: "{{ .Values.backend.registration.swaggerEnabled }}" - name: "REGISTRATION__REGISTRATIONDOCUMENTTYPEIDS__0" value: "{{ .Values.backend.registration.registrationDocumentTypeIds.type0 }}" + - name: "REGISTRATION__SUBMITDOCUMENTTYPEIDS__0" + value: "{{ .Values.backend.registration.submitDocumentTypeIds.type0 }}" + ports: - name: http containerPort: {{ .Values.portContainer }} @@ -191,7 +200,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.backend.registration.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-backend-services.yaml b/charts/portal/templates/deployment-backend-services.yaml index 7c62803b7..619cbc94b 100644 --- a/charts/portal/templates/deployment-backend-services.yaml +++ b/charts/portal/templates/deployment-backend-services.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.backend.services.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.services.image.name }}:{{ .Values.backend.services.image.servicesservicetag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -130,31 +134,47 @@ spec: value: "{{ .Values.backend.provisioning.centralRealmId }}" - name: "SERVICES__APPROVESERVICENOTIFICATIONTYPEIDS__0" value: "{{ .Values.backend.services.approveServiceNotificationTypeIds.type0 }}" - - name: "SERVICES__APPROVESERVICEUSERROLES__Cl2-CX-Portal__0" + - name: "SERVICES__APPROVESERVICEUSERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__APPROVESERVICEUSERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.approveServiceUserRoles.role0 }}" - - name: "SERVICES__APPROVESERVICEUSERROLES__Cl2-CX-Portal__1" - value: "{{ .Values.backend.services.approveServiceUserRoles.role1 }}" + - name: "SERVICES__APPROVESERVICEUSERROLES__0__USERROLENAMES__1" + value: "{{ .Values.backend.services.approveServiceUserRoles.role1 }}" - name: "SERVICES__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - name: "SERVICES__USERMANAGEMENTADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.userManagementPath }}" - - name: "SERVICES__CATENAADMINROLES__Cl2-CX-Portal__0" + - name: "SERVICES__CATENAADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__CATENAADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.catenaAdminRoles.role0 }}" - - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__ADDITIONAL_DETAILS__0" - value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.setting0 }}" - - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__SERVICE_LEADIMAGE__0" - value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.setting1 }}" - - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__SERVICE_LEADIMAGE__1" - value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.setting2 }}" - - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__SERVICE_LEADIMAGE__2" - value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.setting3 }}" - - name: "SERVICES__ITADMINROLES__Cl2-CX-Portal__0" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__0__DOCUMENTTYPEID" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.documentTypeId0 }}" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__0__MEDIATYPES__0" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.mediaTypeIds0.mediaTypeId0 }}" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__1__DOCUMENTTYPEID" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.documentTypeId1 }}" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__1__MEDIATYPES__0" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.mediaTypeIds1.mediaTypeId0 }}" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__1__MEDIATYPES__1" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.mediaTypeIds1.mediaTypeId1 }}" + - name: "SERVICES__UPLOADSERVICEDOCUMENTTYPEIDS__1__MEDIATYPES__2" + value: "{{ .Values.backend.services.uploadServiceDocumentTypeIds.mediaTypeIds1.mediaTypeId2 }}" + - name: "SERVICES__ITADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__ITADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.ITAdminRoles.role0 }}" - - name: "SERVICES__SALESMANAGERROLES__Cl2-CX-Portal__0" + - name: "SERVICES__SALESMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__SALESMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.salesManagerRoles.role0 }}" - - name: "SERVICES__SERVICEACCOUNTROLES__technical_roles_management__0" + - name: "SERVICES__SERVICEACCOUNTROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.technicalRolesManagement }}" + - name: "SERVICES__SERVICEACCOUNTROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.serviceAccountRoles.role0 }}" - - name: "SERVICES__SERVICEMANAGERROLES__Cl2-CX-Portal__0" + - name: "SERVICES__SERVICEMANAGERROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__SERVICEMANAGERROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.serviceManagerRoles.role0 }}" - name: "SERVICES__SERVICEMARKETPLACEADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.services.serviceMarketplacePath }}" @@ -178,7 +198,9 @@ spec: value: "{{ .Values.backend.services.deleteDocumentTypeIds.type1 }}" - name: "SERVICES__TECHNICALUSERPROFILECLIENT" value: "{{ .Values.backend.services.technicalUserProfileClient }}" - - name: "SERVICES__COMPANYADMINROLES__Cl2-CX-Portal__0" + - name: "SERVICES__COMPANYADMINROLES__0__CLIENTID" + value: "{{ .Values.backend.clients.portal }}" + - name: "SERVICES__COMPANYADMINROLES__0__USERROLENAMES__0" value: "{{ .Values.backend.services.companyAdminRoles.role0 }}" ports: - name: http @@ -215,7 +237,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.backend.services.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-frontend-assets.yaml b/charts/portal/templates/deployment-frontend-assets.yaml index 45a87861c..2913a8768 100644 --- a/charts/portal/templates/deployment-frontend-assets.yaml +++ b/charts/portal/templates/deployment-frontend-assets.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.frontend.assets.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: {{ .Values.frontend.assets.image.name }}:{{ .Values.frontend.assets.image.assetstag | default .Chart.AppVersion }} imagePullPolicy: "Always" ports: @@ -65,7 +69,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.frontend.assets.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-frontend-portal.yaml b/charts/portal/templates/deployment-frontend-portal.yaml index 2885c309c..3655266fd 100644 --- a/charts/portal/templates/deployment-frontend-portal.yaml +++ b/charts/portal/templates/deployment-frontend-portal.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.frontend.portal.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: {{ .Values.frontend.portal.image.name }}:{{ .Values.frontend.portal.image.portaltag | default .Chart.AppVersion }} imagePullPolicy: "Always" env: @@ -76,7 +80,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.frontend.portal.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/deployment-frontend-registration.yaml b/charts/portal/templates/deployment-frontend-registration.yaml index f10b1c6ab..348205b1d 100644 --- a/charts/portal/templates/deployment-frontend-registration.yaml +++ b/charts/portal/templates/deployment-frontend-registration.yaml @@ -36,7 +36,11 @@ spec: containers: - name: {{ .Values.frontend.registration.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: {{ .Values.frontend.registration.image.name }}:{{ .Values.frontend.registration.image.registrationtag | default .Chart.AppVersion }} imagePullPolicy: "Always" env: @@ -72,7 +76,7 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.frontend.registration.resources | nindent 10 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/portal/templates/job-backend-portal-migrations.yaml b/charts/portal/templates/job-backend-portal-migrations.yaml index 9da117f5a..e35f04e27 100644 --- a/charts/portal/templates/job-backend-portal-migrations.yaml +++ b/charts/portal/templates/job-backend-portal-migrations.yaml @@ -34,7 +34,11 @@ spec: containers: - name: {{ .Values.backend.portalmigrations.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.portalmigrations.image.name }}:{{ .Values.backend.portalmigrations.image.portalmigrationstag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -62,3 +66,5 @@ spec: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + resources: + {{- toYaml .Values.backend.portalmigrations.resources | nindent 10 }} diff --git a/charts/portal/templates/job-backend-provisioning-migrations.yaml b/charts/portal/templates/job-backend-provisioning-migrations.yaml index d26d438ae..71ed6dae6 100644 --- a/charts/portal/templates/job-backend-provisioning-migrations.yaml +++ b/charts/portal/templates/job-backend-provisioning-migrations.yaml @@ -34,7 +34,11 @@ spec: containers: - name: {{ .Values.backend.provisioningmigrations.name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true image: "{{ .Values.backend.provisioningmigrations.image.name }}:{{ .Values.backend.provisioningmigrations.image.provisioningmigrationstag | default .Chart.AppVersion }}" imagePullPolicy: "Always" env: @@ -60,3 +64,5 @@ spec: - name: http containerPort: {{ .Values.portContainer }} protocol: TCP + resources: + {{- toYaml .Values.backend.provisioningmigrations.resources | nindent 10 }} diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index cdc19164d..4c7979edc 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -95,17 +95,47 @@ frontend: name: "portal" image: name: "tractusx/portal-frontend" - portaltag: v1.5.0 + portaltag: a9d65952859186044665c09cd8ae5da2bd8d9bc2 + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi registration: name: "registration" image: name: "tractusx/portal-frontend-registration" - registrationtag: v1.4.0 + registrationtag: c4556672f49adc306b0f42c3581de3e321bbc50b + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi assets: name: "assets" image: name: "tractusx/portal-assets" - assetstag: v1.5.0 + assetstag: 15bd1f3d722a73ec1fd34baab83757828f2970dc + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi path: "/assets" centralidpAuthPath: "/auth" bpdmPartnersPoolApiPath: "/api" @@ -225,7 +255,17 @@ backend: name: "registration-service" image: name: "tractusx/portal-registration-service" - registrationservicetag: v1.5.1 + registrationservicetag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi logging: registrationServiceBpn: "Information" # -- Healthchecks to be enabled for startupProbe, @@ -249,11 +289,23 @@ backend: swaggerEnabled: false registrationDocumentTypeIds: type0: "CX_FRAME_CONTRACT" + submitDocumentTypeIds: + type0: "COMMERCIAL_REGISTER_EXTRACT" administration: name: "administration-service" image: name: "tractusx/portal-administration-service" - administrationservicetag: v1.5.1 + administrationservicetag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi logging: businessLogic: "Information" sdfactoryLibrary: "Information" @@ -347,7 +399,17 @@ backend: name: "marketplace-app-service" image: name: "tractusx/portal-marketplace-app-service" - appmarketplaceservicetag: v1.5.1 + appmarketplaceservicetag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi logging: offersLibrary: "Information" # -- Healthchecks to be enabled for startupProbe, @@ -377,10 +439,28 @@ backend: ITAdminRoles: role0: "IT Admin" uploadAppDocumentTypeIds: - setting0: "application/pdf" - setting1: "image/jpeg" - setting2: "image/png" - setting3: "image/svg+xml" + documentTypeId0: "APP_TECHNICAL_INFORMATION" + mediaTypeIds0: + mediaTypeId0: "PDF" + documentTypeId1: "APP_LEADIMAGE" + mediaTypeIds1: + mediaTypeId0: "JPEG" + mediaTypeId1: "PNG" + mediaTypeId2: "SVG" + documentTypeId2: "APP_IMAGE" + mediaTypeIds2: + mediaTypeId0: "JPEG" + mediaTypeId1: "PNG" + mediaTypeId2: "SVG" + documentTypeId3: "APP_CONTRACT" + mediaTypeIds3: + mediaTypeId0: "PDF" + documentTypeId4: "ADDITIONAL_DETAILS" + mediaTypeIds4: + mediaTypeId0: "PDF" + documentTypeId5: "CONFORMITY_APPROVAL_BUSINESS_APPS" + mediaTypeIds5: + mediaTypeId0: "PDF" deleteDocumentTypeIds: type0: "APP_CONTRACT" type1: "ADDITIONAL_DETAILS" @@ -418,19 +498,49 @@ backend: name: "portal-migrations" image: name: "tractusx/portal-portal-migrations" - portalmigrationstag: v1.5.1 + portalmigrationstag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi seeding: testDataEnvironments: "" portalmaintenance: name: "portal-maintenance" image: name: "tractusx/portal-maintenance-service" - portalmaintenancetag: v1.5.1 + portalmaintenancetag: 03c4ff74538b2ea7a199ef9f0121eed09d7f972a + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi notification: name: "notification-service" image: name: "tractusx/portal-notification-service" - notificationservicetag: v1.5.1 + notificationservicetag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi # -- Healthchecks to be enabled for startupProbe, # enable by removing the brackets after 'tags:' and uncommenting the following lines. healthChecks: @@ -445,7 +555,17 @@ backend: name: "services-service" image: name: "tractusx/portal-services-service" - servicesservicetag: v1.5.1 + servicesservicetag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi logging: offersLibrary: "Information" # -- Healthchecks to be enabled for startupProbe, @@ -472,10 +592,14 @@ backend: ITAdminRoles: role0: "IT Admin" uploadServiceDocumentTypeIds: - setting0: "application/pdf" - setting1: "image/jpeg" - setting2: "image/png" - setting3: "image/svg+xml" + documentTypeId0: "ADDITIONAL_DETAILS" + mediaTypeIds0: + mediaTypeId0: "PDF" + documentTypeId1: "SERVICE_LEADIMAGE" + mediaTypeIds1: + mediaTypeId0: "JPEG" + mediaTypeId1: "PNG" + mediaTypeId2: "SVG" submitServiceNotificationTypeIds: type0: "SERVICE_RELEASE_REQUEST" approveServiceNotificationTypeIds: @@ -498,12 +622,32 @@ backend: name: "provisioning-migrations" image: name: "tractusx/portal-provisioning-migrations" - provisioningmigrationstag: v1.5.1 + provisioningmigrationstag: 2cb4dc190424b0f467b1645367ba97a631e8edff + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi processesworker: name: "processes-worker" image: name: "tractusx/portal-processes-worker" - processesworkertag: v1.5.1 + processesworkertag: f0f0ce828386c22c8865e5c67ab5c5aeeeee070e + # -- We recommend not to specify default resources and to leave this as a conscious choice for the user. + # If you do want to specify resources, uncomment the following lines, + # adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi logging: processesLibrary: "Information" bpdmLibrary: "Information" @@ -533,6 +677,7 @@ backend: # -- Client-secret for bpdm client-id. Secret-key 'bpdm-client-secret'. clientSecret: "" custodian: + membershipErrorMessage: "Credential of type MembershipCredential is already exists" scope: "openid" grantType: "client_credentials" # -- Provide custodian client-id from CX IAM centralidp. @@ -575,6 +720,10 @@ backend: clientId: "offerprovider-client-id" # -- Client-secret for offer provider client-id. Secret-key 'offerprovider-client-secret'. clientSecret: "" + clients: + portal: "Cl2-CX-Portal" + registration: "Cl1-CX-Registration" + technicalRolesManagement: "technical_roles_management" placeholder: "empty" postgresql: @@ -653,29 +802,12 @@ portService: 8080 replicaCount: 3 -securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: ["ALL"] - -# -- If you do want to specify resources, uncomment the following lines, -# adjust them as necessary, and remove the curly braces after 'resources:'. -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- Node labels for pod assignment nodeSelector: {} # -- Tolerations for pod assignment tolerations: [] - affinity: # -- Following Catena-X Helm Best Practices, # [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). @@ -689,7 +821,6 @@ affinity: operator: DoesNotExist topologyKey: kubernetes.io/hostname - updateStrategy: # -- Update strategy type, # rolling update configuration parameters, diff --git a/consortia/argocd-app-templates/appsetup-preprod.yaml b/consortia/argocd-app-templates/appsetup-stable.yaml similarity index 95% rename from consortia/argocd-app-templates/appsetup-preprod.yaml rename to consortia/argocd-app-templates/appsetup-stable.yaml index 8421a8688..90a861828 100644 --- a/consortia/argocd-app-templates/appsetup-preprod.yaml +++ b/consortia/argocd-app-templates/appsetup-stable.yaml @@ -34,5 +34,8 @@ spec: - name: AVP_SECRET value: vault-secret - name: helm_args - value: '-f values.yaml -f ../../consortia/environments/values-preprod.yaml' + value: '-f values.yaml -f ../../consortia/environments/values-stable.yaml' project: project-portal + syncPolicy: + automated: + prune: true diff --git a/consortia/environments/values-beta.yaml b/consortia/environments/values-beta.yaml index c59bf99b9..6b0ede7c1 100644 --- a/consortia/environments/values-beta.yaml +++ b/consortia/environments/values-beta.yaml @@ -27,8 +27,8 @@ bpdmPartnersPoolAddress: "https://partners-pool.beta.demo.catena-x.net" bpdmPortalGateAddress: "https://portal-gate.dev.demo.catena-x.net" custodianAddress: "https://managed-identity-wallets.beta.demo.catena-x.net" sdfactoryAddress: "https://sdfactory.beta.demo.catena-x.net" -clearinghouseAddress: "https://validation.dev.dih-cloud.com" -clearinghouseTokenAddress: "https://iam.dev.dih-cloud.com/realms/notarisation/protocol/openid-connect/token" +clearinghouseAddress: "https://validation.test.dih-cloud.com" +clearinghouseTokenAddress: "https://iam.test.dih-cloud.com/realms/carla/protocol/openid-connect/token" frontend: @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -124,6 +151,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -137,6 +171,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -164,6 +205,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -174,10 +222,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -190,6 +261,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -206,11 +284,18 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: clientId: "" clientSecret: "" clearinghouse: - clientId: "" + clientId: "" clientSecret: "" custodian: clientId: "" @@ -223,6 +308,15 @@ backend: clientId: "" clientSecret: "" + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + postgresql: auth: password: "" diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml index 2cace3205..318214172 100644 --- a/consortia/environments/values-dev.yaml +++ b/consortia/environments/values-dev.yaml @@ -25,10 +25,10 @@ semanticsAddress: "https://semantics.dev.demo.catena-x.net" dapsAddress: "https://drs.dev.demo.catena-x.net" bpdmPartnersPoolAddress: "https://partners-pool.dev.demo.catena-x.net" bpdmPortalGateAddress: "https://portal-gate.dev.demo.catena-x.net" -custodianAddress: "https://managed-identity-wallets.dev.demo.catena-x.net" +custodianAddress: "https://managed-identity-wallets-new.dev.demo.catena-x.net" sdfactoryAddress: "https://sdfactory.dev.demo.catena-x.net" -clearinghouseAddress: "https://validation.dev.dih-cloud.com" -clearinghouseTokenAddress: "https://iam.dev.dih-cloud.com/realms/notarisation/protocol/openid-connect/token" +clearinghouseAddress: "https://validation.test.dih-cloud.com" +clearinghouseTokenAddress: "https://iam.test.dih-cloud.com/realms/carla/protocol/openid-connect/token" frontend: @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -124,6 +151,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -137,6 +171,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -164,6 +205,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -174,10 +222,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -190,6 +261,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -206,11 +284,18 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: clientId: "" clientSecret: "" clearinghouse: - clientId: "" + clientId: "" clientSecret: "" custodian: clientId: "" @@ -221,7 +306,16 @@ backend: clientSecret: "" offerProvider: clientId: "" - clientSecret: "" + clientSecret: "" + + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi postgresql: auth: diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml index e8b530c8f..23278f4f9 100644 --- a/consortia/environments/values-int.yaml +++ b/consortia/environments/values-int.yaml @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -124,6 +151,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -137,6 +171,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -164,6 +205,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -174,10 +222,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -190,6 +261,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -206,6 +284,13 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: clientId: "" clientSecret: "" @@ -221,7 +306,16 @@ backend: clientSecret: "" offerProvider: clientId: "" - clientSecret: "" + clientSecret: "" + + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi postgresql: auth: diff --git a/consortia/environments/values-pen.yaml b/consortia/environments/values-pen.yaml index 03da68e81..59b4d5242 100644 --- a/consortia/environments/values-pen.yaml +++ b/consortia/environments/values-pen.yaml @@ -27,8 +27,8 @@ bpdmPartnersPoolAddress: "https://partners-pool-pen.dev.demo.catena-x.net" bpdmPortalGateAddress: "https://portal-gate-pen.dev.demo.catena-x.net" custodianAddress: "https://managed-identity-wallets-pen.dev.demo.catena-x.net" sdfactoryAddress: "https://sdfactory-pen.dev.demo.catena-x.net" -clearinghouseAddress: "https://validation.dev.dih-cloud.com" -clearinghouseTokenAddress: "https://iam.dev.dih-cloud.com/realms/notarisation/protocol/openid-connect/token" +clearinghouseAddress: "https://validation.test.dih-cloud.com" +clearinghouseTokenAddress: "https://iam.test.dih-cloud.com/realms/carla/protocol/openid-connect/token" frontend: @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -125,6 +152,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -138,6 +172,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -165,6 +206,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -175,10 +223,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -191,6 +262,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -207,11 +285,18 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: clientId: "" clientSecret: "" clearinghouse: - clientId: "" + clientId: "" clientSecret: "" custodian: clientId: "" @@ -222,7 +307,16 @@ backend: clientSecret: "" offerProvider: clientId: "" - clientSecret: "" + clientSecret: "" + + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi postgresql: auth: diff --git a/consortia/environments/values-rc.yaml b/consortia/environments/values-rc.yaml index 2366b2ebc..3823817a3 100644 --- a/consortia/environments/values-rc.yaml +++ b/consortia/environments/values-rc.yaml @@ -25,10 +25,10 @@ semanticsAddress: "https://semantics.dev.demo.catena-x.net" dapsAddress: "https://drs.dev.demo.catena-x.net" bpdmPartnersPoolAddress: "https://partners-pool.dev.demo.catena-x.net" bpdmPortalGateAddress: "https://portal-gate.dev.demo.catena-x.net" -custodianAddress: "https://managed-identity-wallets.dev.demo.catena-x.net" +custodianAddress: "https://managed-identity-wallets-new.dev.demo.catena-x.net" sdfactoryAddress: "https://sdfactory.dev.demo.catena-x.net" -clearinghouseAddress: "https://validation.dev.dih-cloud.com" -clearinghouseTokenAddress: "https://iam.dev.dih-cloud.com/realms/notarisation/protocol/openid-connect/token" +clearinghouseAddress: "https://validation.test.dih-cloud.com" +clearinghouseTokenAddress: "https://iam.test.dih-cloud.com/realms/carla/protocol/openid-connect/token" frontend: @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -124,6 +151,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -137,6 +171,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -164,6 +205,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -174,10 +222,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -190,6 +261,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -206,11 +284,18 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: clientId: "" clientSecret: "" clearinghouse: - clientId: "" + clientId: "" clientSecret: "" custodian: clientId: "" @@ -221,7 +306,16 @@ backend: clientSecret: "" offerProvider: clientId: "" - clientSecret: "" + clientSecret: "" + + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi postgresql: fullnameOverride: "portal-backend-rc-postgresql" diff --git a/consortia/environments/values-preprod.yaml b/consortia/environments/values-stable.yaml similarity index 58% rename from consortia/environments/values-preprod.yaml rename to consortia/environments/values-stable.yaml index d420a1ec7..b15d8fe08 100644 --- a/consortia/environments/values-preprod.yaml +++ b/consortia/environments/values-stable.yaml @@ -17,18 +17,18 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -portalAddress: "https://portal.pre-prod.demo.catena-x.net" -portalBackendAddress: "https://portal-backend.pre-prod.demo.catena-x.net" -centralidpAddress: "https://centralidp.pre-prod.demo.catena-x.net" -sharedidpAddress: "https://sharedidp.pre-prod.demo.catena-x.net" -semanticsAddress: "https://semantics.pre-prod.demo.catena-x.net" -dapsAddress: "https://drs.pre-prod.demo.catena-x.net" -bpdmPartnersPoolAddress: "https://partners-pool.pre-prod.demo.catena-x.net" -bpdmPortalGateAddress: "https://portal-gate.pre-prod.demo.catena-x.net" -custodianAddress: "https://managed-identity-wallets.pre-prod.demo.catena-x.net" -sdfactoryAddress: "https://sdfactory.pre-prod.demo.catena-x.net" -clearinghouseAddress: "https://validation.dev.dih-cloud.com" -clearinghouseTokenAddress: "https://iam.dev.dih-cloud.com/realms/notarisation/protocol/openid-connect/token" +portalAddress: "https://portal.stable.demo.catena-x.net" +portalBackendAddress: "https://portal-backend.stable.demo.catena-x.net" +centralidpAddress: "https://centralidp.stable.demo.catena-x.net" +sharedidpAddress: "https://sharedidp.stable.demo.catena-x.net" +semanticsAddress: "https://semantics.stable.demo.catena-x.net" +dapsAddress: "https://drs.stable.demo.catena-x.net" +bpdmPartnersPoolAddress: "https://partners-pool.stable.demo.catena-x.net" +bpdmPortalGateAddress: "https://portal-gate.stable.demo.catena-x.net" +custodianAddress: "https://managed-identity-wallets.stable.demo.catena-x.net" +sdfactoryAddress: "https://sdfactory.stable.demo.catena-x.net" +clearinghouseAddress: "https://validation.test.dih-cloud.com/api/v1/validation" +clearinghouseTokenAddress: "https://iam.test.dih-cloud.com/realms/carla/protocol/openid-connect/token" frontend: @@ -39,13 +39,13 @@ frontend: nginx.ingress.kubernetes.io/rewrite-target: "/$1" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.pre-prod.demo.catena-x.net" + nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.stable.demo.catena-x.net" tls: - secretName: "tls-secret" hosts: - - "portal.pre-prod.demo.catena-x.net" + - "portal.stable.demo.catena-x.net" hosts: - - host: "portal.pre-prod.demo.catena-x.net" + - host: "portal.stable.demo.catena-x.net" paths: - path: "/(.*)" pathType: "Prefix" @@ -63,6 +63,33 @@ frontend: service: "assets" port: 8080 + portal: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + registration: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + assets: + resources: +# limits: +# cpu: 100m +# memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + backend: ingress: enabled: true @@ -71,13 +98,13 @@ backend: nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-body-size: "8m" - nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.pre-prod.demo.catena-x.net" + nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.stable.demo.catena-x.net" tls: - secretName: "tls-secret" hosts: - - "portal-backend.pre-prod.demo.catena-x.net" + - "portal-backend.stable.demo.catena-x.net" hosts: - - host: "portal-backend.pre-prod.demo.catena-x.net" + - host: "portal-backend.stable.demo.catena-x.net" paths: - path: "/api/registration" pathType: "Prefix" @@ -108,12 +135,12 @@ backend: keycloak: central: clientId: "" - clientSecret: "" + clientSecret: "" dbConnection: - password: "" + password: "" shared: clientId: "" - clientSecret: "" + clientSecret: "" mailing: host: "" @@ -124,6 +151,13 @@ backend: registration: logging: registrationServiceBpn: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -137,6 +171,13 @@ backend: logging: businessLogic: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -148,7 +189,7 @@ backend: value: "provisioningdb" daps: clientId: "" - clientSecret: "" + clientSecret: "" swaggerEnabled: true provisioning: @@ -164,6 +205,13 @@ backend: appmarketplace: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -174,10 +222,33 @@ backend: swaggerEnabled: true portalmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi seeding: testDataEnvironments: "consortia" + portalmaintenance: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + notification: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -190,6 +261,13 @@ backend: services: logging: offersLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi healthChecks: startup: tags: @@ -206,29 +284,45 @@ backend: clearinghouseLibrary: "Debug" custodianLibrary: "Debug" sdfactoryLibrary: "Debug" + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi bpdm: - clientId: "" - clientSecret: "" + clientId: "" + clientSecret: "" clearinghouse: - clientId: "" - clientSecret: "" + clientId: "" + clientSecret: "" custodian: - clientId: "" - clientSecret: "" + clientId: "" + clientSecret: "" sdfactory: issuerBpn: "BPNL00000003CRHK" - clientId: "" - clientSecret: "" + clientId: "" + clientSecret: "" offerProvider: clientId: "" - clientSecret: "" + clientSecret: "" + + provisioningmigrations: + resources: +# limits: +# cpu: 250m +# memory: 256Mi + requests: + cpu: 250m + memory: 256Mi postgresql: auth: - password: "" - replicationPassword: "" - portalPassword: "" - provisioningPassword: "" + password: "" + replicationPassword: "" + portalPassword: "" + provisioningPassword: "" primary: extendedConfiguration: | max_connections = 200