diff --git a/AUTHORS.md b/AUTHORS.md new file mode 100644 index 0000000..9811a2a --- /dev/null +++ b/AUTHORS.md @@ -0,0 +1,6 @@ +### The following people have contributed to this repository + +Aditya Kumar, doubleSlash Net-Business GmbH, https://github.com/adkumar1
+Dmitrii Vasiunin, doubleSlash Net-Business GmbH, https://github.com/dvasunin
+Amol Dashwant, doubleSlash Net-Business GmbH, https://github.com/amoldashwant
+Fedor Nazarov, doubleSlash Net-Business GmbH, https://github.com/Wulghash
\ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 15df492..097eaa4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,29 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] +## [1.7.3] - 2023-02-27 + +### Added + - Added AUTHORS.md, INSTALL.md file + - Added comments in values.yaml + - Created README.md inside charts/daps-server + - Added sources to Chart.yaml file + + ### Changed -- Moved helm charts from `deployment/helm` to `charts` + - Changed content of NOTICE.md, SECURITY.md + - Modified .helmignore file + - Modified secret.yaml + + ### Removed + - DEPENDENCIES file not required + -## [0.1.1] - 2022-09-09 +## [1.7.2] - 2022-09-09 + +### Added Added sematic versioning, tags & helm releases + +### Changed +- Moved helm charts from `deployment/helm` to `charts` \ No newline at end of file diff --git a/DEPENDENCIES b/DEPENDENCIES deleted file mode 100644 index 64b762f..0000000 --- a/DEPENDENCIES +++ /dev/null @@ -1,5 +0,0 @@ -DAPS Image -DAPS version -Kubernetes -Helm -ArgoCD diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..b29088d --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,30 @@ +## Installation Steps + +Helm charts are provided inside https://github.com/eclipse-tractusx/daps-helm-chart + +1.) Using helm commands:-
+ +How to install application using helm:- + helm install ReleaseName ChartName + + a.) Add helm repository in tractusx:- + helm repo add daps-server https://eclipse-tractusx.github.io/charts/dev + b.) To search the specific repo in helm repositories + helm search repo tractusx-dev + c.) To install using helm command:- + helm install daps-server tractusx-dev/daps-server + + +2.) Local installation: + + a.) git clone https://github.com/eclipse-tractusx/daps-helm-chart.git
+ b.) Modify values file according to your requirement.
+ c.) Add the image.repository in the values file + c.) You need to define the secrets as well in values.yaml
+ secret:
+ clientId: -> Client id for DAPS. + clientSecret: -> Client Secret for DAPS
+ + d.) These secrets should be defined in Hashicorp vault.
+ e.) Deploy in a kubernetes cluster
+ helm install daps-server charts/daps-server/ -n NameSpace
\ No newline at end of file diff --git a/NOTICE.md b/NOTICE.md index 03913c3..81090d5 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -1,11 +1,15 @@ -# Notices +# Notices for Eclipse Tractus-X -This content is part of [CatenaX](https://catena-x.net). +This content is produced and maintained by the Eclipse Tractus-X project. -* Project home: https://github.com/catenax-ng +* Project home: https://projects.eclipse.org/projects/automotive.tractusx See the AUTHORS file(s) distributed with this work for additional information regarding authorship. +## Trademarks + +Eclipse Tractus-X is a trademark of the Eclipse Foundation. + ## Copyright All content is the property of the respective authors or their employers. For @@ -22,10 +26,11 @@ SPDX-License-Identifier: Apache-2.0 ## Source Code -The project maintains the following source code repositories -in the GitHub organization https://github.com/catenax-ng: +The project maintains the following source code repositories +in the GitHub organization https://github.com/eclipse-tractusx: -* https://github.com/catenax-ng/product-DAPS +* https://github.com/eclipse-tractusx/ +* https://github.com/eclipse-tractusx/ ## Third-party Content @@ -41,4 +46,4 @@ may have restrictions on the import, possession, and use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check the country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is -permitted. +permitted. \ No newline at end of file diff --git a/README.md b/README.md index 292b18e..5662d90 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,13 @@ A User Selfservice API Plugin Standard Compliance (see below) IMPORTANT: DAPS is meant to be a research sandbox in which we can (re)implement standard protocols and potentially extend and modify functionality under the hood to support research projects. Use at your own risk! At a minimum, take a look at the documentation for production setups. + +### Software Version +```shell +Helm version is v1.7.3 +Application version is v1.7.1 +``` + ## Directory structure of an DAPS server By default, daps uses the following directory structure for configurations and keys:
@@ -147,19 +154,7 @@ You may retrieve the server configuration under # Installation Steps -Helm charts are provided inside [https://github.com/catenax-ng/product-DAPS/charts/](https://github.com/catenax-ng/product-DAPS/tree/main/charts) - -1. Using helm commands: - - 1. git clone https://github.com/eclipse-tractusx/daps-helm-chart.git - 1. Add the daps image and version in values.yaml - 1. Deploy in a kubernetes cluster - ```helm install dapsName charts/daps-server/ -n namespace``` +https://github.com/eclipse-tractusx/daps-helm-chart/blob/main/INSTALL.md -1. Using ArgoCD: -To see how to deploy an application on 'Hotel Budapest': -[How to deploy](https://catenax-ng.github.io/docs/guides/how-to-deploy-an-application) ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/SECURITY.md b/SECURITY.md index ebfd8b3..7d8fced 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,63 +1,6 @@ # Security Policy - - - - -## Reporting a bug in Catena-X - - - - -Report security bugs in Catena-X to "dl_CoP_IT_Security@catena-x.net". - -Your report will be acknowledged within 5 days, and you’ll receive a more detailed response to your report within 10 days indicating the next steps in handling your submission. - -After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement, and may ask for additional information or guidance surrounding the reported issue. - -Please do not report security bugs through public GitHub issues. - - - - -Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - -- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) - -- Full paths of source file(s) related to the manifestation of the issue - -- The location of the affected source code (tag/branch/commit or direct URL) - -- Any special configuration required to reproduce the issue - -- Step-by-step instructions to reproduce the issue - -- Proof-of-concept or exploit code (if possible) - -- Impact of the issue, including how an attacker might exploit the issue - -This information will help us triage your report more quickly. - - - - -## Reporting a bug in a third party module - -Security bugs in third party modules should be reported to their respective maintainers. - - - - -## Disclosure policy - -Here is the security disclosure policy for Catena-X. - -- The security report is received and is assigned a primary handler. - -- This person will coordinate the fix and release process. - -- Fixes are prepared for all releases which are still under maintenance. - -- A suggested embargo date for this vulnerability is chosen. Typically the embargo date will be set to 72 hours. However, this may vary depending on the severity of the bug or difficulty in applying a fix. - -This process can take some time, especially when coordination is required with maintainers of other projects. -Every effort will be made to handle the bug in as timely a manner as possible; however, it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner. + +## Reporting a Vulnerability + +Please report a found vulnerability here: +[https://www.eclipse.org/security/](https://www.eclipse.org/security/) \ No newline at end of file diff --git a/charts/.helmignore b/charts/.helmignore new file mode 100644 index 0000000..e0b66e2 --- /dev/null +++ b/charts/.helmignore @@ -0,0 +1,9 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +values?*.yaml +values?*.yml \ No newline at end of file diff --git a/charts/daps-server/Chart.yaml b/charts/daps-server/Chart.yaml index 22d4515..81afd9b 100644 --- a/charts/daps-server/Chart.yaml +++ b/charts/daps-server/Chart.yaml @@ -12,10 +12,13 @@ description: DAPS server helm-chart # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application +sources: + - https://github.com/eclipse-tractusx/daps-helm-chart + # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.7.2 +version: 1.7.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/daps-server/README.md b/charts/daps-server/README.md index d335235..456fec3 100644 --- a/charts/daps-server/README.md +++ b/charts/daps-server/README.md @@ -1,50 +1,56 @@ # daps-server -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square) DAPS server helm-chart +## Source Code + +* + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Pod affinity configuration | -| autoscaling | object | `{"enabled":false, "maxReplicas":100, "minReplicas":1, "targetCPUUtilizationPercentage":80}` | DAPS autoscaling configuration | +| autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetMemoryUtilizationPercentage":60}` | DAPS autoscaling configuration | +| daps.secret.clientId | string | `""` | | +| daps.secret.clientSecret | string | `""` | | | env.config | object | `{}` | Additional env variables | | env.secret | object | `{}` | Additional env variables that should be stored in encrypted way | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"nginx"` | DAPS docker image | +| image.repository | string | `nil` | DAPS docker image | | image.tag | string | `""` | Image tag. Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Secret which contains dockerconfig.json from private container registry with daps image | | ingress.annotations | object | `{}` | Additional ingress annotations | | ingress.enabled | bool | `false` | If set to `true`, DAPS will be exposed with ingress controller at http(s)://(ingress.host)/(ingress.pathPrefix) | -| ingress.host | string | `"chart-example.local"` | | +| ingress.host | string | `"daps-beta.int.demo.catena-x.net"` | Ingress host name | | ingress.pathPrefix | string | `"/"` | Path prefix to be added to DAPS URI. Regex can be used | | ingress.rootPath | string | `"/"` | Root prefix without regex rules that used to configure daps host name in configuration | | ingress.tls.certMgr.enabled | bool | `false` | If `true` cert-manager will be used to issue a certificate with ingress.host CN name | -| ingress.tls.certMgr.issuer | string | `""` | Cert-manager issuer name | +| ingress.tls.certMgr.issuer | string | `"letsencrypt-prod"` | Cert-manager issuer name | | ingress.tls.enabled | bool | `false` | If `true` daps will be exposed with https | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | Node selection configuration | -| omejdn.createDefaultAdmin | bool | `false` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section | +| omejdn.createDefaultAdmin | bool | `true` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section | | omejdn.defaultAdminUser | string | `"admin:admin"` | Default user credentials in format `user:password` | | omejdn.serverKey | string | `""` | Server key content. DAPS will generate key if it's not provided at startup | -| omejdn.serverKeyFolderPath | string | `"/opt/server-key"` | Path to directory with private server key | +| omejdn.serverKeyFolderPath | string | `"/opt"` | Path to directory with private server key | | persistence.enabled | bool | `true` | If `true` persistent volume will be used to store clients and users configuration | | persistence.storageClass | string | `"azurefile"` | Storage class to claim a volume. | | persistence.storageSize | string | `"1Gi"` | Volume size | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | Pod security context configuration | | replicaCount | int | `1` | DAPS instances count | -| resources | object | `{}` | Pod resources requests and limits configuration | -| securityContext | object | `{}` | Pod security context configuration | +| resources | object | `{"limits":{"cpu":"200m","memory":"300Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | Pod resources requests and limits configuration | +| securityContext | string | `nil` | Pod security context configuration | | service.port | int | `4567` | Service port | | service.type | string | `"ClusterIP"` | Service type | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. -- If not set and create is true, a name is generated using the fullname template | +| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Pod toleration settings | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/daps-server/templates/_helpers.tpl b/charts/daps-server/templates/_helpers.tpl index bcc2a4c..eccc2b4 100644 --- a/charts/daps-server/templates/_helpers.tpl +++ b/charts/daps-server/templates/_helpers.tpl @@ -50,6 +50,13 @@ app.kubernetes.io/name: {{ include "daps-server.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create name of application secret +*/}} +{{- define "daps-server.applicationSecret.name" -}} +{{- printf "%s-application" (include "daps-server.fullname" .) }} +{{- end }} + {{/* Create the name of the service account to use */}} diff --git a/charts/daps-server/templates/secret.yml b/charts/daps-server/templates/secret.yml index 4a9a8eb..ea2490a 100644 --- a/charts/daps-server/templates/secret.yml +++ b/charts/daps-server/templates/secret.yml @@ -1,19 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: avp-daps-secret + name: {{ include "daps-server.applicationSecret.name" . }} type: Opaque stringData: - ClientID: {{ .Values.daps.secret.clientId }} - ClientSecret: {{ .Values.daps.secret.clientSecret }} -#apiVersion: v1 -#kind: Secret -#metadata: -# name: avp-daps-secret -# annotations: -# avp.kubernetes.io/path: "essential-services/data/daps-beta" -#type: Opaque -#stringData: -# ClientID: -# ClientSecret: - + ClientID: {{ .Values.daps.secret.clientId | default (randAlphaNum 16) }} + ClientSecret: {{ .Values.daps.secret.clientSecret | default (randAlphaNum 16) }} diff --git a/charts/daps-server/values-bt.yaml b/charts/daps-server/values-dev.yaml similarity index 81% rename from charts/daps-server/values-bt.yaml rename to charts/daps-server/values-dev.yaml index 90c6560..fb65a0f 100644 --- a/charts/daps-server/values-bt.yaml +++ b/charts/daps-server/values-dev.yaml @@ -6,7 +6,7 @@ ingress: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # -- Ingress host name - host: daps-n.int.demo.catena-x.net + host: daps.dev.demo.catena-x.net # -- Path prefix to be added to DAPS URI. Regex can be used pathPrefix: "/" # -- Root prefix without regex rules that used to configure daps host name in configuration @@ -23,5 +23,5 @@ ingress: daps: secret: - clientId: "" - clientSecret: "" + clientId: "" + clientSecret: "" diff --git a/charts/daps-server/values-int.yaml b/charts/daps-server/values-int.yaml index ec58f7a..bae55fe 100644 --- a/charts/daps-server/values-int.yaml +++ b/charts/daps-server/values-int.yaml @@ -21,6 +21,12 @@ ingress: # -- Cert-manager issuer name issuer: "letsencrypt-prod" +daps: + secret: + clientId: "" + clientSecret: "" + + resources: limits: cpu: 400m diff --git a/charts/daps-server/values.yaml b/charts/daps-server/values.yaml index 4c65308..7c6715c 100644 --- a/charts/daps-server/values.yaml +++ b/charts/daps-server/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: # -- DAPS docker image - repository: + repository: "" # -- Image pull policy pullPolicy: IfNotPresent # -- Image tag. Overrides the image tag whose default is the chart appVersion.