Commit triggered by a change on the main branch of helm-charts-dev

charts/identity-service/.gitignore

@@ -0,0 +1 @@
+charts/*.tgz

charts/identity-service/Chart.lock

@@ -0,0 +1,18 @@
+dependencies:
+- name: identity-keycloak
+  repository: ""
+  version: 0.15.1
+- name: identity-postgres
+  repository: ""
+  version: 1.0.1
+- name: identity-api
+  repository: ""
+  version: 1.0.1
+- name: identity-gatekeeper
+  repository: https://eoepca.github.io/helm-charts/
+  version: 1.0.1
+- name: identity-api-gatekeeper
+  repository: ""
+  version: 1.0.1
+digest: sha256:f0a58fb28812eb280d76b32f5bcf2bcd20dfae2e0efecb2a3679ffb7ea93d3d5
+generated: "2024-01-08T12:12:38.632640775Z"

charts/identity-service/Chart.yaml

@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: v2
 name: identity-service
 description: A Helm chart to deploy Identity Service based on Keycloak
 maintainers:
@@ -16,9 +16,27 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.80
+version: 1.0.82
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "v1"
+appVersion: "v1"
+
+dependencies:
+  - name: identity-keycloak
+    condition: identity-keycloak.enabled
+    version: 0.15.1
+  - name: identity-postgres
+    condition: identity-postgres.enabled
+    version: 1.0.1
+  - name: identity-api
+    condition: identity-api.enabled
+    version: 1.0.1
+  - name: identity-gatekeeper
+    condition: identity-gatekeeper.enabled
+    version: 1.0.1
+    repository: "https://eoepca.github.io/helm-charts/"
+  - name: identity-api-gatekeeper
+    condition: identity-api-gatekeeper.enabled
+    version: 1.0.1

charts/identity-service/charts/identity-api-gatekeeper/Chart.yaml

@@ -1,5 +1,24 @@
 apiVersion: v2
 name: identity-api-gatekeeper
-description: A helm chart for a Gatekeeper to protect identity-api
-version: 1.0.0
+description: Policy enforcement integration with Keycloak for identity-api
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
 appVersion: "2.8.0"

charts/identity-service/charts/identity-api-gatekeeper/templates/secret.yaml

@@ -0,0 +1,13 @@
+{{- if and (.Values.secrets.clientSecret) (.Values.secrets.encryptionKey) -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ include "identity-api-gatekeeper.name" . }}
+  labels:
+    {{- include "identity-api-gatekeeper.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+data:
+  PROXY_CLIENT_SECRET: "{{ .Values.secrets.clientSecret }}"
+  PROXY_ENCRYPTION_KEY: "{{ .Values.secrets.encryptionKey }}"
+{{- end }}

charts/identity-service/charts/identity-api-gatekeeper/values.yaml

@@ -85,14 +85,14 @@ ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
   hosts:
-    - host: identity.api-gatekeeper.demo.eoepca.org
+    - host: identity.api-gatekeeper.myplatform.eoepca.org
       paths:
         - path: /
           pathType: Prefix
   tls:
     - secretName: identity-api-gatekeeper-tls-certificate
       hosts:
-        - identity.gatekeeper.demo.eoepca.org
+        - identity.gatekeeper.myplatform.eoepca.org
 autoscaling:
   enabled: false
   minReplicas: 1
@@ -111,22 +111,24 @@ metrics:
     annotations: {}
     interval:
 config:
-    client-id: identity-api
-    discovery-url: https://identity.keycloak.demo.eoepca.org/realms/master
-    no-redirects: true
-    no-proxy: true
-    enable-uma: true
-    cookie-domain: demo.eoepca.org
-    cookie-access-name: auth_user_id
-    cookie-refresh-name: auth_refresh_token
-    enable-metrics: true
-    enable-logging: true
-    enable-request-id: true
-    enable-login-handler: true
-    enable-refresh-tokens: true
-    enable-logout-redirect: true
-    listen: :3000
-    listen-admin: :4000
+  client-id: identity-api
+  discovery-url: https://identity.keycloak.myplatform.eoepca.org/realms/master
+  no-redirects: true
+  no-proxy: true
+  enable-uma: true
+  #enable-default-deny: true
+  cookie-domain: myplatform.eoepca.org
+  cookie-access-name: auth_user_id
+  cookie-refresh-name: auth_refresh_token
+  #secure-cookie: true
+  enable-metrics: true
+  enable-logging: true
+  enable-request-id: true
+  enable-login-handler: true
+  enable-refresh-tokens: true
+  enable-logout-redirect: true
+  listen: :3000
+  listen-admin: :4000
 secrets:
-    clientSecret: AgClDBQe7hqRlUZaKSaokWJ81tPyAzSUatTk34IvB3KJY032sip8KxY/s6c43clc/63vRWBcOC5WcbRKSxflYPU+nTzY88B0drdMENQaeWg2j57fmda1RUyOGMgADNtSadIkZoBjEfcppOQNTDmmctgVxlhYEnTMZ8XznqFWNUqZi36yNXabf5WVlZAHe0NuP87iQMuff/VZmNcRT0W3p/eKlrMAweJT3JvLocTO7b8PzKnvEe3VMBoWA1r4s9GqOWeCItf6rwIhtvYxUjYjGEuxhgDzHD55Y9icRwJLirh759Q9Ggej3gvM1FbCliOgkWSS7xos4cTWvMsvRUsMBOpxZLCwuYfcifTZ7gHAksGhk6PhRnGcHSvHN5fVmEoD62W97AITu53X8FlnlRuY8a/f/+FoXW+auYMIplLK8ej7ugrXkTEaZaX1guA4OoePH6rmwjTS0gyViE2mN8mOCLvoUA4xTyGdxy8eYwJVO6vQBttkW91qgukrdWAaqW/PFtHBK9R+1hsm0jkAwXzv60797Gf9Hw+GZU6EWPsGj5MuljDicL6b2beKDg+28qzpTb+9W8+h7rszfki9gFFUxrJeVxwLDtSbBpW6E0PBs8LSsm7QEs90lPVfA9xuHpql4VinX7Yo/VX4Y6uDXKcjwRPpQlVTS0OrnIRkkLE0RjnSk6objJMFJsjVJ4hYyqE3bEd+n8yIvkcufKzfOLd18QdPUiM01/p/IIrTQbVesCKzxw==
-    encryptionKey: AgBrCIjYsQpgr8xfaWPXbkaLvnAR03fWz1BY3vYvTBOxIkHBs8y8thEBjGPJ2whZOmFK3r8ePtuj9l+qGW66JRliZiTWMGiSEZH4SvPE1OKbiqja8DvhS84BbL8K4mLhthBfP/BtMhKSiPC/5ojiWKQLKAf5e8PnP2POR33FftvB9RIautKqt8xlAbXrL7IjnzD1dIclSQpVtTKpGLW8lIZO0YLUTTer53EMnkt7kRnmyHPjuuZIkUVkWcjppkYxPAkkG0DaU522JUAVzyyonJ+dydw5tFYarjFvYHkbXUnBYJZe7dQCxi1HW8CU12ITeSGt3bKkazbLrcOW2VPwfmnnY/QVvKrVTHaz8h2OcsJpr226KI9M1yCN2Bg2Fp/krFTXVcu49rdVI9yc/KcVgh6dzXoO8EeBuZkmVLtXIIrfG1KTvyQ7xKb5np+TJMNUA4+N4Ot5+L49xNGRJYYzBHnd63m8/J+lF89ghmCla72EdZERDi0vec36+8Sj/Xm8YmfEI4+bBMuyvJEMnqeKb9cTguLNB7l4p7YSvjJ5auZpg1cWOZ1dKA5TufJ56bjNJx9YdrAZ8gxBkkuNfkKTXqLP3utbl4pLbxyCbGbv/5d7lF4JAIP8iZBH7Rgkfar1b8PZXQuH44ZW3r8l9qJ1DzU/vBxf9VA3e5WVd3uFLcm+9809C22ElEAA8ZkXuNSJ24Hpa0ez1jCesDsnmqXLX7uXZ0Hlxn/n70cjCmCZ22Ncfw==
+  clientSecret: ""
+  encryptionKey: ""

charts/identity-service/charts/identity-api/Chart.yaml

@@ -1,5 +1,24 @@
 apiVersion: v2
 name: identity-api
 description: A helm chart for Identity API
-version: 1.0.0
-appVersion: "v1.0.17"
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v1.0.17"

charts/identity-service/charts/identity-api/templates/sealedsecret.yaml → charts/identity-service/charts/identity-api/templates/secret.yaml

@@ -1,10 +1,12 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
+{{- if .Values.secrets.adminPassword -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
 metadata:
   name: {{ include "identity-api.name" . }}
   labels:
     {{- include "identity-api.labels" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
-spec:
-  encryptedData:
-    ADMIN_PASSWORD: "{{ .Values.secrets.adminPassword }}"
+data:
+  ADMIN_PASSWORD: "{{ .Values.secrets.adminPassword }}"
+{{- end }}

charts/identity-service/charts/identity-api/values.yaml

@@ -120,14 +120,14 @@ ingress:
         proxy_buffer_size 32k;
       }
   hosts:
-    - host: identity.api.demo.eoepca.org
+    - host: identity.api.myplatform.eoepca.org
       paths:
         - path: /
           pathType: Prefix
   tls:
     - secretName: identity-api-tls-certificate
       hosts:
-        - identity.api.demo.eoepca.org
+        - identity.api.myplatform.eoepca.org
 # ---------------------------------------
 # Variable group used in ingress template
 # ---------------------------------------
@@ -145,6 +145,7 @@ serviceAccount:
   name: ""
 
 configMap:
-  authServerUrl: https://identity.keycloak.demo.eoepca.org
+  authServerUrl: https://identity.keycloak.myplatform.eoepca.org
+
 secrets:
-  adminPassword: AgARMLjWkexBIMQ5SX8TX0odCeJS1aBLxhWnv/ceEbtbWFMZu4IQuoXFXK0aFitpRR6otmEPISuxJIEP2cQmC22WeDyvEA+GBvEDvgTtqlvxVwNmToeSNQcHTtbrFmJH8GB8m85YnmeZZKGYtMnzMO2DYVh4lD0xS8HNkOaFxAcZmTTRXOvC4RqaKdjGHyDid2tzXWsf4oXn69v/ihjpKEhpFqKW3u36uChd0kG/efloC70eNaiYE3JTAdv6tItyuDDbdU1uQxKgg1gNLc2E/mixXViSxhRSbLOex+kJY/Nkjl+Zo55C+MJw5SrAdkr9hripctwirToxthuGegMMQj5unQrk+DDxbolW8+izYaKJ2U9aJtJh8lasEEdz/VZfBcVVMPMJf2te6oWGV7jYpEkN4P/ObR7XlpyPI/zOQoil4XFc7qGLzJpkN9ccA6LmuE5mjc1+ZirAwjaQNd+4QTnBWBFG02575pwECM7YYaONFH5+PQl7q/jubCxPYlUA9ftOhoKNHZMQsvK7lesJIsDLPQGX9ma717jqy3gQGa3KvV3QfbVHG8O1REtGKdwbubFOu4mTWzzksiJS8Gd7jn1Rl9sz7AzGb2u6JmxU+idkRDU+sI1XVrp+vF9ERvtpWx0BMWeZyijO3BGkNHEG1lkqIRAQTbGgzg4eTdAsoFSWYrOI4Dc4wx7QUJSSi6c+DZGayCWJN6ewopypJOa5Ib0=
+  adminPassword: ""