Feature/params verifier chart (#352)

* Update values (app, resources, autoscaling) * update deployment * set internal port as helper * update verifier chart version to 1.2.4
in2workspace · Feb 25, 2025 · 1b91338 · 1b91338
1 parent 0345043
commit 1b91338
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 104 deletions.
diff --git a/charts/verifier-api/Chart.yaml b/charts/verifier-api/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: verifier-api
 description: A Helm chart for Kubernetes
 type: application
-version: 1.2.3
+version: 1.2.4
 appVersion: "v1.1.0"
 
 sources:

diff --git a/charts/verifier-api/templates/_helpers.tpl b/charts/verifier-api/templates/_helpers.tpl
@@ -78,4 +78,16 @@ Support for private key secret
     {{- else -}}
         {{- printf "privateKey" -}}
     {{- end -}}
-{{- end -}}
+{{- end -}}
+
+{{/*
+Defines internal server port, which should not be modified by user
+If internalServerPort is not set, 8080 will be assigned
+*/}}
+{{- define "verifier-api.internalServerPort" -}}
+    {{- if .Values.internalServerPort -}}
+        {{- .Values.internalServerPort -}}
+    {{- else -}}
+        {{- printf "8080" -}}
+    {{- end -}}
+{{- end -}}
diff --git a/charts/verifier-api/templates/deployment.yaml b/charts/verifier-api/templates/deployment.yaml
@@ -36,80 +36,68 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: {{ .Values.app.internalServerPort }}
+              containerPort: {{ include "verifier-api.internalServerPort" }}
               protocol: TCP
           livenessProbe:
             httpGet:
               path: {{ .Values.livenessProbe.path }}
-              port: {{ .Values.app.internalServerPort }}
+              port: {{ include "verifier-api.internalServerPort" }}
             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
             failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
           readinessProbe:
             httpGet:
               path: {{ .Values.readinessProbe.path }}
-              port: {{ .Values.app.internalServerPort }}
+              port: {{ include "verifier-api.internalServerPort" }}
             initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
             failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
           env:
             - name: SERVER_PORT
-              value: {{ quote .Values.app.internalServerPort}}
+              value: {{ include "verifier-api.internalServerPort" . | quote }}
             - name: SPRING_PROFILES_ACTIVE
               value: {{.Values.app.profile}}
             - name: LOGGING_LEVEL_ES_IN2_VCVERIFIER
-              value: {{.Values.app.logLevel.app}}
+              value: {{.Values.app.logging.level.app}}
             - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY
-              value: {{.Values.app.logLevel.security}}
-            - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY_OAUTH2
-              value: {{.Values.app.logLevel.securityOauth2}}
+              value: {{.Values.app.logging.level.security}}
             - name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB_FILTER
-              value: {{.Values.app.logLevel.webFilter}}
-            - name: SECURITY_AUTHORIZATION_SERVER
-              value: {{ .Values.app.externalDomain }}
-            - name: SECURITY_TOKEN_ACCESS_TOKEN_CRON_UNIT
-              value: {{ .Values.app.accessToken.expirationUnitTime }}
-            - name: SECURITY_TOKEN_ACCESS_TOKEN_EXPIRATION
-              value: {{ quote .Values.app.accessToken.expirationTime}}
-            - name: SECURITY_TOKEN_ID_TOKEN_CRON_UNIT
-              value: {{ .Values.app.idToken.expirationUnitTime }}
-            - name: SECURITY_TOKEN_ID_TOKEN_EXPIRATION
-              value: {{ quote .Values.app.idToken.expirationTime}}
-            - name: TRUST_FRAMEWORK_CLIENTS_REPOSITORY_URI
-              value: {{ .Values.app.clientsRepository.uri}}
-            - name: TRUST_FRAMEWORK_TRUSTED_ISSUER_LIST_URI
-              value: {{ .Values.app.trustedIssuerList.uri}}
-            - name: TRUST_FRAMEWORK_REVOCATION_LIST_URI
-              value: {{ .Values.app.revocationList.uri}}
-            - name: VERIFIER_UI_LOGIN_URIS_ONBOARDING_URI
-              value: {{ .Values.app.verifierUiLoginUris.onboardingUri }}
-            - name: VERIFIER_UI_LOGIN_URIS_SUPPORT_URI
-              value: {{ .Values.app.verifierUiLoginUris.supportUri }}
-            - name: VERIFIER_UI_LOGIN_URIS_WALLET_URI
-              value: {{ .Values.app.verifierUiLoginUris.walletUri }}
-            - name: SECURITY_LOGIN_CODE_EXPIRATION_PROPERTIES_CRON_UNIT
-              value: {{ .Values.app.loginQrCode.expirationUnitTime }}
-            - name: SECURITY_LOGIN_CODE_EXPIRATION_PROPERTIES_EXPIRATION
-              value: {{ quote .Values.app.loginQrCode.expirationTime}}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_COLORS_PRIMARY
-              value: {{ .Values.app.colors.primary | quote }}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_COLORS_PRIMARY_CONTRAST
-              value: {{ .Values.app.colors.primaryContrast | quote }}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_COLORS_SECONDARY
-              value: {{ .Values.app.colors.secondary | quote }}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_COLORS_SECONDARY_CONTRAST
-              value: {{ .Values.app.colors.secondaryContrast | quote }}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_LOGO_SRC
-              value: {{ .Values.app.logoSrc }}
-            - name: VERIFIER_UI_CUSTOMIZATIONS_FAVICON_SRC
-              value: {{ .Values.app.faviconSrc }}
-
-            # PRIVATE KEY
-            - name: CRYPTO_PRIVATE_KEY
+              value: {{.Values.app.logging.level.webFilter}}
+            - name: VERIFIER_FRONTEND_URLS_ONBOARDING
+              value: {{ .Values.app.frontend.urls.onboarding }}
+            - name: VERIFIER_FRONTEND_URLS_SUPPORT
+              value: {{ .Values.app.frontend.urls.support }}
+            - name: VERIFIER_FRONTEND_URLS_WALLET
+              value: {{ .Values.app.frontend.urls.wallet }}
+            - name: VERIFIER_FRONTEND_COLORS_PRIMARY
+              value: {{ .Values.app.frontend.colors.primary | quote }}
+            - name: VERIFIER_FRONTEND_COLORS_PRIMARY_CONTRAST
+              value: {{ .Values.app.frontend.colors.primaryContrast | quote }}
+            - name: VERIFIER_FRONTEND_COLORS_SECONDARY
+              value: {{ .Values.app.frontend.colors.secondary | quote }}
+            - name: VERIFIER_FRONTEND_COLORS_SECONDARY_CONTRAST
+              value: {{ .Values.app.frontend.colors.secondaryContrast | quote }}
+            - name: VERIFIER_FRONTEND_LOGO_SRC
+              value: {{ .Values.app.frontend.logoSrc }}
+            - name: VERIFIER_FRONTEND_FAVICON_SRC
+              value: {{ .Values.app.frontend.faviconSrc }}
+            - name: VERIFIER_BACKEND_URL
+              value: { { .Values.app.backend.url } }
+            - name: VERIFIER_BACKEND_IDENTITY_PRIVATE_KEY
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "verifier-api.privateKey-secretName" . }}
-                  key: {{ include "verifier-api.privateKey-privateKey" . }}
+                  name: { { include "verifier-api.privateKey-secretName" . } }
+                  key: { { include "verifier-api.privateKey-privateKey" . } }
+            - name: VERIFIER_BACKEND_TRUST_FRAMEWORKS
+              value: {{ .Values.app.verifier.backend.trustFrameworks | toJson | quote }}
+
+#            - name: VERIFIER_BACKEND_TRUST_FRAMEWORKS_TRUSTED_ISSUERS_LIST_URL
+#              value: { { .Values.app.backend.trustFrameworks.issuersServicesListUrl } }
+#            - name: VERIFIER_BACKEND_TRUST_FRAMEWORKS_TRUSTED_SERVICES_LIST_URL
+#              value: { { .Values.app.backend.trustFrameworks.trustedServicesListUrl } }
+#            - name: VERIFIER_BACKEND_TRUST_FRAMEWORKS_REVOKED_CREDENTIAL_LIST_URL
+#              value: { { .Values.backend.trustFrameworks.revokedCredentialListUrl } }
+          # todo correct indentation?
           {{- with .Values.volumeMounts }}
           volumeMounts:
             {{- toYaml . | nindent 12 }}

diff --git a/charts/verifier-api/templates/service.yaml b/charts/verifier-api/templates/service.yaml
@@ -9,7 +9,7 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: {{.Values.app.internalServerPort}}
+      targetPort: {{ .Values.app.internalServerPort}}
       protocol: TCP
       name: http
   selector:

diff --git a/charts/verifier-api/values.yaml b/charts/verifier-api/values.yaml
@@ -34,7 +34,7 @@ podSecurityContext: {}
 securityContext: {}
   # capabilities:
   #   drop:
-  #   - ALL
+#   - ALL
 # readOnlyRootFilesystem: true
 # runAsNonRoot: true
 # runAsUser: 1000
@@ -72,22 +72,22 @@ ingress:
       secretName: example-secret
 
 
-resources: {}
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-# requests:
-#   cpu: 100m
-#   memory: 128Mi
+  limits:
+    cpu: 100m
+    memory: 192Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
 
 autoscaling:
   enabled: false
   minReplicas: 1
-  maxReplicas: 100
+  maxReplicas: 5
   targetCPUUtilizationPercentage: 80
   targetMemoryUtilizationPercentage: 80
 
@@ -111,43 +111,53 @@ tolerations: []
 affinity: {}
 
 app:
-  profile: test
-  internalServerPort: 8080
-  logLevel:
-    app: INFO
-    security: INFO
-    securityOauth2: INFO
-    webFilter: INFO
-  accessToken:
-    expirationUnitTime: MINUTES
-    expirationTime: 30
-  colors:
-    primary: "#14274A"
-    primaryContrast: "#ffffff"
-    secondary: "#00ADD3"
-    secondaryContrast: "#000000"
-  logoSrc: "img/dome_logo_white.png"
-  faviconSrc: "img/dome_logo_favicon.png"
-  idToken:
-    expirationUnitTime: MINUTES
-    expirationTime: 5
-  loginQrCode:
-    expirationUnitTime: MINUTES
-    expirationTime: 5
-  externalDomain: "https://example-external-domain.org"
-  clientsRepository:
-    uri: "https://raw.example-external-domain.com/path/to/file/filename.yaml"
-  trustedIssuerList:
-    uri: "https://example-external-domain.org/v4/issuers/"
-  revocationList:
-    uri: "https://raw.example-external-domain.com/path/to/file/filename.yaml"
-  privateKey:
-    value: your-private-key
-    existingSecret:
-      enabled: false
-      name: private-key-secret
-      key: private-key
-  verifierUiLoginUris:
-    onboardingUri: "https://knowledge-base.example.org"
-    supportUri: "https://ticketing.example.org"
-    walletUri: "https://wallet.example.org"
+  # todo
+  logging:
+    level:
+      # Sets logging level for Spring Security
+      org.springframework.security: INFO
+      # Sets logging level for web filters
+      org.springframework.web.filter: INFO
+      # Sets logging level for the custom package "es.in2.vcverifier"
+      es.in2.vcverifier: INFO
+
+  verifier:
+    frontend:
+      urls:
+        # Placeholder for onboarding URL (REQUIRED)
+        onboarding:
+        # Placeholder for support URL (REQUIRED)
+        support:
+        # Placeholder for wallet URL (REQUIRED)
+        wallet:
+      colors:
+        # Defines primary color for the frontend (OPTIONAL with default value)
+        primary: "#14274A"
+        # Defines contrasting text color for primary color (OPTIONAL with default value)
+        primaryContrast: "#ffffff"
+        # Defines secondary color for the frontend (OPTIONAL with default value)
+        secondary: "#00ADD3"
+        # Defines contrasting text color for secondary color (OPTIONAL with default value)
+        secondaryContrast: "#000000"
+      # Placeholder for logo source path (REQUIRED)
+      # This routes must point to internal folder: src/main/resources/static/img/<file_name.png>
+      logoSrc:
+      # Placeholder for favicon source path (OPTIONAL)
+      # This routes must point to internal folder: src/main/resources/static/img/<file_name.png>
+      faviconSrc:
+    backend:
+      # Placeholder for backend URL (REQUIRED)
+      url:
+      identity:
+        # Placeholder for private key used in identity verification (REQUIRED)
+        privateKey:
+      trustFrameworks:
+        # Placeholder for the name of a trust framework (REQUIRED)
+        # todo fill urls?
+        - name: DOME
+          # Placeholder for trusted issuers list URL
+          trustedIssuersListUrl:
+          # Placeholder for trusted services list URL
+          trustedServicesListUrl:
+          # Placeholder for revoked credentials list URL
+          revokedCredentialListUrl: