Feature/include deployment edc

environments/association/consumer-edc/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: consumer-edc
+description: A Helm chart that allows to easily set up a decentral registry behind an EDC
+type: application
+version: 0.1.0
+appVersion: 0.1.0
+
+dependencies:
+  - name: tractusx-connector
+    condition: enabled
+    repository: https://eclipse-tractusx.github.io/charts/dev
+    version: 0.7.3

environments/association/consumer-edc/argocd_app_deployment.yaml

@@ -0,0 +1,28 @@
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: consumer-edc
+spec:
+  destination:
+    namespace: product-semantics
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: environments/association/consumer-edc
+    repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git'
+    targetRevision: feature/include-deployment-edc
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+  project: project-semantics

environments/association/consumer-edc/values.yaml

@@ -0,0 +1,128 @@
+tractusx-connector:
+  enabled: true
+  install:
+    vault: false
+  imagePullSecrets:
+    - name: machineuser-pull-secret-ro
+  participant:
+    id: <path:semantics/data/consumer-edc#participant-id>
+  iatp:
+    id: <path:semantics/data/consumer-edc#iatp-id>
+    trustedIssuers:
+      - <path:semantics/data/consumer-edc#iatp-trusted-issuers>
+    sts:
+      dim:
+        url: <path:semantics/data/consumer-edc#iatp-sts-dim-url>
+      oauth:
+        token_url: <path:semantics/data/consumer-edc#iatp-sts-oauth-token-url>
+        client:
+          id: <path:semantics/data/consumer-edc#iatp-sts-oauth-client-id>
+          secret_alias: <path:semantics/data/consumer-edc#iatp-sts-oauth-client-secretAlias>
+  dataplane:
+    token:
+      signer:
+        privatekey_alias: <path:semantics/data/consumer-edc#ec-private>
+      verifier:
+        publickey_alias: <path:semantics/data/consumer-edc#ec-public>
+    endpoints:
+      signaling:
+        port: 9054
+        path: /api/dataplane/signaling
+      proxy:
+        port: 9054
+        path: /proxy
+    ingresses:
+      - enabled: true
+        hostname: <path:semantics/data/consumer-edc#dataplane-hostname>
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          nginx.ingress.kubernetes.io/use-regex: "true"
+          nginx.ingress.kubernetes.io/enable-cors: "true"
+          nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+        certManager:
+          clusterIssuer: letsencrypt-prod
+        endpoints:
+          - public
+          - proxy
+        className: nginx
+        tls:
+          enabled: true
+    env:
+      EDC_DPF_CONSUMER_PROXY: 9053
+      EDC_DPF_SELECTOR_URL: <path:semantics/data/consumer-edc#dpf-selector-url>
+  controlplane:
+    endpoints:
+      # -- default api for health checks, should not be added to any ingress
+      default:
+        # -- port for incoming api calls
+        port: 8080
+        # -- path for incoming api calls
+        path: /api
+      # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
+      management:
+        # -- port for incoming api calls
+        port: 8081
+        # -- path for incoming api calls
+        path: /management
+        # -- authentication key, must be attached to each 'X-Api-Key' request header
+        authKey: <path:semantics/data/consumer-edc#api-key>
+      # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
+      control:
+        # -- port for incoming api calls
+        port: 8083
+        # -- path for incoming api calls
+        path: /control
+      # -- ids api, used for inter connector communication and must be internet facing
+      protocol:
+        # -- port for incoming api calls
+        port: 8084
+        # -- path for incoming api calls
+        path: /api/v1/dsp
+      # -- metrics api, used for application metrics, must not be internet facing
+      metrics:
+        # -- port for incoming api calls
+        port: 9090
+        # -- path for incoming api calls
+        path: /metrics
+    bdrs:
+      server:
+        url: <path:semantics/data/consumer-edc#bdrs-server-url>
+    ingresses:
+      - enabled: true
+        hostname: <path:semantics/data/consumer-edc#controlplane-hostname>
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          nginx.ingress.kubernetes.io/use-regex: "true"
+          nginx.ingress.kubernetes.io/enable-cors: "true"
+          nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+        certManager:
+          clusterIssuer: letsencrypt-prod
+        endpoints:
+          - ids
+          - management
+          - protocol
+          - default
+        className: nginx
+        tls:
+          enabled: true
+  vault:
+    fullnameOverride: "vault"
+    hashicorp:
+      url: <path:semantics/data/consumer-edc#vault-hashicorp-url>
+      token: <path:semantics/data/consumer-edc#vault-hashicorp-token>
+      paths:
+        secret:  <path:semantics/data/consumer-edc#vault-hashicorp-secret-path>
+        health: /v1/sys/health
+    secretNames:
+      transferProxyTokenSignerPrivateKey: <path:semantics/data/consumer-edc#ec-private>
+      transferProxyTokenSignerPublicKey: <path:semantics/data/consumer-edc#ec-public>
+      transferProxyTokenEncryptionAesKey: <path:semantics/data/consumer-edc#aes-key>
+
+  postgresql:
+    resources:
+      limits:
+        cpu: 50m
+        memory: 190mi
+      requests:
+        cpu: 50m
+        memory: 120mi

environments/association/provider-dtr/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: provider-edc
+description: A Helm chart that allows to easily set up a decentral registry behind an EDC
+type: application
+version: 0.1.0
+appVersion: 0.1.0
+
+dependencies:
+  - name: digital-twin-registry
+    repository: https://eclipse-tractusx.github.io/sldt-digital-twin-registry
+    version: 0.6.0

environments/association/provider-dtr/argocd_app_deployment.yaml

@@ -0,0 +1,28 @@
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: provider-dtr
+spec:
+  destination:
+    namespace: product-semantics
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: environments/association/provider-dtr
+    repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git'
+    targetRevision: feature/include-deployment-edc
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+  project: project-semantics

environments/association/provider-dtr/values.yaml

@@ -0,0 +1,62 @@
+digital-twin-registry:
+  enableKeycloak: true
+  enablePostgres: true
+  # Keylcloak configuration
+  keycloak:
+    type: NodePort
+    args: [ "kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname-strict=false --proxy=edge" ]
+    auth:
+      adminUser: <path:semantics/data/dtr#keycloak-admin-user>
+      adminPassword: <path:semantics/data/dtr#keycloak-admin-password>
+    extraVolumes:
+      - name: provider-dtr-digital-twin-registry-keycloak-configmap
+        configMap:
+          name: provider-dtr-digital-twin-registry-keycloak-configmap
+    extraVolumeMounts:
+      - mountPath: /opt/keycloak/data/import/default-realm-import.json
+        subPath: default-realm-import.json
+        name: provider-dtr-digital-twin-registry-keycloak-configmap
+    ingress:
+      enabled: true
+      hostname: <path:semantics/data/dtr#keycloak-hostname>
+      path: /
+      tls: true
+      annotations:
+        external-dns.alpha.kubernetes.io/hostname: <path:semantics/data/dtr#keycloak-hostname>
+        nginx.org/location-snippets: |
+          add_header X-Forwarded-Proto https;
+          add_header X-Forwarded-For <path:semantics/data/dtr#keycloak-hostname>;
+  # Postgres configuration
+  postgresql:
+    primary:
+      persistence:
+        enabled: true
+        size: 8Gi
+    service:
+      ports:
+        postgresql: 5432
+    auth:
+      username: <path:semantics/data/dtr#db-user>
+      password: <path:semantics/data/dtr#db-password>
+      database: <path:semantics/data/dtr#db-schema>
+  # DTR  configuration
+  registry:
+    host: <path:semantics/data/dtr#dtr-hostname>
+    authentication: true
+    idpIssuerUri: <path:semantics/data/dtr#idpIssuerUri>
+    idpClientId: <path:semantics/data/dtr#idpClientId>
+    tenantId: <path:semantics/data/dtr#tenantId>
+    useGranularAccessControl: "true"
+    ingress:
+      enabled: true
+      tls: true
+      urlPrefix: /dtr
+      className: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-prod
+        nginx.ingress.kubernetes.io/rewrite-target: /$2
+        nginx.ingress.kubernetes.io/use-regex: "true"
+        nginx.ingress.kubernetes.io/enable-cors: "true"
+        nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+        nginx.ingress.kubernetes.io/x-forwarded-prefix: /dtr
+

environments/association/provider-edc/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: provider-edc
+description: A Helm chart that allows to easily set up a decentral registry behind an EDC
+type: application
+version: 0.1.0
+appVersion: 0.1.0
+
+dependencies:
+  - name: tractusx-connector
+    condition: enabled
+    repository: https://eclipse-tractusx.github.io/charts/dev
+    version: 0.7.3

environments/association/provider-edc/argocd_app_deployment.yaml

@@ -0,0 +1,29 @@
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: provider-edc
+spec:
+  destination:
+    namespace: product-semantics
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: environments/association/provider-edc
+    repoURL: 'https://github.com/eclipse-tractusx/sldt-digital-twin-registry.git'
+    targetRevision: feature/include-deployment-edc
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+  project: project-semantics
+