diff --git a/charts/vc-authn-oidc/Chart.yaml b/charts/vc-authn-oidc/Chart.yaml index a7f619a2..e97884e3 100644 --- a/charts/vc-authn-oidc/Chart.yaml +++ b/charts/vc-authn-oidc/Chart.yaml @@ -6,25 +6,25 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.0.0" +appVersion: "2.0.1-rc0" -# Charts the vc-authn-oidc service depends on +# Charts the vc-authn-oidc service depends on dependencies: -- name: mongodb - version: "13.13.1" - repository: "https://charts.bitnami.com/bitnami" -- name: postgresql - version: 11.9.13 - repository: https://charts.bitnami.com/bitnami/ - condition: postgresql.enabled -- name: common - repository: "https://charts.bitnami.com/bitnami" - tags: - - bitnami-common - version: 2.x.x + - name: mongodb + version: "13.13.1" + repository: "https://charts.bitnami.com/bitnami" + - name: postgresql + version: 11.9.13 + repository: https://charts.bitnami.com/bitnami/ + condition: postgresql.enabled + - name: common + repository: "https://charts.bitnami.com/bitnami" + tags: + - bitnami-common + version: 2.x.x diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md index 4e8431d3..32b12054 100644 --- a/charts/vc-authn-oidc/README.md +++ b/charts/vc-authn-oidc/README.md @@ -1,6 +1,6 @@ # VC-AuthN OIDC -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1-rc0](https://img.shields.io/badge/AppVersion-2.0.1-rc0-informational?style=flat-square) A Helm chart to deploy Verifiable Credential Identity Provider for OpenID Connect. @@ -39,14 +39,13 @@ The command deploys vc-authn-oidc with AcaPY agent, along with the MongoDB and P If necessary, vc-authn-oidc can be installed without AcaPY agent. This is accomplished by setting `acapy.enabled` to `false` and providing the necessary values to configure vc-authn-oidc to connect to an external AcaPy instance. - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- | -| `acapy.enabled` | Set to `false` to not deploy included AcaPy instance | `false` | -| `acapy.agentUrl` | Provide URL of the AcaPy agent instance || -| `acapy.adminUrl` | Provide URL of the AcaPy agent admin interface || -| `acapy.argfile.yml.wallet-name` | Provide the name of the wallet (`wallet-id`) || -| `acapy.existingSecret` | Provide the name of an existing secret containing the values for `adminApiKey` (otherwise set using `acapy.adminApiKey`), and `walletKey` || +| Name | Description | Value | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `acapy.enabled` | Set to `false` to not deploy included AcaPy instance | `false` | +| `acapy.agentUrl` | Provide URL of the AcaPy agent instance | | +| `acapy.adminUrl` | Provide URL of the AcaPy agent admin interface | | +| `acapy.argfile.yml.wallet-name` | Provide the name of the wallet (`wallet-id`) | | +| `acapy.existingSecret` | Provide the name of an existing secret containing the values for `adminApiKey` (otherwise set using `acapy.adminApiKey`), and `walletKey` | | To obtain the `controllerApiKey` to be used with the external AcaPy instance, run the following command: @@ -56,7 +55,6 @@ export WEBHOOK_API_KEY=$(kubectl get secret --namespace my-namespace my-release- echo $WEBHOOK_API_KEY ``` - ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: @@ -86,7 +84,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `image.repository` | | `ghcr.io/bcgov/vc-authn-oidc` | | `image.pullPolicy` | | `IfNotPresent` | | `image.pullSecrets` | | `[]` | -| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.0.0-alpha2` | +| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.0.1-rc0-alpha2` | | `ingressSuffix` | Domain suffix to be used for default hostpaths in ingress | `.apps.silver.devops.gov.bc.ca` | ### Controller Configuration @@ -94,7 +92,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | Name | Description | Value | | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------- | | `acapyTenancyMode` | Agent tenancy mode, either `single` or `multi` | `single` | -| `setNonRevoked` | if True, the `non_revoked` attributed will be added to each of the present-proof request `requested_attribute` and `requested_predicate` with 'from=0' and'to=`int(time.time())` | `true` | +| `setNonRevoked` | if True, the `non_revoked` attributed will be added to each of the present-proof request `requested_attribute` and `requested_predicate` with 'from=0' and'to=`int(time.time())` | `true` | | `useOobPresentProof` | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator) | `false` | | `useOobLocalDIDService` | | `false` | | `controllerCameraRedirectUrl` | The redirect url can be a web link or the name of a template | `wallet_howto` | @@ -121,7 +119,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `resources.requests.memory` | The requested memory for the controller containers | `128Mi` | | `resources.requests.cpu` | The requested cpu for the controller containers | `10m` | | `replicaCount` | Number of controller replicas to deploy | `1` | -| `autoscaling.enabled` | Enable Horizontal POD autoscaling forthe controller | `true` | +| `autoscaling.enabled` | Enable Horizontal POD autoscaling forthe controller | `true` | | `autoscaling.minReplicas` | Minimum number of controller replicas | `1` | | `autoscaling.maxReplicas` | Maximum number of controller replicas | `2` | | `autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage | `80` | @@ -140,7 +138,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | Name | Description | Value | | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------- | | `acapy.enabled` | Deploy AcaPy agent instance | `true` | -| `acapy.agentUrl` | Agent host, required if `enabled`` is `false`, otherwise ignored | `""` | +| `acapy.agentUrl` | Agent host, required if ` enabled`` is `false`, otherwise ignored | `""` | | `acapy.adminUrl` | Agent admin host, required if `enabled` is `false`, otherwise ignored | `""` | | `acapy.existingSecret` | Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. | `""` | | `acapy.agentSeed` | | `""` | @@ -185,7 +183,7 @@ Note: Secure values of the configuration are passed via equivalent environment v | `acapy.argfile.yml.public-invites` | Send invitations out using the public DID for the agent, and receive connection requests solicited by invitations which use the public DID. Default: false. | `true` | | `acapy.argfile.yml.read-only-ledger` | Sets ledger to read-only to prevent updates. Default: false. | `true` | | `acapy.argfile.yml.wallet-name` | Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets. | `askar-wallet` | -| `acapy.argfile.yml.wallet-storage-type` | Specifies the type of Indy wallet backend to use. Supported internal storage types are 'basic' (memory), 'default' (sqlite), and 'postgres_storage'. The default, if not specified, is 'default'. | `postgres_storage` | +| `acapy.argfile.yml.wallet-storage-type` | Specifies the type of Indy wallet backend to use. Supported internal storage types are 'basic' (memory), 'default' (sqlite), and 'postgres_storage'. The default, if not specified, is 'default'. | `postgres_storage` | | `acapy.argfile.yml.wallet-type` | Specifies the type of Indy wallet provider to use. Supported internal storage types are 'basic' (memory) and 'indy'. The default (if not specified) is 'basic'. | `askar` | | `acapy.argfile.yml.webhook-url` | Send webhooks containing internal state changes to the specified URL. Optional API key to be passed in the request body can be appended using a hash separator [#]. This is useful for a controller to monitor agent events and respond to those events using the admin API. If not specified, webhooks are not published by the agent. | `{{ include "vc-authn-oidc.host" . }}` | | `acapy.ledgers.yml` | | `{}` | @@ -201,14 +199,14 @@ Note: Secure values of the configuration are passed via equivalent environment v ### Wallet Storage Credentials -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` | -| `acapy.walletStorageCredentials.account` | Database account name. | `""` | -| `acapy.walletStorageCredentials.password` | Database password. | `""` | -| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` | -| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` | -| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` | +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | +| `acapy.walletStorageCredentials.json` | Raw json with database credentials. Overrides all other values including postgres subchart values. e.g.: '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' | `""` | +| `acapy.walletStorageCredentials.account` | Database account name. | `""` | +| `acapy.walletStorageCredentials.password` | Database password. | `""` | +| `acapy.walletStorageCredentials.admin_account` | Database account with CREATEDB role used to create additional databases per wallet. | `postgres` | +| `acapy.walletStorageCredentials.admin_password` | Database password for admin account. | `""` | +| `acapy.walletStorageCredentials.existingSecret` | Name of an existing secret containing 'database-user', 'database-password', 'admin-password' keys. | `""` | ### Acapy tails persistence configuration @@ -224,19 +222,19 @@ Note: Secure values of the configuration are passed via equivalent environment v | Name | Description | Value | | --------------------------------- | --------------------------------------------- | ----------- | -| `acapy.resources.limits.memory` | The memory limit for the Acapy containers | `1000Mi` | -| `acapy.resources.limits.cpu` | The cpu limit for the Acapy containers | `1` | -| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `384Mi` | -| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `250m` | -| `acapy.podAnnotations` | Map of annotations to add to the acapy pods | `{}` | -| `acapy.podSecurityContext` | Pod Security Context | `{}` | -| `acapy.containerSecurityContext` | Container Security Context | `{}` | -| `acapy.service.type` | Kubernetes Service type | `ClusterIP` | -| `acapy.service.adminPort` | Port to expose for admin service | `8031` | -| `acapy.service.httpPort` | Port to expose for http service | `8030` | -| `acapy.affinity` | Affinity for acapy pods assignment | `{}` | -| `acapy.nodeSelector` | Node labels for acapy pods assignment | `{}` | -| `acapy.tolerations` | Tolerations for acapy pods assignment | `[]` | +| `acapy.resources.limits.memory` | The memory limit for the Acapy containers | `1000Mi` | +| `acapy.resources.limits.cpu` | The cpu limit for the Acapy containers | `1` | +| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `384Mi` | +| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `250m` | +| `acapy.podAnnotations` | Map of annotations to add to the acapy pods | `{}` | +| `acapy.podSecurityContext` | Pod Security Context | `{}` | +| `acapy.containerSecurityContext` | Container Security Context | `{}` | +| `acapy.service.type` | Kubernetes Service type | `ClusterIP` | +| `acapy.service.adminPort` | Port to expose for admin service | `8031` | +| `acapy.service.httpPort` | Port to expose for http service | `8030` | +| `acapy.affinity` | Affinity for acapy pods assignment | `{}` | +| `acapy.nodeSelector` | Node labels for acapy pods assignment | `{}` | +| `acapy.tolerations` | Tolerations for acapy pods assignment | `[]` | ### Acapy NetworkPolicy parameters @@ -308,9 +306,10 @@ Note: Secure values of the configuration are passed via equivalent environment v | `postgresql.primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `1300Mi` | | `postgresql.primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `300m` | | `postgresql.primary.service.ports.postgresql` | PostgreSQL service port | `5432` | -| `postgresql.primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `max_connections = 500 -` | +| `postgresql.primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `max_connections = 500 | +| ` | | `postgresql-ha.enabled` | Deploy HA PostgreSQL chart. Not currently supported, provided for future use. | `false` | ----------------------------------------------- +--- + Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)