diff --git a/charts/traction/README.md b/charts/traction/README.md index 9d1ac19d2..f8697b9cc 100644 --- a/charts/traction/README.md +++ b/charts/traction/README.md @@ -52,14 +52,6 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release ## Parameters -### Traction configuration - -| Name | Description | Value | -| ---------------------------------- | ---------------------------- | -------------- | -| `config.ledger.name` | The ledger to be used. | `bcovrin-test` | -| `config.ledger.browserUrlOverride` | Overrides ledger browser url | `""` | -| `config.ledger.genesisUrlOverride` | Overrides genesis url | `""` | - ### Acapy Configuration | Name | Description | Value | @@ -83,47 +75,45 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release ### Acapy configuration file -| Name | Description | Value | -| ------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `acapy.argfile.yml.auto-accept-invites` | Automatically accept invites without firing a webhook event or waiting for an admin request. Default: false. | `true` | -| `acapy.argfile.yml.auto-accept-requests` | Automatically accept connection requests without firing a webhook event or waiting for an admin request. Default: false. | `true` | -| `acapy.argfile.yml.auto-create-revocation-transactions` | For Authors, specify whether to automatically create transactions for a cred def's revocation registry. (If not specified, the controller must invoke the endpoints required to create the revocation registry and assign to the cred def.) | `true` | -| `acapy.argfile.yml.auto-ping-connection` | Automatically send a trust ping immediately after a connection response is accepted. Some agents require this before marking a connection as 'active'. Default: false. | `true` | -| `acapy.argfile.yml.auto-promote-author-did` | For authors, specify whether to automatically promote a DID to the wallet public DID after writing to the ledger.`` | `true` | -| `acapy.argfile.yml.auto-provision` | If the requested profile does not exist, initialize it with the given parameters. | `true` | -| `acapy.argfile.yml.auto-request-endorsement` | For Authors, specify whether to automatically request endorsement for all transactions. (If not specified, the controller must invoke the request endorse operation for each transaction.) | `true` | -| `acapy.argfile.yml.auto-respond-credential-offer` | Automatically respond to Indy credential offers with a credential request. Default: false | `false` | -| `acapy.argfile.yml.auto-respond-credential-proposal` | Auto-respond to credential proposals with corresponding credential offers. | `false` | -| `acapy.argfile.yml.auto-respond-credential-request` | Auto-respond to credential requests with corresponding credentials. | `true` | -| `acapy.argfile.yml.auto-respond-messages` | Automatically respond to basic messages indicating the message was received. Default: false. | `true` | -| `acapy.argfile.yml.auto-respond-presentation-proposal` | Auto-respond to presentation proposals with corresponding presentation requests. | `true` | -| `acapy.argfile.yml.auto-respond-presentation-request` | Automatically respond to Indy presentation requests with a constructed presentation if a corresponding credential can be retrieved for every referent in the presentation request. Default: false. | `false` | -| `acapy.argfile.yml.auto-store-credential` | Automatically store an issued credential upon receipt. Default: false. | `true` | -| `acapy.argfile.yml.auto-verify-presentation` | Automatically verify a presentation when it is received. Default: false. | `true` | -| `acapy.argfile.yml.auto-write-transactions` | For Authors, specify whether to automatically write any endorsed transactions. (If not specified, the controller must invoke the write transaction operation for each transaction.) | `true` | -| `acapy.argfile.yml.emit-new-didcomm-mime-type` | Send packed agent messages with the DIDComm MIME type as of RFC 0044; i.e., 'application/didcomm-envelope-enc' instead of 'application/ssi-agent-wire'. | `true` | -| `acapy.argfile.yml.emit-new-didcomm-prefix` | Emit protocol messages with new DIDComm prefix; i.e., 'https://didcomm.org/' instead of (default) prefix 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/'. | `true` | -| `acapy.argfile.yml.endorser-alias` | For transaction Authors, specify the alias of the Endorser connection that will be used to endorse transactions. | `endorser` | -| `acapy.argfile.yml.endorser-protocol-role` | Specify the role ('author' or 'endorser') which this agent will participate. Authors will request transaction endorement from an Endorser. Endorsers will endorse transactions from Authors, and may write their own transactions to the ledger. If no role (or 'none') is specified then the endorsement protocol will not be used and this agent will write transactions to the ledger directly. | `author` | -| `acapy.argfile.yml.endorser-public-did` | For transaction Authors, specify the public DID of the Endorser agent who will be endorsing transactions. | `UjmxKBZe1qv1NBE7GaohdP` | -| `acapy.argfile.yml.genesis-url` | Specifies the url from which to download the genesis transactions. For example, if you are using 'von-network', the URL might be 'http://localhost:9000/genesis'. Genesis transactions URLs are available for the Sovrin test/main networks. | `{{ include "traction.genesisUrl" . }}` | -| `acapy.argfile.yml.label` | Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection. Set to release name by default. | `{{ include "acapy.label" .}}` | -| `acapy.argfile.yml.log-level` | Specifies a custom logging level as one of: ('debug', 'info', 'warning', 'error', 'critical') | `info` | -| `acapy.argfile.yml.monitor-ping` | Send a webhook when a ping is sent or received. | `true` | -| `acapy.argfile.yml.monitor-revocation-notification` | Specifies that aca-py will emit webhooks on notification of revocation received. | `true` | -| `acapy.argfile.yml.multitenant-admin` | Specify whether to enable the multitenant admin api. | `true` | -| `acapy.argfile.yml.multitenant` | Enable multitenant mode. | `true` | -| `acapy.argfile.yml.notify-revocation` | Specifies that aca-py will notify credential recipients when revoking a credential it issued. | `true` | -| `acapy.argfile.yml.preserve-exchange-records` | Keep credential exchange records after exchange has completed. | `true` | -| `acapy.argfile.yml.public-invites` | Send invitations out using the public DID for the agent, and receive connection requests solicited by invitations which use the public DID. Default: false. | `true` | -| `acapy.argfile.yml.read-only-ledger` | Sets ledger to read-only to prevent updates. Default: false. | `false` | -| `acapy.argfile.yml.tails-server-base-url` | Sets the base url of the tails server in use. | `{{ include "acapy.tails.baseUrl" . }}` | -| `acapy.argfile.yml.tails-server-upload-url` | Sets the base url of the tails server for upload, defaulting to the tails server base url. | `{{ include "acapy.tails.uploadUrl" . }}` | -| `acapy.argfile.yml.wallet-name` | Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets. | `askar-wallet` | -| `acapy.argfile.yml.wallet-storage-type` | Specifies the type of Indy wallet backend to use. Supported internal storage types are 'basic' (memory), 'default' (sqlite), and 'postgres_storage'. The default, if not specified, is 'default'. | `postgres_storage` | -| `acapy.argfile.yml.wallet-type` | Specifies the type of Indy wallet provider to use. Supported internal storage types are 'basic' (memory) and 'indy'. The default (if not specified) is 'basic'. | `askar` | -| `acapy.tails.baseUrlOverride` | | `""` | -| `acapy.tails.uploadUrlOverride` | | `""` | +| Name | Description | Value | +| ------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `acapy.argfile.yml.auto-accept-invites` | Automatically accept invites without firing a webhook event or waiting for an admin request. Default: false. | `true` | +| `acapy.argfile.yml.auto-accept-requests` | Automatically accept connection requests without firing a webhook event or waiting for an admin request. Default: false. | `true` | +| `acapy.argfile.yml.auto-create-revocation-transactions` | For Authors, specify whether to automatically create transactions for a cred def's revocation registry. (If not specified, the controller must invoke the endpoints required to create the revocation registry and assign to the cred def.) | `true` | +| `acapy.argfile.yml.auto-ping-connection` | Automatically send a trust ping immediately after a connection response is accepted. Some agents require this before marking a connection as 'active'. Default: false. | `true` | +| `acapy.argfile.yml.auto-promote-author-did` | For authors, specify whether to automatically promote a DID to the wallet public DID after writing to the ledger.`` | `true` | +| `acapy.argfile.yml.auto-provision` | If the requested profile does not exist, initialize it with the given parameters. | `true` | +| `acapy.argfile.yml.auto-request-endorsement` | For Authors, specify whether to automatically request endorsement for all transactions. (If not specified, the controller must invoke the request endorse operation for each transaction.) | `true` | +| `acapy.argfile.yml.auto-respond-credential-offer` | Automatically respond to Indy credential offers with a credential request. Default: false | `false` | +| `acapy.argfile.yml.auto-respond-credential-proposal` | Auto-respond to credential proposals with corresponding credential offers. | `false` | +| `acapy.argfile.yml.auto-respond-credential-request` | Auto-respond to credential requests with corresponding credentials. | `true` | +| `acapy.argfile.yml.auto-respond-messages` | Automatically respond to basic messages indicating the message was received. Default: false. | `true` | +| `acapy.argfile.yml.auto-respond-presentation-proposal` | Auto-respond to presentation proposals with corresponding presentation requests. | `true` | +| `acapy.argfile.yml.auto-respond-presentation-request` | Automatically respond to Indy presentation requests with a constructed presentation if a corresponding credential can be retrieved for every referent in the presentation request. Default: false. | `false` | +| `acapy.argfile.yml.auto-store-credential` | Automatically store an issued credential upon receipt. Default: false. | `true` | +| `acapy.argfile.yml.auto-verify-presentation` | Automatically verify a presentation when it is received. Default: false. | `true` | +| `acapy.argfile.yml.auto-write-transactions` | For Authors, specify whether to automatically write any endorsed transactions. (If not specified, the controller must invoke the write transaction operation for each transaction.) | `true` | +| `acapy.argfile.yml.emit-new-didcomm-mime-type` | Send packed agent messages with the DIDComm MIME type as of RFC 0044; i.e., 'application/didcomm-envelope-enc' instead of 'application/ssi-agent-wire'. | `true` | +| `acapy.argfile.yml.emit-new-didcomm-prefix` | Emit protocol messages with new DIDComm prefix; i.e., 'https://didcomm.org/' instead of (default) prefix 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/'. | `true` | +| `acapy.argfile.yml.endorser-alias` | For transaction Authors, specify the alias of the Endorser connection that will be used to endorse transactions. | `endorser` | +| `acapy.argfile.yml.endorser-protocol-role` | Specify the role ('author' or 'endorser') which this agent will participate. Authors will request transaction endorement from an Endorser. Endorsers will endorse transactions from Authors, and may write their own transactions to the ledger. If no role (or 'none') is specified then the endorsement protocol will not be used and this agent will write transactions to the ledger directly. | `author` | +| `acapy.argfile.yml.endorser-public-did` | For transaction Authors, specify the public DID of the Endorser agent who will be endorsing transactions. | `UjmxKBZe1qv1NBE7GaohdP` | +| `acapy.argfile.yml.genesis-url` | Specifies the url from which to download the genesis transactions. For example, if you are using 'von-network', the URL might be 'http://localhost:9000/genesis'. Genesis transactions URLs are available for the Sovrin test/main networks. | `http://test.bcovrin.vonx.io` | +| `acapy.argfile.yml.label` | Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection. Set to release name by default. | `{{ include "acapy.label" .}}` | +| `acapy.argfile.yml.log-level` | Specifies a custom logging level as one of: ('debug', 'info', 'warning', 'error', 'critical') | `info` | +| `acapy.argfile.yml.monitor-ping` | Send a webhook when a ping is sent or received. | `true` | +| `acapy.argfile.yml.monitor-revocation-notification` | Specifies that aca-py will emit webhooks on notification of revocation received. | `true` | +| `acapy.argfile.yml.multitenant-admin` | Specify whether to enable the multitenant admin api. | `true` | +| `acapy.argfile.yml.multitenant` | Enable multitenant mode. | `true` | +| `acapy.argfile.yml.notify-revocation` | Specifies that aca-py will notify credential recipients when revoking a credential it issued. | `true` | +| `acapy.argfile.yml.preserve-exchange-records` | Keep credential exchange records after exchange has completed. | `true` | +| `acapy.argfile.yml.public-invites` | Send invitations out using the public DID for the agent, and receive connection requests solicited by invitations which use the public DID. Default: false. | `true` | +| `acapy.argfile.yml.read-only-ledger` | Sets ledger to read-only to prevent updates. Default: false. | `false` | +| `acapy.argfile.yml.tails-server-base-url` | Sets the base url of the tails server in use. | `https://tails-test.vonx.io` | +| `acapy.argfile.yml.tails-server-upload-url` | Sets the base url of the tails server for upload, defaulting to the tails server base url. | `https://tails-test.vonx.io` | +| `acapy.argfile.yml.wallet-name` | Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets. | `askar-wallet` | +| `acapy.argfile.yml.wallet-storage-type` | Specifies the type of Indy wallet backend to use. Supported internal storage types are 'basic' (memory), 'default' (sqlite), and 'postgres_storage'. The default, if not specified, is 'default'. | `postgres_storage` | +| `acapy.argfile.yml.wallet-type` | Specifies the type of Indy wallet provider to use. Supported internal storage types are 'basic' (memory) and 'indy'. The default (if not specified) is 'basic'. | `askar` | ### Wallet Storage configuration @@ -163,10 +153,10 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `acapy.plugin-config.yml.traction_innkeeper.innkeeper_wallet.print_token` | | `false` | | `acapy.plugin-config.yml.traction_innkeeper.reservation.expiry_minutes` | | `2880` | | `acapy.plugin-config.yml.traction_innkeeper.reservation.auto_approve` | | `false` | -| `acapy.resources.limits.memory` | The memory limit for the Acapy containers | `1000Mi` | -| `acapy.resources.limits.cpu` | The cpu limit for the Acapy containers | `1` | -| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `384Mi` | -| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `250m` | +| `acapy.resources.limits.memory` | The memory limit for the Acapy containers | `512Mi` | +| `acapy.resources.limits.cpu` | The cpu limit for the Acapy containers | `300m` | +| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `16Mi` | +| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `10m` | | `acapy.podAnnotations` | Map of annotations to add to the acapy pods | `{}` | | `acapy.podSecurityContext` | Pod Security Context | `{}` | | `acapy.containerSecurityContext` | Container Security Context | `{}` | diff --git a/charts/traction/templates/_helpers.tpl b/charts/traction/templates/_helpers.tpl index a3ba0f2be..172560dc4 100755 --- a/charts/traction/templates/_helpers.tpl +++ b/charts/traction/templates/_helpers.tpl @@ -130,23 +130,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{ template "global.fullname" . }}-tenant-proxy {{- end -}} - -{{/* -generate ledger browser url -*/}} -{{- define "traction.ledgerBrowser" -}} -{{- $ledgerBrowser := dict "bcovrin-test" "http://test.bcovrin.vonx.io" -}} -{{ .Values.config.ledger.browserUrlOverride | default ( get $ledgerBrowser .Values.config.ledger.name ) }} -{{- end }} - -{{/* -generate genesisfileurl -*/}} -{{- define "traction.genesisUrl" -}} -{{ default (printf "%s%s" (include "traction.ledgerBrowser" .) "/genesis") .Values.config.ledger.genesisUrlOverride }} -{{- end }} - - {{/* Common acapy labels */}} @@ -189,30 +172,12 @@ Return acapy label */}} {{- define "acapy.label" -}} {{- if .Values.acapy.labelOverride -}} - {{- .Values.acapy.labelOverride }} -{{- else if eq .Values.config.ledger.name "idu" -}} -$identifier + {{- .Values.acapy.labelOverride }} {{- else -}} {{- .Release.Name }} {{- end -}} {{- end -}} -{{/* -generate tails baseUrl -*/}} -{{- define "acapy.tails.baseUrl" -}} -{{- $tailsBaseUrl := dict "bcovrin-dev" "https://tails-dev.vonx.io" "bcovrin-test" "https://tails-test.vonx.io" "idu" (printf "https://tails%s" .Values.ingressSuffix) -}} -{{ .Values.acapy.tails.baseUrlOverride| default ( get $tailsBaseUrl .Values.config.ledger.name ) }} -{{- end -}} - -{{/* -generate tails uploadUrl -*/}} -{{- define "acapy.tails.uploadUrl" -}} -{{- $tailsUploadUrl:= dict "bcovrin-dev" "https://tails-dev.vonx.io" "bcovrin-test" "https://tails-test.vonx.io" "idu" "http://idu-tails:6543" -}} -{{ .Values.acapy.tails.uploadUrlOverride| default ( get $tailsUploadUrl .Values.config.ledger.name ) }} -{{- end -}} - {{/* Create a default fully qualified app name for the postgres requirement. */}} diff --git a/charts/traction/values.yaml b/charts/traction/values.yaml index 259078666..c39c0de4e 100644 --- a/charts/traction/values.yaml +++ b/charts/traction/values.yaml @@ -5,17 +5,6 @@ fullnameOverride: "" ## @param ingressSuffix Domain suffix to be used for default hostpaths in ingress ingressSuffix: -dev.example.com -## @section Traction configuration -## -## @param config.ledger.name The ledger to be used. -## @param config.ledger.browserUrlOverride Overrides ledger browser url -## @param config.ledger.genesisUrlOverride Overrides genesis url -config: - ledger: - name: bcovrin-test - browserUrlOverride: "" - genesisUrlOverride: "" - ## @section Acapy Configuration ## acapy: @@ -129,7 +118,7 @@ acapy: endorser-alias: endorser endorser-protocol-role: author endorser-public-did: 'UjmxKBZe1qv1NBE7GaohdP' - genesis-url: '{{ include "traction.genesisUrl" . }}' + genesis-url: http://test.bcovrin.vonx.io/genesis label: '{{ include "acapy.label" .}}' log-level: info monitor-ping: true @@ -140,17 +129,11 @@ acapy: preserve-exchange-records: true public-invites: true read-only-ledger: false - tails-server-base-url: '{{ include "acapy.tails.baseUrl" . }}' - tails-server-upload-url: '{{ include "acapy.tails.uploadUrl" . }}' + tails-server-base-url: https://tails-test.vonx.io + tails-server-upload-url: https://tails-test.vonx.io wallet-name: askar-wallet wallet-storage-type: postgres_storage wallet-type: askar - ## @param acapy.tails.baseUrlOverride - ## @param acapy.tails.uploadUrlOverride - ## - tails: - baseUrlOverride: "" - uploadUrlOverride: "" ## @section Wallet Storage configuration ## Specifies the storage configuration to use for the wallet. ## This is required if you are for using 'postgres_storage' wallet 'storage type. diff --git a/deploy/tenant-ui/values-e79518-dev.yaml b/deploy/tenant-ui/values-e79518-dev.yaml deleted file mode 100644 index e70505e80..000000000 --- a/deploy/tenant-ui/values-e79518-dev.yaml +++ /dev/null @@ -1,36 +0,0 @@ -fullnameOverride: "tenant-ui-dts" -ingressSuffix: -dev.apps.silver.devops.gov.bc.ca -image: - tag: "0.2.14" - pullPolicy: Always -traction: - apiEndpoint: https://traction-dts-tenant-proxy-dev.apps.silver.devops.gov.bc.ca - tenantProxyEndpoint: https://traction-dts-tenant-proxy-dev.apps.silver.devops.gov.bc.ca -oidc: - active: true - showInnkeeperAdminLogin: true - authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm - jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs -ariesDetails: - ledgerDescription: "bcovrin-test" -smtp: - server: apps.smtp.gov.bc.ca - port: 25 - senderAddress: DoNotReplyTractionDTS@gov.bc.ca - innkeeperInbox: emiliano.sune@quartech.com -resources: - limits: - cpu: 200m - memory: 820Mi - requests: - cpu: 120m - memory: 400Mi -ingress: - annotations: - route.openshift.io/termination: edge -networkPolicy: - enabled: true - ingress: - enabled: true - namespaceSelector: - network.openshift.io/policy-group: ingress diff --git a/deploy/traction/values-e79518-dev.yaml b/deploy/traction/values-e79518-dev.yaml deleted file mode 100644 index 7382c4fef..000000000 --- a/deploy/traction/values-e79518-dev.yaml +++ /dev/null @@ -1,61 +0,0 @@ -fullnameOverride: "traction-dts" -ingressSuffix: -dev.apps.silver.devops.gov.bc.ca -acapy: - image: - tag: "0.2.14" - pullPolicy: Always - plugin-config.yml: - traction_innkeeper: - innkeeper_wallet: - print_key: true - print_token: true - resources: - limits: - cpu: 200m - memory: 820Mi - requests: - cpu: 120m - memory: 400Mi - argfile.yml: - wallet-name: mywallet - networkPolicy: - enabled: true - ingress: - enabled: true - namespaceSelector: - network.openshift.io/policy-group: ingress -tenant_proxy: - image: - tag: "0.2.14" - pullPolicy: Always - networkPolicy: - enabled: true - ingress: - enabled: true - namespaceSelector: - network.openshift.io/policy-group: ingress -ingress: - annotations: - route.openshift.io/termination: edge -postgresql: - fullnameOverride: "traction-dts" - auth: - existingSecret: traction-dts-db - secretKeys: - adminPasswordKey: postgres-password - userPasswordKey: postgres-password - # -- PostgreSQL Database to create. - database: traction - username: postgres - primary: - podLabels: - backup: "true" - env: dev - resources: - limits: - cpu: 200m - memory: 820Mi - requests: - cpu: 120m - memory: 400Mi -