diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..023a2b995ee55d9021a647982cd3bc9b83fc16c0
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,193 @@
+include:
+ - project: '${HELPERS_PATH}'
+ file: '${HELPERS_FILE}'
+
+stages:
+ - lint
+ - test
+ - build
+ - release
+ - docker
+ - registries
+ - helm
+ - deploy-test
+
+# Lint microservices
+
+lint-attestation-manager:
+ extends: .lint-attestation-manager
+ stage: lint
+
+lint-connection-manager:
+ extends: .lint-connection-manager
+ stage: lint
+
+lint-proof-manager:
+ extends: .lint-proof-manager
+ stage: lint
+
+lint-ssi-abstraction:
+ extends: .lint-ssi-abstraction
+ stage: lint
+
+# Test microservices
+
+test-attestation-manager:
+ extends: .test-attestation-manager
+ stage: test
+
+test-connection-manager:
+ extends: .test-connection-manager
+ stage: test
+
+test-proof-manager:
+ extends: .test-proof-manager
+ stage: test
+
+test-ssi-abstraction:
+ extends: .test-ssi-abstraction
+ stage: test
+
+# Bare microservice build
+
+build-attestation-manager:
+ extends: .build-attestation-manager
+ stage: build
+
+build-connection-manager:
+ extends: .build-connection-manager
+ stage: build
+
+build-proof-manager:
+ extends: .build-proof-manager
+ stage: build
+
+build-ssi-abstraction:
+ extends: .build-ssi-abstraction
+ stage: build
+
+# Docker build microservices
+
+docker-attestation-manager:
+ extends: .docker-attestation-manager
+ stage: docker
+
+docker-connection-manager:
+ extends: .docker-connection-manager
+ stage: docker
+
+docker-proof-manager:
+ extends: .docker-proof-manager
+ stage: docker
+
+docker-ssi-abstraction:
+ extends: .docker-ssi-abstraction
+ stage: docker
+
+# Push to registries
+
+registry-attestation-manager:
+ extends: .registry-attestation-manager
+ stage: registries
+
+registry-connection-manager:
+ extends: .registry-connection-manager
+ stage: registries
+
+registry-proof-manager:
+ extends: .registry-proof-manager
+ stage: registries
+
+registry-ssi-abstraction:
+ extends: .registry-ssi-abstraction
+ stage: registries
+
+# Configure helm
+
+helm-attestation-manager:
+ extends: .helm-attestation-manager
+ stage: helm
+
+helm-connection-manager:
+ extends: .helm-connection-manager
+ stage: helm
+
+helm-proof-manager:
+ extends: .helm-proof-manager
+ stage: helm
+
+helm-ssi-abstraction:
+ extends: .helm-ssi-abstraction
+ stage: helm
+
+deploy attestation ocm:
+ extends: .deploy-attestation-manager-ocm-main
+ stage: deploy-test
+
+deploy attestation ocm tagged:
+ extends: .deploy-attestation-manager-ocm-main-tag
+ stage: deploy-test
+
+deploy attestation ocm test:
+ extends: .deploy-attestation-manager-ocm-test
+ stage: deploy-test
+
+deploy attestation ocm test tagged:
+ extends: .deploy-attestation-manager-ocm-test-tag
+ stage: deploy-test
+
+deploy connection ocm:
+ extends: .deploy-connection-manager-ocm-main
+ stage: deploy-test
+
+deploy connection ocm tagged:
+ extends: .deploy-connection-manager-ocm-main-tag
+ stage: deploy-test
+
+deploy connection ocm test:
+ extends: .deploy-connection-manager-ocm-test
+ stage: deploy-test
+
+deploy connection ocm test tagged:
+ extends: .deploy-connection-manager-ocm-test-tag
+ stage: deploy-test
+
+deploy proof ocm:
+ extends: .deploy-proof-manager-ocm-main
+ stage: deploy-test
+
+deploy proof ocm tagged:
+ extends: .deploy-proof-manager-ocm-main-tag
+ stage: deploy-test
+
+deploy proof ocm test:
+ extends: .deploy-proof-manager-ocm-test
+ stage: deploy-test
+
+deploy proof ocm test tagged:
+ extends: .deploy-proof-manager-ocm-test-tag
+ stage: deploy-test
+
+deploy ssi-abstraction ocm:
+ extends: .deploy-ssi-abstraction-ocm-main
+ stage: deploy-test
+
+deploy ssi-abstraction ocm tagged:
+ extends: .deploy-ssi-abstraction-ocm-main-tag
+ stage: deploy-test
+
+deploy ssi-abstraction ocm test:
+ extends: .deploy-ssi-abstraction-ocm-test
+ stage: deploy-test
+
+deploy ssi-abstraction ocm test tagged:
+ extends: .deploy-ssi-abstraction-ocm-test-tag
+ stage: deploy-test
+
+commit lint:
+ extends: .commit-lint
+ stage: lint
+
+changelog:
+ extends: .changelog
+ stage: release
diff --git a/apps/attestation-manager/deployment/helm/Chart.yaml b/apps/attestation-manager/deployment/helm/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ce7247db8ddc1ee5fd1755bf488cdc5666123d8a
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: v1.0.4-rc
+description: attestation-manager deployment
+name: attestation-manager
+version: 1.0.4
+icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
diff --git a/apps/attestation-manager/deployment/helm/LICENSE b/apps/attestation-manager/deployment/helm/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..c55d3182e865fd075f9e980bb18f3dbfd3cb8005
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/LICENSE
@@ -0,0 +1,15 @@
+Deployment recipe for OCM attestation manager.
+
+Copyright 2022 Vereign AG
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/apps/attestation-manager/deployment/helm/README.md b/apps/attestation-manager/deployment/helm/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..123e652639feb7f4f6439fa49a5c5e431ae645f8
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/README.md
@@ -0,0 +1,67 @@
+# attestation-manager
+
+ 
+
+attestation-manager deployment
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| attestationManager.acceptMembershipCredentialsConfig | string | `"AUTO"` | |
+| attestationManager.agent.host | string | `"ssi-abstraction"` | |
+| attestationManager.agent.port | int | `3010` | |
+| attestationManager.agent.protocol | string | `"http"` | |
+| attestationManager.database.db | string | `"ocm_attestation_manager"` | |
+| attestationManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
+| attestationManager.database.password | string | `"ocm_attestation_manager"` | |
+| attestationManager.database.port | int | `5432` | |
+| attestationManager.database.schema | string | `"attestation"` | |
+| attestationManager.database.user | string | `"ocm_attestation_manager"` | |
+| attestationManager.elastic.port | int | `9200` | |
+| attestationManager.elastic.protocol | string | `"http"` | |
+| attestationManager.elastic.url | string | `"elasticsearch"` | |
+| attestationManager.nats.port | int | `4222` | |
+| attestationManager.nats.protocol | string | `"nats"` | |
+| attestationManager.nats.url | string | `"nats"` | |
+| attestationManager.url.attestationManager | string | `"https://gaiax.vereign.com/ocm/attestation"` | |
+| attestationManager.url.connectionManager | string | `"https://gaiax.vereign.com/ocm/connection"` | |
+| attestationManager.url.tsa | string | `"https://gaiax.vereign.com/tsa/policy/policy/example"` | |
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `3` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
+| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
+| image.name | string | `"gaiax/attestation-manager"` | Image name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
+| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
+| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
+| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
+| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
+| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
+| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
+| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
+| ingress.enabled | bool | `true` | |
+| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
+| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
+| ingress.tlsEnabled | bool | `true` | |
+| log.encoding | string | `"json"` | |
+| log.level | string | `"INFO"` | |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.port | int | `2112` | Port for prometheus metrics |
+| name | string | `"ssi-abstraction"` | Application name |
+| nameOverride | string | `""` | Ovverwrites application name |
+| podAnnotations | object | `{}` | |
+| replicaCount | int | `1` | Default number of instances to start |
+| resources.limits.cpu | string | `"150m"` | |
+| resources.limits.memory | string | `"128Mi"` | |
+| resources.requests.cpu | string | `"25m"` | |
+| resources.requests.memory | string | `"64Mi"` | |
+| security.runAsGid | int | `0` | Group used by the apps |
+| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
+| security.runAsUid | int | `0` | User used by the apps |
+| service.port | int | `3005` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
diff --git a/apps/attestation-manager/deployment/helm/templates/_helpers.tpl b/apps/attestation-manager/deployment/helm/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..6cba3ffc4fead9c4924f9788d1fb6c1daf8874e3
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/templates/_helpers.tpl
@@ -0,0 +1,94 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create instance name based on app version and short image sha.
+*/}}
+{{- define "app.revision" -}}
+{{- default .Release.Name .Values.appRel | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/component: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{/*
+Metrics Annotations
+*/}}
+{{- define "app.metricsAnnotations" -}}
+{{- if .Values.metrics.enabled -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.metrics.port }}"
+prometheus.io/path: {{ .Values.metrics.path | default "/metrics" | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Image string
+*/}}
+{{- define "app.image" -}}
+{{- if .Values.image.sha -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}@{{ .Values.image.sha }}
+{{- else -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Security context
+*/}}
+{{- define "app.securitycontext" -}}
+runAsNonRoot: {{ .Values.security.runAsNonRoot | default false }}
+runAsGroup: {{ .Values.security.runAsGid | default 0 }}
+runAsUser: {{ .Values.security.runAsUid | default 0 }}
+fsGroup: {{ .Values.security.runAsGid | default 0 }}
+{{- end -}}
+
+{{/*
+PostgreSQL Connection string URI
+*/}}
+{{- define "app.postgresql.connectionstring" -}}
+postgresql://{{ .Values.attestationManager.database.user }}:{{ .Values.attestationManager.database.password }}@{{ .Values.attestationManager.database.host }}:{{ .Values.attestationManager.database.port }}/{{ .Release.Namespace }}_{{ include "app.name" . | replace "-" "_" }}?schema={{ .Values.attestationManager.database.schema }}
+{{- end -}}
+
+{{/*
+Ingress custom path.
+*/}}
+{{- define "app.path" -}}
+{{- default .Chart.Name .Values.ingress.pathOverride | replace "-manager" "" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/apps/attestation-manager/deployment/helm/templates/deployment.yaml b/apps/attestation-manager/deployment/helm/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..23202e0ce5e8fb478536c698347299589121c827
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/templates/deployment.yaml
@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "app.name" . }}"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ app.kubernetes.io/instance: {{ include "app.revision" . }}
+ app.kubernetes.io/part-of: rse
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ {{- include "app.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "app.labels" . | nindent 8 }}
+ annotations:
+ {{- include "app.metricsAnnotations" . | nindent 8 }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ securityContext:
+{{- include "app.securitycontext" . | nindent 8 }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecrets }}
+ containers:
+ - name: {{ template "app.name" . }}
+ image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ - name: PORT
+ value: {{ .Values.service.port | quote }}
+ - name: DATABASE_URL
+ value: {{ template "app.postgresql.connectionstring" (merge (dict "application" "true") .) }}
+ - name: NATS_URL
+ value: "{{ .Values.attestationManager.nats.protocol }}://{{ .Values.attestationManager.nats.url }}:{{ .Values.attestationManager.nats.port }}"
+ - name: ECSURL
+ value: "{{ .Values.attestationManager.elastic.protocol }}://{{ .Values.attestationManager.elastic.url }}:{{ .Values.attestationManager.elastic.port }}/"
+ - name: LOG_LEVEL
+ value: {{ .Values.log.level | default "INFO" }}
+ - name: LOG_ENCODING
+ value: {{ .Values.log.encoding | default "json" }}
+ - name: AGENT_URL
+ value: "{{ .Values.attestationManager.agent.protocol }}://{{ .Values.attestationManager.agent.host }}:{{ .Values.attestationManager.agent.port }}"
+ - name: ACCEPT_MEMBERSHIP_CREDENTIALS_CONFIG
+ value: {{ .Values.attestationManager.acceptMembershipCredentialsConfig }}
+ - name: TSA_URL
+ value: {{ .Values.attestationManager.url.tsa }}
+ - name: CONNECTION_MANAGER_URL
+ value: {{ .Values.attestationManager.url.connectionManager }}
+ - name: ATTESTATION_MANAGER_URL
+ value: {{ .Values.attestationManager.url.attestationManager }}
+{{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 8 }}
+{{- end }}
+ ports:
+ {{- if .Values.metrics.enabled }}
+ - name: monitoring
+ containerPort: {{ .Values.metrics.port }}
+ {{- end }}
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ readinessProbe:
+ httpGet:
+ path: /v1/health
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 2
+ failureThreshold: 2
+ timeoutSeconds: 5
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
diff --git a/apps/attestation-manager/deployment/helm/templates/hpa.yaml b/apps/attestation-manager/deployment/helm/templates/hpa.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fc5c29e7463c24756cfa83754e8ab9336be7b8c2
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/templates/hpa.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "app.name" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+{{- end }}
+{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/attestation-manager/deployment/helm/templates/ingress.yaml b/apps/attestation-manager/deployment/helm/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..798a8d1e5df4b25a735418ca27602a564972847a
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/templates/ingress.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ template "app.path" . }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+{{- if .Values.ingress.tlsEnabled }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.frontendDomain }}
+ secretName: {{ .Values.ingress.frontendTlsSecretName }}
+{{- end }}
+ rules:
+ - host: {{ .Values.ingress.frontendDomain }}
+ http:
+ paths:
+ - path: /{{ template "app.path" . }}(/|$)(.*)
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ template "app.name" . }}
+ port:
+ number: {{ .Values.service.port }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/attestation-manager/deployment/helm/templates/service.yaml b/apps/attestation-manager/deployment/helm/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..21c57ac87992e185f824c0c8c9fbf8ab19b289d2
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+ clusterIP: None
+ ports:
+ - name: http
+ port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.port }}
+ selector:
+ {{- include "app.selectorLabels" . | nindent 4 }}
+
diff --git a/apps/attestation-manager/deployment/helm/values-override.yaml b/apps/attestation-manager/deployment/helm/values-override.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..408c77b9e54c8d3e9de1d31c38af33e1644543c2
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/values-override.yaml
@@ -0,0 +1,37 @@
+image:
+ repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
+ # -- Image name
+ name: attestation-manager
+attestationManager:
+ url:
+ tsa: https://tsa.gxfs.dev/policy/policy/example
+ connectionManager: https://ocm.gxfs.dev/connection
+ attestationManager: https://ocm.gxfs.dev/attestation
+ database:
+ host: vereign-database1-postgres.gxfs-vereign
+ user: ENC[AES256_GCM,data:mk+oOKURENM=,iv:COwKJMsdTq5rk0L6bgooO2ZfTUlc1s16KWfPOGlJ1lo=,tag:5OXJ6l8DCvOUhinh922IAw==,type:str]
+ password: ENC[AES256_GCM,data:2DRvp3NP2KWDABEjRFqlfVPwtxsooDJW357jmJ7KEFURlubs3DGbce+5wLLhG8XbpdFZhCFEoNZivREa4LwhIw==,iv:3hqOlGqAT5/g52nSnqa8/ydUprOtWThT4lcoysmy11Q=,tag:0ZWS2zf5/huwhq9KO2HjoQ==,type:str]
+ db: vereign-database1-postgres
+ingress:
+ frontendDomain: ocm.gxfs.dev
+ frontendTlsSecretName: wildcard-gxfs-dev
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySXY3dzljdWdyamFLNkFW
+ WHNqeGY3Q09WNnd2blJiTDhhVzdKQ0hjalgwCjR3RGZMdHFyM1lhQXdhcnN5SVE0
+ NnBwMzlVY2xwTzFQNE5VR3QybnpLb28KLS0tIHU4QVZZRWViNlVKQzg0YVBQWVI5
+ S3J1amdkVGhBUzhHOEJmWThSbVFNdm8KsBA7cO4f2Zmym8SoIXAzNw0uxaxfDWg9
+ ryyxpwCjSQD2kuOw9epK/J7DpCkpAmipQSNvmU5ZiNnq9VzdQ8WGEA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-08-04T11:06:04Z"
+ mac: ENC[AES256_GCM,data:MdbVIQyR5s4efjMB1MIiOJZOueS0R1F4xvoaHEUoWaQ/bIWa3Km/CBijCI4+zqM54tZ3Zs+kMLK0FdHd+TpSujY2Jg6U8JqRHnA4cUEcr1el5pnhqo3lLiSmZXhGJaO9mlPoE/IVDdlrDXgRwexnznvyJn5RUpK1KdTsAU02wBI=,iv:EdCTlV7CDJikksz0HoiShKhKCO6LsOGsTk6GQalw6QA=,tag:QCbYT1Wr3KwcgmR70Qxlvg==,type:str]
+ pgp: []
+ encrypted_regex: ^(password|user)$
+ version: 3.7.3
diff --git a/apps/attestation-manager/deployment/helm/values.yaml b/apps/attestation-manager/deployment/helm/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b5d24b38691288b1400e54b50cf91f1c5ed8f5e7
--- /dev/null
+++ b/apps/attestation-manager/deployment/helm/values.yaml
@@ -0,0 +1,121 @@
+# -- Default number of instances to start
+replicaCount: 1
+# -- Application name
+name: ssi-abstraction
+# -- Ovverwrites application name
+nameOverride: ""
+
+image:
+ repository: eu.gcr.io/vrgn-infra-prj
+ # -- Image name
+ name: gaiax/attestation-manager
+ # -- Image tag
+ # Uses .Chart.AppVersion if empty
+ tag: ""
+ # -- Image sha, usually generated by the CI
+ # Uses image.tag if empty
+ sha: ""
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+ # -- Image pull secret when internal image is used
+ pullSecrets: deployment-key-light
+
+
+podAnnotations: {}
+##
+## Pass extra environment variables to the container.
+##
+# extraVars:
+# - name: EXTRA_VAR_1
+# value: extra-var-value-1
+# - name: EXTRA_VAR_2
+# value: extra-var-value-2
+##
+## Create new service when true, and use the specified uner name when set to the name specified
+##
+
+resources:
+ requests:
+ cpu: 25m
+ memory: 64Mi
+ limits:
+ cpu: 150m
+ memory: 128Mi
+
+## Configure pod autoscaling
+##
+
+autoscaling:
+ # -- Enable autoscaling
+ enabled: false
+ # -- Minimum replicas
+ minReplicas: 1
+ # -- Maximum replicas
+ maxReplicas: 3
+ # -- CPU target for autoscaling trigger
+ targetCPUUtilizationPercentage: 70
+ # -- Memory target for autoscaling trigger
+ targetMemoryUtilizationPercentage: 70
+##
+## Prometheus Exporter / Metrics
+##
+
+metrics:
+ # -- Enable prometheus metrics
+ enabled: true
+ # -- Port for prometheus metrics
+ port: 2112
+
+log:
+ level: "INFO"
+ encoding: json
+
+##
+## Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object.
+##
+
+security:
+ # -- by default, apps run as non-root
+ runAsNonRoot: false
+ # -- User used by the apps
+ runAsUid: 0
+ # -- Group used by the apps
+ runAsGid: 0
+##
+##
+service:
+ port: 3005
+
+attestationManager:
+ acceptMembershipCredentialsConfig: AUTO
+ agent:
+ host: ssi-abstraction
+ protocol: http
+ port: 3010
+ database:
+ host: postgresql-postgresql-ha-postgresql.infra
+ user: ocm_attestation_manager
+ password: ocm_attestation_manager
+ port: 5432
+ schema: attestation
+ db: ocm_attestation_manager
+ nats:
+ url: nats
+ port: 4222
+ protocol: nats
+ elastic:
+ url: elasticsearch
+ port: 9200
+ protocol: http
+ url:
+ tsa: https://gaiax.vereign.com/tsa/policy/policy/example
+ connectionManager: https://gaiax.vereign.com/ocm/connection
+ attestationManager: https://gaiax.vereign.com/ocm/attestation
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+ tlsEnabled: true
+ frontendDomain: gaiax.vereign.com
+ frontendTlsSecretName: cert-manager-tls
diff --git a/apps/connection-manager/deployment/helm/Chart.yaml b/apps/connection-manager/deployment/helm/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..873412abfc15f6891e56fd3a5b4671576eb907e0
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: v1.0.7-rc
+description: connection-manager deployment
+name: connection-manager
+version: 1.0.7
+icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
diff --git a/apps/connection-manager/deployment/helm/LICENSE b/apps/connection-manager/deployment/helm/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..2abcd8b577f7275b1a2b706e1651b4f44bebeaf5
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/LICENSE
@@ -0,0 +1,15 @@
+Deployment recipe for OCM connection manager.
+
+Copyright 2022 Vereign AG
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/apps/connection-manager/deployment/helm/README.md b/apps/connection-manager/deployment/helm/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..0964aca0e3147c6937106d28185817f18dafde9d
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/README.md
@@ -0,0 +1,64 @@
+# connection-manager
+
+ 
+
+connection-manager deployment
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `3` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
+| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
+| connectionManager.agent.host | string | `"ssi-abstraction"` | |
+| connectionManager.agent.port | int | `3010` | |
+| connectionManager.agent.protocol | string | `"http"` | |
+| connectionManager.database.db | string | `"ocm_connection_manager"` | |
+| connectionManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
+| connectionManager.database.password | string | `"ocm_connection_manager"` | |
+| connectionManager.database.port | int | `5432` | |
+| connectionManager.database.schema | string | `"connection"` | |
+| connectionManager.database.user | string | `"ocm_connection_manager"` | |
+| connectionManager.elastic.port | int | `9200` | |
+| connectionManager.elastic.protocol | string | `"http"` | |
+| connectionManager.elastic.url | string | `"elasticsearch"` | |
+| connectionManager.nats.port | int | `4222` | |
+| connectionManager.nats.protocol | string | `"nats"` | |
+| connectionManager.nats.url | string | `"nats"` | |
+| image.name | string | `"gaiax/connection-manager"` | Image name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
+| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
+| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
+| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
+| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
+| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
+| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
+| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
+| ingress.enabled | bool | `true` | |
+| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
+| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
+| ingress.pathOverride | string | `""` | |
+| ingress.tlsEnabled | bool | `true` | |
+| log.encoding | string | `"json"` | |
+| log.level | string | `"INFO"` | |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.port | int | `2112` | Port for prometheus metrics |
+| name | string | `"connection-manager"` | Application name |
+| nameOverride | string | `""` | Ovverwrites application name |
+| podAnnotations | object | `{}` | |
+| replicaCount | int | `1` | Default number of instances to start |
+| resources.limits.cpu | string | `"150m"` | |
+| resources.limits.memory | string | `"128Mi"` | |
+| resources.requests.cpu | string | `"25m"` | |
+| resources.requests.memory | string | `"64Mi"` | |
+| security.runAsGid | int | `0` | Group used by the apps |
+| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
+| security.runAsUid | int | `0` | User used by the apps |
+| service.port | int | `3003` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
diff --git a/apps/connection-manager/deployment/helm/templates/_helpers.tpl b/apps/connection-manager/deployment/helm/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..2c27cb68df0e603d516d1a6b5e7770b7719ea78e
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/templates/_helpers.tpl
@@ -0,0 +1,94 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create instance name based on app version and short image sha.
+*/}}
+{{- define "app.revision" -}}
+{{- default .Release.Name .Values.appRel | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/component: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{/*
+Metrics Annotations
+*/}}
+{{- define "app.metricsAnnotations" -}}
+{{- if .Values.metrics.enabled -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.metrics.port }}"
+prometheus.io/path: {{ .Values.metrics.path | default "/metrics" | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Image string
+*/}}
+{{- define "app.image" -}}
+{{- if .Values.image.sha -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}@{{ .Values.image.sha }}
+{{- else -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Security context
+*/}}
+{{- define "app.securitycontext" -}}
+runAsNonRoot: {{ .Values.security.runAsNonRoot | default false }}
+runAsGroup: {{ .Values.security.runAsGid | default 0 }}
+runAsUser: {{ .Values.security.runAsUid | default 0 }}
+fsGroup: {{ .Values.security.runAsGid | default 0 }}
+{{- end -}}
+
+{{/*
+PostgreSQL Connection string URI
+*/}}
+{{- define "app.postgresql.connectionstring" -}}
+postgresql://{{ .Values.connectionManager.database.user }}:{{ .Values.connectionManager.database.password }}@{{ .Values.connectionManager.database.host }}:{{ .Values.connectionManager.database.port }}/{{ .Release.Namespace }}_{{ include "app.name" . | replace "-" "_" }}?schema={{ .Values.connectionManager.database.schema }}
+{{- end -}}
+
+{{/*
+Ingress custom path.
+*/}}
+{{- define "app.path" -}}
+{{- default .Chart.Name .Values.ingress.pathOverride | replace "-manager" "" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/apps/connection-manager/deployment/helm/templates/deployment.yaml b/apps/connection-manager/deployment/helm/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fb8124ef6135dd9a1c5065bcdd677cdcf526642d
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/templates/deployment.yaml
@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "app.name" . }}"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ app.kubernetes.io/instance: {{ include "app.revision" . }}
+ app.kubernetes.io/part-of: rse
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ {{- include "app.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "app.labels" . | nindent 8 }}
+ annotations:
+ {{- include "app.metricsAnnotations" . | nindent 8 }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ securityContext:
+{{- include "app.securitycontext" . | nindent 8 }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecrets }}
+ containers:
+ - name: {{ template "app.name" . }}
+ image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ - name: PORT
+ value: {{ .Values.service.port | quote }}
+ - name: DATABASE_URL
+ value: {{ template "app.postgresql.connectionstring" (merge (dict "application" "true") .) }}
+ - name: NATS_URL
+ value: "{{ .Values.connectionManager.nats.protocol }}://{{ .Values.connectionManager.nats.url }}:{{ .Values.connectionManager.nats.port }}"
+ - name: ECSURL
+ value: "{{ .Values.connectionManager.elastic.protocol }}://{{ .Values.connectionManager.elastic.url }}:{{ .Values.connectionManager.elastic.port }}/"
+ - name: LOG_LEVEL
+ value: {{ .Values.log.level | default "INFO" }}
+ - name: LOG_ENCODING
+ value: {{ .Values.log.encoding | default "json" }}
+ - name: POSTGRES_USER
+ value: {{ .Values.connectionManager.database.user }}
+ - name: POSTGRES_PASSWORD
+ value: {{ .Values.connectionManager.database.password }}
+ - name: POSTGRES_DB
+ value: {{ .Values.connectionManager.database.db }}
+ - name: AGENT_URL
+ value: "{{ .Values.connectionManager.agent.protocol }}://{{ .Values.connectionManager.agent.host }}:{{ .Values.connectionManager.agent.port }}"
+
+{{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 8 }}
+{{- end }}
+ ports:
+ {{- if .Values.metrics.enabled }}
+ - name: monitoring
+ containerPort: {{ .Values.metrics.port }}
+ {{- end }}
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ readinessProbe:
+ httpGet:
+ path: /v1/health
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 2
+ failureThreshold: 2
+ timeoutSeconds: 5
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
diff --git a/apps/connection-manager/deployment/helm/templates/hpa.yaml b/apps/connection-manager/deployment/helm/templates/hpa.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fc5c29e7463c24756cfa83754e8ab9336be7b8c2
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/templates/hpa.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "app.name" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+{{- end }}
+{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/connection-manager/deployment/helm/templates/ingress.yaml b/apps/connection-manager/deployment/helm/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..798a8d1e5df4b25a735418ca27602a564972847a
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/templates/ingress.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ template "app.path" . }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+{{- if .Values.ingress.tlsEnabled }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.frontendDomain }}
+ secretName: {{ .Values.ingress.frontendTlsSecretName }}
+{{- end }}
+ rules:
+ - host: {{ .Values.ingress.frontendDomain }}
+ http:
+ paths:
+ - path: /{{ template "app.path" . }}(/|$)(.*)
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ template "app.name" . }}
+ port:
+ number: {{ .Values.service.port }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/connection-manager/deployment/helm/templates/service.yaml b/apps/connection-manager/deployment/helm/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..21c57ac87992e185f824c0c8c9fbf8ab19b289d2
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+ clusterIP: None
+ ports:
+ - name: http
+ port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.port }}
+ selector:
+ {{- include "app.selectorLabels" . | nindent 4 }}
+
diff --git a/apps/connection-manager/deployment/helm/values-override.yaml b/apps/connection-manager/deployment/helm/values-override.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..111febba8e8159fe0080c2dc731154ec7898ea16
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/values-override.yaml
@@ -0,0 +1,38 @@
+image:
+ repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
+ # -- Image name
+ name: connection-manager
+connectionManager:
+ database:
+ host: vereign-database1-postgres.gxfs-vereign
+ user: ENC[AES256_GCM,data:f+UtjwOUiyM=,iv:X/7E+GBmxxVdphMTChhhrCjT/01cLFwh62vhJApJkWA=,tag:oM0vFH3KSpFTBjeRi40oJA==,type:str]
+ password: ENC[AES256_GCM,data:iHEwZCuABQy0RMrDGeq3QEL874JgbQWC+7WQ49TW62Ynh/isVvo0kv8FR/rXRrUks3IlTIGWncj+JnIDQkODMg==,iv:4Lza3vwWDJPTPPYwgmTvrnMLrkQBYa5mnrn9HbQd2oQ=,tag:s6f9IVyJMdqu2NXtt0tuQg==,type:str]
+ db: vereign-database1-postgres
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+ tlsEnabled: true
+ frontendDomain: ocm.gxfs.dev
+ frontendTlsSecretName: wildcard-gxfs-dev
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVHQvUk4xOXBHZjBhT0ly
+ R1pVeUVtU09mYmppb2hucktLeUx2bGtsUXhJCkdUKzQ5TlNCbzFBTWV4L3REMFlR
+ bS9nWUxWZ3JERW81QWtCQXJxU3Uzd3MKLS0tIDdmZXdGemdjYzZ5QU11QVVtYnBz
+ WUROeFJTV0cxYnA4MTREcVlVYkhSZmMKDqEoHpnkE6AbTn1RHDn0G6u3XmeCSaTk
+ smByqqxfWePRPIul8VTlKnDNN68iQuK7Xxmj3RV7LTSj60XwdeIKuQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-08-03T14:42:58Z"
+ mac: ENC[AES256_GCM,data:arq9lpFfu4WBPXPiaIgT/tdRQcBv15SB2sgaD9GBlTL+dVxAuZcDiWTykzWaxpvExf8aGv3flGCMYkQlil1u1YGdlIk7TfUHa+elta/US1QVYCJznChdV4UCSLm8PRh4sg9DWRFgrtxfs6IKhEOq17DwpGc1hVAFjNjUHgvPCFg=,iv:+GvCbcxPBJkzZu5TIZ7oGtCsSa8Fl9Qt6mGi6If2wds=,tag:8Lka/tG40HYjR7Uhn9jyig==,type:str]
+ pgp: []
+ encrypted_regex: ^(password|user)$
+ version: 3.7.3
diff --git a/apps/connection-manager/deployment/helm/values.yaml b/apps/connection-manager/deployment/helm/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aeee0f94732f9950171638e82cf7651b11b3744c
--- /dev/null
+++ b/apps/connection-manager/deployment/helm/values.yaml
@@ -0,0 +1,117 @@
+# -- Default number of instances to start
+replicaCount: 1
+# -- Application name
+name: connection-manager
+# -- Ovverwrites application name
+nameOverride: ""
+
+image:
+ repository: eu.gcr.io/vrgn-infra-prj
+ # -- Image name
+ name: gaiax/connection-manager
+ # -- Image tag
+ # Uses .Chart.AppVersion if empty
+ tag: ""
+ # -- Image sha, usually generated by the CI
+ # Uses image.tag if empty
+ sha: ""
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+ # -- Image pull secret when internal image is used
+ pullSecrets: deployment-key-light
+
+
+podAnnotations: {}
+##
+## Pass extra environment variables to the container.
+##
+# extraVars:
+# - name: EXTRA_VAR_1
+# value: extra-var-value-1
+# - name: EXTRA_VAR_2
+# value: extra-var-value-2
+##
+## Create new service when true, and use the specified uner name when set to the name specified
+##
+
+resources:
+ requests:
+ cpu: 25m
+ memory: 64Mi
+ limits:
+ cpu: 150m
+ memory: 128Mi
+
+## Configure pod autoscaling
+##
+
+autoscaling:
+ # -- Enable autoscaling
+ enabled: false
+ # -- Minimum replicas
+ minReplicas: 1
+ # -- Maximum replicas
+ maxReplicas: 3
+ # -- CPU target for autoscaling trigger
+ targetCPUUtilizationPercentage: 70
+ # -- Memory target for autoscaling trigger
+ targetMemoryUtilizationPercentage: 70
+##
+## Prometheus Exporter / Metrics
+##
+
+metrics:
+ # -- Enable prometheus metrics
+ enabled: true
+ # -- Port for prometheus metrics
+ port: 2112
+
+log:
+ level: "INFO"
+ encoding: json
+
+##
+## Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object.
+##
+
+security:
+ # -- by default, apps run as non-root
+ runAsNonRoot: false
+ # -- User used by the apps
+ runAsUid: 0
+ # -- Group used by the apps
+ runAsGid: 0
+##
+##
+service:
+ port: 3003
+
+connectionManager:
+ agent:
+ host: ssi-abstraction
+ protocol: http
+ port: 3010
+ database:
+ host: postgresql-postgresql-ha-postgresql.infra
+ user: ocm_connection_manager
+ password: ocm_connection_manager
+ port: 5432
+ schema: connection
+ db: ocm_connection_manager
+ nats:
+ url: nats
+ port: 4222
+ protocol: nats
+ elastic:
+ url: elasticsearch
+ port: 9200
+ protocol: http
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+ tlsEnabled: true
+ frontendDomain: gaiax.vereign.com
+ frontendTlsSecretName: cert-manager-tls
+ pathOverride: ""
\ No newline at end of file
diff --git a/apps/proof-manager/deployment/helm/Chart.yaml b/apps/proof-manager/deployment/helm/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6f4310e1a757a56469c29f108090eaf06ed464b4
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: v1.0.4-rc
+description: proof-manager deployment
+name: proof-manager
+version: 1.0.4
+icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
diff --git a/apps/proof-manager/deployment/helm/LICENSE b/apps/proof-manager/deployment/helm/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..85621b0cb39c1479b5c894742d1bc28aadc4fbc6
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/LICENSE
@@ -0,0 +1,16 @@
+Deployment recipe for OCM proof manager
+
+
+Copyright 2022 Vereign AG
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/apps/proof-manager/deployment/helm/README.md b/apps/proof-manager/deployment/helm/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..df4e440b66a9ccea392b61e38538ccf0d7804adc
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/README.md
@@ -0,0 +1,69 @@
+# proof-manager
+
+ 
+
+proof-manager deployment
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `3` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
+| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
+| image.name | string | `"gaiax/proof-manager"` | Image name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
+| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
+| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
+| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
+| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
+| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
+| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
+| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
+| ingress.enabled | bool | `true` | |
+| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
+| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
+| ingress.tlsEnabled | bool | `true` | |
+| log.encoding | string | `"json"` | |
+| log.level | string | `"INFO"` | |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.port | int | `2112` | Port for prometheus metrics |
+| name | string | `"proof-manager"` | Application name |
+| nameOverride | string | `""` | Overwrites application name |
+| podAnnotations | object | `{}` | |
+| proofManager.acceptPresentationConfig | string | `"AUTO"` | |
+| proofManager.agent.host | string | `"ssi-abstraction"` | |
+| proofManager.agent.port | int | `3010` | |
+| proofManager.agent.protocol | string | `"http"` | |
+| proofManager.database.db | string | `"ocm_proof_manager"` | |
+| proofManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
+| proofManager.database.password | string | `"ocm_proof_manager"` | |
+| proofManager.database.port | int | `5432` | |
+| proofManager.database.schema | string | `"proof"` | |
+| proofManager.database.user | string | `"ocm_proof_manager"` | |
+| proofManager.elastic.port | int | `9200` | |
+| proofManager.elastic.protocol | string | `"http"` | |
+| proofManager.elastic.url | string | `"elasticsearch"` | |
+| proofManager.nats.port | int | `4222` | |
+| proofManager.nats.protocol | string | `"nats"` | |
+| proofManager.nats.url | string | `"nats"` | |
+| replicaCount | int | `1` | Default number of instances to start |
+| resources.limits.cpu | string | `"150m"` | |
+| resources.limits.memory | string | `"128Mi"` | |
+| resources.requests.cpu | string | `"25m"` | |
+| resources.requests.memory | string | `"64Mi"` | |
+| security.runAsGid | int | `0` | Group used by the apps |
+| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
+| security.runAsUid | int | `0` | User used by the apps |
+| service.port | int | `3007` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
+
+## License
+<hr/>
+
+[Apache 2.0 license](LICENSE)
diff --git a/apps/proof-manager/deployment/helm/templates/_helpers.tpl b/apps/proof-manager/deployment/helm/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..298a7a88d2ba76096fae8c44c686007c33b41a60
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/templates/_helpers.tpl
@@ -0,0 +1,94 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create instance name based on app version and short image sha.
+*/}}
+{{- define "app.revision" -}}
+{{- default .Release.Name .Values.appRel | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/component: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{/*
+Metrics Annotations
+*/}}
+{{- define "app.metricsAnnotations" -}}
+{{- if .Values.metrics.enabled -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.metrics.port }}"
+prometheus.io/path: {{ .Values.metrics.path | default "/metrics" | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Image string
+*/}}
+{{- define "app.image" -}}
+{{- if .Values.image.sha -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}@{{ .Values.image.sha }}
+{{- else -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Security context
+*/}}
+{{- define "app.securitycontext" -}}
+runAsNonRoot: {{ .Values.security.runAsNonRoot | default false }}
+runAsGroup: {{ .Values.security.runAsGid | default 0 }}
+runAsUser: {{ .Values.security.runAsUid | default 0 }}
+fsGroup: {{ .Values.security.runAsGid | default 0 }}
+{{- end -}}
+
+{{/*
+PostgreSQL Connection string URI
+*/}}
+{{- define "app.postgresql.connectionstring" -}}
+postgresql://{{ .Values.proofManager.database.user }}:{{ .Values.proofManager.database.password }}@{{ .Values.proofManager.database.host }}:{{ .Values.proofManager.database.port }}/{{ .Release.Namespace }}_{{ include "app.name" . | replace "-" "_" }}?schema={{ .Values.proofManager.database.schema }}
+{{- end -}}
+
+{{/*
+Ingress custom path.
+*/}}
+{{- define "app.path" -}}
+{{- default .Chart.Name .Values.ingress.pathOverride | replace "-manager" "" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/apps/proof-manager/deployment/helm/templates/deployment.yaml b/apps/proof-manager/deployment/helm/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..259b078e66e1a9e6ca265034072f042998d91a97
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/templates/deployment.yaml
@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "app.name" . }}"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ app.kubernetes.io/instance: {{ include "app.revision" . }}
+ app.kubernetes.io/part-of: rse
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ {{- include "app.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "app.labels" . | nindent 8 }}
+ annotations:
+ {{- include "app.metricsAnnotations" . | nindent 8 }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ securityContext:
+{{- include "app.securitycontext" . | nindent 8 }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecrets }}
+ containers:
+ - name: {{ template "app.name" . }}
+ image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ - name: PORT
+ value: {{ .Values.service.port | quote }}
+ - name: DATABASE_URL
+ value: {{ template "app.postgresql.connectionstring" (merge (dict "application" "true") .) }}
+ - name: NATS_URL
+ value: "{{ .Values.proofManager.nats.protocol }}://{{ .Values.proofManager.nats.url }}:{{ .Values.proofManager.nats.port }}"
+ - name: ECSURL
+ value: "{{ .Values.proofManager.elastic.protocol }}://{{ .Values.proofManager.elastic.url }}:{{ .Values.proofManager.elastic.port }}/"
+ - name: LOG_LEVEL
+ value: {{ .Values.log.level | default "INFO" }}
+ - name: LOG_ENCODING
+ value: {{ .Values.log.encoding | default "json" }}
+ - name: AGENT_URL
+ value: "{{ .Values.proofManager.agent.protocol }}://{{ .Values.proofManager.agent.host }}:{{ .Values.proofManager.agent.port }}"
+ - name: ACCEPT_PRESENTATION_CONFIG
+ value: {{ .Values.proofManager.acceptPresentationConfig }}
+
+{{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 8 }}
+{{- end }}
+ ports:
+ {{- if .Values.metrics.enabled }}
+ - name: monitoring
+ containerPort: {{ .Values.metrics.port }}
+ {{- end }}
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ readinessProbe:
+ httpGet:
+ path: /v1/health
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 2
+ failureThreshold: 2
+ timeoutSeconds: 5
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
diff --git a/apps/proof-manager/deployment/helm/templates/hpa.yaml b/apps/proof-manager/deployment/helm/templates/hpa.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fc5c29e7463c24756cfa83754e8ab9336be7b8c2
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/templates/hpa.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "app.name" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+{{- end }}
+{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/proof-manager/deployment/helm/templates/ingress.yaml b/apps/proof-manager/deployment/helm/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..798a8d1e5df4b25a735418ca27602a564972847a
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/templates/ingress.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ template "app.path" . }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+{{- if .Values.ingress.tlsEnabled }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.frontendDomain }}
+ secretName: {{ .Values.ingress.frontendTlsSecretName }}
+{{- end }}
+ rules:
+ - host: {{ .Values.ingress.frontendDomain }}
+ http:
+ paths:
+ - path: /{{ template "app.path" . }}(/|$)(.*)
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ template "app.name" . }}
+ port:
+ number: {{ .Values.service.port }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/proof-manager/deployment/helm/templates/service.yaml b/apps/proof-manager/deployment/helm/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..21c57ac87992e185f824c0c8c9fbf8ab19b289d2
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+ clusterIP: None
+ ports:
+ - name: http
+ port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.port }}
+ selector:
+ {{- include "app.selectorLabels" . | nindent 4 }}
+
diff --git a/apps/proof-manager/deployment/helm/values-override.yaml b/apps/proof-manager/deployment/helm/values-override.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f0f4c9d22df23646d8085662d5a708a4e6525c54
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/values-override.yaml
@@ -0,0 +1,33 @@
+image:
+ repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
+ # -- Image name
+ name: proof-manager
+proofManager:
+ database:
+ host: vereign-database1-postgres.gxfs-vereign
+ user: ENC[AES256_GCM,data:q5NhZmWp8Xo=,iv:1Fvhv+sMhPHIAqAb20ebf9W31KWUnFSCHB6YFEweZrc=,tag:TmVXG72ctypICUzuQjXI7w==,type:str]
+ password: ENC[AES256_GCM,data:7yYeSGu4A+kS/dzt4cqDF0ugQZVTBVwX0wS6SnInO0x5mFhuEIEoZA6posVXMXtxFOpMCK0/XK6DRiUkOmaH1A==,iv:h2AUH2bqWPT79gBqiOdrVTX7Jg32vnOcILyWxBLN0mk=,tag:JpVkcxLryfnww3t2yi32WA==,type:str]
+ db: vereign-database1-postgres
+ingress:
+ frontendDomain: ocm.gxfs.dev
+ frontendTlsSecretName: wildcard-gxfs-dev
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYzFzaHpjL3M2SlVsaXcy
+ QXFuay9BWC8yWE9tSzhFUmpHYlRtdG1sbndZCldmNGV4SVJBUTJ0T0RKR3h2MU9P
+ bG5HNWZmQTB5UzZlSElTRnRJNlF0NFkKLS0tIEJKQVZmSVQ4aThMSDFoMURvL25L
+ bUZrbUpoK3R1VXZGb1htM0MzWlJPdHcKxU1fcH+Lg8bJgkyL0u/DwFuiRtQfipqH
+ d5ktsg3YUtmDEko9a3IwA+EPbrg0bHlojEYMuUlLmcJtOV20FzQDrA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-08-04T11:11:23Z"
+ mac: ENC[AES256_GCM,data:RB2WXSa5CG1o2boDuJj9zSRSLa/9jzM3UDp9bu8vWy4wBs7W4LvtxUyyee7O/+Au9/xNtv/tjK56mpYRQViClGSkydrYjtILaAJ1wEFtANy2CyPs8xrqNb1jKrBhWGj1+5N5GH8OkPQ4gu/udavnyNIRALjhNE1aklhk4Oqv3h0=,iv:1Ykz7eiuRQNwv7r7HQZmJPAaAJBBJUKdjykLzzynxCk=,tag:ts4IHFLSFUabI3983qM9zQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(password|user)$
+ version: 3.7.3
diff --git a/apps/proof-manager/deployment/helm/values.yaml b/apps/proof-manager/deployment/helm/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..434fa40aa79812dcd2150013635bb92c9236e108
--- /dev/null
+++ b/apps/proof-manager/deployment/helm/values.yaml
@@ -0,0 +1,117 @@
+# -- Default number of instances to start
+replicaCount: 1
+# -- Application name
+name: proof-manager
+# -- Overwrites application name
+nameOverride: ""
+
+image:
+ repository: eu.gcr.io/vrgn-infra-prj
+ # -- Image name
+ name: gaiax/proof-manager
+ # -- Image tag
+ # Uses .Chart.AppVersion if empty
+ tag: ""
+ # -- Image sha, usually generated by the CI
+ # Uses image.tag if empty
+ sha: ""
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+ # -- Image pull secret when internal image is used
+ pullSecrets: deployment-key-light
+
+
+podAnnotations: {}
+##
+## Pass extra environment variables to the container.
+##
+# extraVars:
+# - name: EXTRA_VAR_1
+# value: extra-var-value-1
+# - name: EXTRA_VAR_2
+# value: extra-var-value-2
+##
+## Create new service when true, and use the specified uner name when set to the name specified
+##
+
+resources:
+ requests:
+ cpu: 25m
+ memory: 64Mi
+ limits:
+ cpu: 150m
+ memory: 128Mi
+
+## Configure pod autoscaling
+##
+
+autoscaling:
+ # -- Enable autoscaling
+ enabled: false
+ # -- Minimum replicas
+ minReplicas: 1
+ # -- Maximum replicas
+ maxReplicas: 3
+ # -- CPU target for autoscaling trigger
+ targetCPUUtilizationPercentage: 70
+ # -- Memory target for autoscaling trigger
+ targetMemoryUtilizationPercentage: 70
+##
+## Prometheus Exporter / Metrics
+##
+
+metrics:
+ # -- Enable prometheus metrics
+ enabled: true
+ # -- Port for prometheus metrics
+ port: 2112
+
+log:
+ level: "INFO"
+ encoding: json
+
+##
+## Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object.
+##
+
+security:
+ # -- by default, apps run as non-root
+ runAsNonRoot: false
+ # -- User used by the apps
+ runAsUid: 0
+ # -- Group used by the apps
+ runAsGid: 0
+##
+##
+service:
+ port: 3007
+
+proofManager:
+ acceptPresentationConfig: AUTO
+ agent:
+ host: ssi-abstraction
+ protocol: http
+ port: 3010
+ database:
+ host: postgresql-postgresql-ha-postgresql.infra
+ user: ocm_proof_manager
+ password: ocm_proof_manager
+ port: 5432
+ schema: proof
+ db: ocm_proof_manager
+ nats:
+ url: nats
+ port: 4222
+ protocol: nats
+ elastic:
+ url: elasticsearch
+ port: 9200
+ protocol: http
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+ tlsEnabled: true
+ frontendDomain: gaiax.vereign.com
+ frontendTlsSecretName: cert-manager-tls
\ No newline at end of file
diff --git a/apps/ssi-abstraction/deployment/helm/Chart.yaml b/apps/ssi-abstraction/deployment/helm/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7dae6f943921d7a0d80f81531a1daad4a07663e8
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: v1.0.3-rc
+description: ssi-abstraction deployment
+name: ssi-abstraction
+version: 1.0.3
+icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
diff --git a/apps/ssi-abstraction/deployment/helm/LICENSE b/apps/ssi-abstraction/deployment/helm/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..85a85ea92366fe94481e789f695b3022c6cc41be
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/LICENSE
@@ -0,0 +1,16 @@
+Deployment recipe for OCM SSI abstraction service.
+
+
+Copyright 2022 Vereign AG
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/apps/ssi-abstraction/deployment/helm/README.md b/apps/ssi-abstraction/deployment/helm/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..cecfc27af24278fe0a975f75be442f4268a05759
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/README.md
@@ -0,0 +1,73 @@
+# ssi-abstraction
+
+ 
+
+ssi-abstraction deployment
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `3` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
+| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
+| image.name | string | `"gaiax/ssi-abstraction"` | Image name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
+| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
+| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
+| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
+| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
+| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
+| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
+| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
+| ingress.enabled | bool | `true` | |
+| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
+| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
+| ingress.pathOverride | string | `"didcomm"` | |
+| ingress.tlsEnabled | bool | `true` | |
+| log.encoding | string | `"json"` | |
+| log.level | string | `"INFO"` | |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.port | int | `2112` | Port for prometheus metrics |
+| name | string | `"ssi-abstraction"` | Application name |
+| nameOverride | string | `""` | Ovverwrites application name |
+| podAnnotations | object | `{}` | |
+| replicaCount | int | `1` | Default number of instances to start |
+| resources.limits.cpu | string | `"150m"` | |
+| resources.limits.memory | string | `"512Mi"` | |
+| resources.requests.cpu | string | `"25m"` | |
+| resources.requests.memory | string | `"64Mi"` | |
+| security.runAsGid | int | `0` | Group used by the apps |
+| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
+| security.runAsUid | int | `0` | User used by the apps |
+| service.port | int | `3009` | |
+| ssiAbstraction.afjExtPort | int | `3010` | |
+| ssiAbstraction.agent.autoAccept.connection | bool | `true` | |
+| ssiAbstraction.agent.autoAccept.credential | bool | `true` | |
+| ssiAbstraction.agent.host | string | `"gaiax.vereign.com"` | |
+| ssiAbstraction.agent.ledgerId | string | `"ID_UNION"` | |
+| ssiAbstraction.agent.name | string | `"ssi-abstraction-agent"` | |
+| ssiAbstraction.agent.peerPort | int | `443` | |
+| ssiAbstraction.agent.protocol | string | `"http"` | |
+| ssiAbstraction.agent.publicDidSeed | string | `"6b8b882e2618fa5d45ee7229ca880083"` | |
+| ssiAbstraction.agent.urlPath | string | `"/ocm/didcomm"` | |
+| ssiAbstraction.agent.wallet.id | string | `"ssi-wallet-id"` | |
+| ssiAbstraction.agent.wallet.key | string | `"ssi-wallet-key"` | |
+| ssiAbstraction.database.db | string | `"postgres"` | |
+| ssiAbstraction.database.host | string | `"postgresql.infra"` | |
+| ssiAbstraction.database.password | string | `"password"` | |
+| ssiAbstraction.database.port | int | `5432` | |
+| ssiAbstraction.database.schema | string | `"proof"` | |
+| ssiAbstraction.database.user | string | `"root"` | |
+| ssiAbstraction.elastic.port | int | `9200` | |
+| ssiAbstraction.elastic.protocol | string | `"http"` | |
+| ssiAbstraction.elastic.url | string | `"elasticsearch"` | |
+| ssiAbstraction.nats.port | int | `4222` | |
+| ssiAbstraction.nats.protocol | string | `"nats"` | |
+| ssiAbstraction.nats.url | string | `"nats"` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
diff --git a/apps/ssi-abstraction/deployment/helm/templates/_helpers.tpl b/apps/ssi-abstraction/deployment/helm/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..68fc93b68bc8804a6ee70cbba288ab692024f228
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/templates/_helpers.tpl
@@ -0,0 +1,94 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create instance name based on app version and short image sha.
+*/}}
+{{- define "app.revision" -}}
+{{- default .Release.Name .Values.appRel | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/component: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{/*
+Metrics Annotations
+*/}}
+{{- define "app.metricsAnnotations" -}}
+{{- if .Values.metrics.enabled -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.metrics.port }}"
+prometheus.io/path: {{ .Values.metrics.path | default "/metrics" | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Image string
+*/}}
+{{- define "app.image" -}}
+{{- if .Values.image.sha -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}@{{ .Values.image.sha }}
+{{- else -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Security context
+*/}}
+{{- define "app.securitycontext" -}}
+runAsNonRoot: {{ .Values.security.runAsNonRoot | default false }}
+runAsGroup: {{ .Values.security.runAsGid | default 0 }}
+runAsUser: {{ .Values.security.runAsUid | default 0 }}
+fsGroup: {{ .Values.security.runAsGid | default 0 }}
+{{- end -}}
+
+{{/*
+PostgreSQL Connection string URI
+*/}}
+{{- define "app.postgresql.connectionstring" -}}
+postgresql://{{ .Values.ssiAbstraction.database.user }}:{{ .Values.ssiAbstraction.database.password }}@{{ .Values.ssiAbstraction.database.host }}:{{ .Values.ssiAbstraction.database.port }}/{{ .Release.Namespace }}_{{ include "app.name" . | replace "-" "_" }}?schema=proof
+{{- end -}}
+
+{{/*
+Ingress custom path.
+*/}}
+{{- define "app.path" -}}
+{{- default .Chart.Name .Values.ingress.pathOverride | replace "-manager" "" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/apps/ssi-abstraction/deployment/helm/templates/deployment.yaml b/apps/ssi-abstraction/deployment/helm/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..576b94f60feb8531c7a4b455fe2366ce905d39d9
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/templates/deployment.yaml
@@ -0,0 +1,97 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "app.name" . }}"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ app.kubernetes.io/instance: {{ include "app.revision" . }}
+ app.kubernetes.io/part-of: rse
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ {{- include "app.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "app.labels" . | nindent 8 }}
+ annotations:
+ {{- include "app.metricsAnnotations" . | nindent 8 }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ securityContext:
+{{- include "app.securitycontext" . | nindent 8 }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecrets }}
+ containers:
+ - name: {{ template "app.name" . }}
+ image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ - name: PORT
+ value: {{ .Values.service.port | quote }}
+ - name: AFJ_EXT_PORT
+ value: {{ .Values.ssiAbstraction.afjExtPort | quote }}
+ - name: DATABASE_URL
+ value: {{ template "app.postgresql.connectionstring" (merge (dict "application" "true") .) }}
+ - name: NATS_URL
+ value: "{{ .Values.ssiAbstraction.nats.protocol }}://{{ .Values.ssiAbstraction.nats.url }}:{{ .Values.ssiAbstraction.nats.port }}"
+ - name: ECSURL
+ value: "{{ .Values.ssiAbstraction.elastic.protocol }}://{{ .Values.ssiAbstraction.elastic.url }}:{{ .Values.ssiAbstraction.elastic.port }}/"
+ - name: AGENT_HOST
+ value: "{{ .Values.ssiAbstraction.agent.protocol }}://{{ .Values.ssiAbstraction.agent.host }}"
+ - name: AGENT_URL_PATH
+ value: {{ .Values.ssiAbstraction.agent.urlPath }}
+ - name: AGENT_NAME
+ value: {{ .Values.ssiAbstraction.agent.name }}
+ - name: AGENT_PEER_PORT
+ value: ":{{ .Values.ssiAbstraction.agent.peerPort }}"
+ - name: AGENT_PUBLIC_DID_SEED
+ value: {{ .Values.ssiAbstraction.agent.publicDidSeed | quote }}
+ - name: AGENT_AUTO_ACCEPT_CONNECTION
+ value: {{ .Values.ssiAbstraction.agent.autoAccept.connection | quote }}
+ - name: AGENT_AUTO_ACCEPT_CREDENTIAL
+ value: {{ .Values.ssiAbstraction.agent.autoAccept.credential | quote }}
+ - name: AGENT_LEDGER_ID
+ value: {{ .Values.ssiAbstraction.agent.ledgerId | quote }}
+ - name: LOG_LEVEL
+ value: {{ .Values.log.level | default "INFO" }}
+ - name: LOG_ENCODING
+ value: {{ .Values.log.encoding | default "json" }}
+ - name: AGENT_WALLET_KEY
+ value: {{ .Values.ssiAbstraction.agent.wallet.key | quote }}
+ - name: AGENT_WALLET_ID
+ value: {{ .Values.ssiAbstraction.agent.wallet.id | quote }}
+{{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 8 }}
+{{- end }}
+ ports:
+ {{- if .Values.metrics.enabled }}
+ - name: monitoring
+ containerPort: {{ .Values.metrics.port }}
+ {{- end }}
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ - name: afj
+ containerPort: {{ .Values.ssiAbstraction.afjExtPort }}
+ - name: peer
+ containerPort: {{ .Values.ssiAbstraction.agent.peerPort }}
+ readinessProbe:
+ httpGet:
+ path: /v1/health
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 2
+ failureThreshold: 2
+ timeoutSeconds: 5
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
diff --git a/apps/ssi-abstraction/deployment/helm/templates/hpa.yaml b/apps/ssi-abstraction/deployment/helm/templates/hpa.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fc5c29e7463c24756cfa83754e8ab9336be7b8c2
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/templates/hpa.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "app.name" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+{{- end }}
+{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/ssi-abstraction/deployment/helm/templates/ingress.yaml b/apps/ssi-abstraction/deployment/helm/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..819267ff15e788506ab52d1773591622d8e8beae
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/templates/ingress.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+{{- if .Values.ingress.tlsEnabled }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.frontendDomain }}
+ secretName: {{ .Values.ingress.frontendTlsSecretName }}
+{{- end }}
+ rules:
+ - host: {{ .Values.ingress.frontendDomain }}
+ http:
+ paths:
+ - path: /{{ .Release.Namespace }}/{{ template "app.path" . }}(/|$)(.*)
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ template "app.name" . }}
+ port:
+ number: {{ .Values.ssiAbstraction.agent.peerPort }}
+{{- end }}
\ No newline at end of file
diff --git a/apps/ssi-abstraction/deployment/helm/templates/service.yaml b/apps/ssi-abstraction/deployment/helm/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5c1da5d5549e952002b742be720365088a8d6c76
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/templates/service.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "app.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+ clusterIP: None
+ ports:
+ - name: http
+ port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.port }}
+ - name: afj
+ port: {{ .Values.ssiAbstraction.afjExtPort }}
+ targetPort: {{ .Values.ssiAbstraction.afjExtPort }}
+ - name: peer
+ port: {{ .Values.ssiAbstraction.agent.peerPort }}
+ targetPort: {{ .Values.ssiAbstraction.agent.peerPort }}
+ selector:
+ {{- include "app.selectorLabels" . | nindent 4 }}
+
diff --git a/apps/ssi-abstraction/deployment/helm/values.yaml b/apps/ssi-abstraction/deployment/helm/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..110a0b40b647b9199d3c2a94d3883759e337496f
--- /dev/null
+++ b/apps/ssi-abstraction/deployment/helm/values.yaml
@@ -0,0 +1,130 @@
+# -- Default number of instances to start
+replicaCount: 1
+# -- Application name
+name: ssi-abstraction
+# -- Ovverwrites application name
+nameOverride: ""
+
+image:
+ repository: eu.gcr.io/vrgn-infra-prj
+ # -- Image name
+ name: gaiax/ssi-abstraction
+ # -- Image tag
+ # Uses .Chart.AppVersion if empty
+ tag: ""
+ # -- Image sha, usually generated by the CI
+ # Uses image.tag if empty
+ sha: ""
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+ # -- Image pull secret when internal image is used
+ pullSecrets: deployment-key-light
+
+
+podAnnotations: {}
+##
+## Pass extra environment variables to the container.
+##
+# extraVars:
+# - name: EXTRA_VAR_1
+# value: extra-var-value-1
+# - name: EXTRA_VAR_2
+# value: extra-var-value-2
+##
+## Create new service when true, and use the specified uner name when set to the name specified
+##
+
+resources:
+ requests:
+ cpu: 25m
+ memory: 64Mi
+ limits:
+ cpu: 150m
+ memory: 512Mi
+
+## Configure pod autoscaling
+##
+
+autoscaling:
+ # -- Enable autoscaling
+ enabled: false
+ # -- Minimum replicas
+ minReplicas: 1
+ # -- Maximum replicas
+ maxReplicas: 3
+ # -- CPU target for autoscaling trigger
+ targetCPUUtilizationPercentage: 70
+ # -- Memory target for autoscaling trigger
+ targetMemoryUtilizationPercentage: 70
+##
+## Prometheus Exporter / Metrics
+##
+
+metrics:
+ # -- Enable prometheus metrics
+ enabled: true
+ # -- Port for prometheus metrics
+ port: 2112
+
+log:
+ level: "INFO"
+ encoding: json
+
+##
+## Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object.
+##
+
+security:
+ # -- by default, apps run as non-root
+ runAsNonRoot: false
+ # -- User used by the apps
+ runAsUid: 0
+ # -- Group used by the apps
+ runAsGid: 0
+##
+##
+service:
+ port: 3009
+
+ssiAbstraction:
+ agent:
+ name: ssi-abstraction-agent
+ host: gaiax.vereign.com
+ protocol: http
+ peerPort: 443
+ urlPath: /ocm/didcomm
+ publicDidSeed: 6b8b882e2618fa5d45ee7229ca880083
+ autoAccept:
+ connection: true
+ credential: true
+ wallet:
+ key: ssi-wallet-key
+ id: ssi-wallet-id
+ ledgerId: ID_UNION
+ afjExtPort: 3010
+ database:
+ host: postgresql.infra
+ user: root
+ password: password
+ port: 5432
+ schema: proof
+ db: postgres
+ nats:
+ url: nats
+ port: 4222
+ protocol: nats
+ elastic:
+ url: elasticsearch
+ port: 9200
+ protocol: http
+ingress:
+ enabled: true
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-http
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/ingress.global-static-ip-name: dev-light-public
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+ tlsEnabled: true
+ frontendDomain: gaiax.vereign.com
+ frontendTlsSecretName: cert-manager-tls
+ pathOverride: didcomm
\ No newline at end of file