chore(stable-env): change config management

app setup in ArgoCD: retire values-stable.yaml and replace it with config from HELM_VALUES env var
eclipse-tractusx · Sep 26, 2023 · af90314 · af90314
1 parent 08b9256
commit af90314
Show file tree

Hide file tree

Showing 4 changed files with 159 additions and 198 deletions.
diff --git a/consortia/argocd-app-templates/centralidp/appsetup-stable.yaml b/consortia/argocd-app-templates/centralidp/appsetup-stable.yaml
@@ -23,16 +23,78 @@ metadata:
   name: centralidp
 spec:
   destination:
+    name: ''
     namespace: product-portal
     server: 'https://kubernetes.default.svc'
   source:
-    path: charts/centralidp
-    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    path: ''
+    repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
+    targetRevision: 1.2.0
     plugin:
       env:
-        - name: AVP_SECRET
-          value: vault-secret
-        - name: helm_args
-          value: '-f values.yaml -f ../../consortia/environments/centralidp/values-stable.yaml'
+        - name: HELM_VALUES
+          value: |
+            keycloak:
+              initContainers:
+                - name: import
+                  image: tractusx/portal-iam-consortia:v1.2.0
+                  imagePullPolicy: Always
+                  command:
+                    - sh
+                  args:
+                    - -c
+                    - |
+                      echo "Copying themes..."
+                      cp -R /import/themes/catenax-central/* /themes
+                      echo "Copying realms..."
+                      cp -R /import/catenax-central/stable/realms/* /realms
+                  volumeMounts:
+                  - name: themes
+                    mountPath: "/themes"
+                  - name: realms
+                    mountPath: "/realms"
+              ingress:
+                enabled: true
+                ingressClassName: nginx
+                hostname: centralidp.stable.demo.catena-x.net
+                annotations:
+                  cert-manager.io/cluster-issuer: letsencrypt-prod
+                  nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+                  nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+                  nginx.ingress.kubernetes.io/cors-allow-origin: https://centralidp.stable.demo.catena-x.net, http://localhost:3000
+                  nginx.ingress.kubernetes.io/enable-cors: "true"
+                  nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+                  nginx.ingress.kubernetes.io/proxy-buffering: "on"
+                  nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+                  nginx.ingress.kubernetes.io/use-regex: "true"
+                tls: true
+            secrets:
+              auth:
+                existingSecret:
+                  adminpassword: "<path:portal/data/stable/iam/centralidp-keycloak#admin-password>"
+                  managementpassword: "<path:portal/data/stable/iam/centralidp-keycloak#management-password>"
+              postgresql:
+                auth:
+                  existingSecret:
+                    postgrespassword: "<path:portal/data/stable/iam/centralidp-postgres#postgres-password>"
+                    password: "<path:portal/data/stable/iam/centralidp-postgres#password>"
+                    replicationPassword: "<path:portal/data/stable/iam/centralidp-postgres#replication-password>"
+            seeding:
+              enabled: true
+              initContainers:
+                - name: init-cx-central
+                  image: tractusx/portal-iam-consortia:v1.2.0
+                  imagePullPolicy: Always
+                  command:
+                    - sh
+                  args:
+                    - -c
+                    - |
+                      echo "Copying CX Central realm..."
+                      cp -R /import/catenax-central/stable/realms/* /app/realms
+                  volumeMounts:
+                  - name: realms
+                    mountPath: "app/realms"
+    chart: centralidp
+  sources: []
   project: project-portal
diff --git a/consortia/argocd-app-templates/sharedidp/appsetup-stable.yaml b/consortia/argocd-app-templates/sharedidp/appsetup-stable.yaml
@@ -23,16 +23,99 @@ metadata:
   name: sharedidp
 spec:
   destination:
+    name: ''
     namespace: product-portal
     server: 'https://kubernetes.default.svc'
   source:
-    path: charts/sharedidp
-    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    path: ''
+    repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
+    targetRevision: 1.2.0
     plugin:
       env:
-        - name: AVP_SECRET
-          value: vault-secret
-        - name: helm_args
-          value: '-f values.yaml -f ../../consortia/environments/sharedidp/values-stable.yaml'
+        - name: HELM_VALUES
+          value: |
+            keycloak:
+              extraVolumes:
+                - name: themes-catenax-shared
+                  emptyDir: {}
+                - name: themes-catenax-shared-portal
+                  emptyDir: {}
+                - name: realms
+                  emptyDir: {}
+                - name: realm-secrets
+                  secret:
+                    secretName: secret-sharedidp-realms
+              extraVolumeMounts:
+                - name: themes-catenax-shared
+                  mountPath: "/opt/bitnami/keycloak/themes/catenax-shared"
+                - name: themes-catenax-shared-portal
+                  mountPath: "/opt/bitnami/keycloak/themes/catenax-shared-portal"
+                - name: realms
+                  mountPath: "/realms"
+                - name: realm-secrets
+                  mountPath: "/secrets"
+              initContainers:
+                - name: import
+                  image: tractusx/portal-iam-consortia:v1.2.0
+                  imagePullPolicy: Always
+                  command:
+                    - sh
+                  args:
+                    - -c
+                    - |
+                      echo "Copying themes-catenax-shared..."
+                      cp -R /import/themes/catenax-shared/* /themes-catenax-shared
+                      echo "Copying themes-catenax-shared-portal..."
+                      cp -R /import/themes/catenax-shared-portal/* /themes-catenax-shared-portal
+                      echo "Copying realms..."
+                      cp -R /import/catenax-shared/stable/realms/* /realms
+                      echo "Copying realms-secrets..."
+                      cp /secrets/* /realms
+                  volumeMounts:
+                  - name: themes-catenax-shared
+                    mountPath: "/themes-catenax-shared"
+                  - name: themes-catenax-shared-portal
+                    mountPath: "/themes-catenax-shared-portal"
+                  - name: realms
+                    mountPath: "/realms"
+                  - name: realm-secrets
+                    mountPath: "/secrets"
+              ingress:
+                enabled: true
+                ingressClassName: nginx
+                hostname: sharedidp.stable.demo.catena-x.net
+                annotations:
+                  cert-manager.io/cluster-issuer: letsencrypt-prod
+                  nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+                  nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+                  nginx.ingress.kubernetes.io/cors-allow-origin: https://sharedidp.stable.demo.catena-x.net, http://localhost:3000
+                  nginx.ingress.kubernetes.io/enable-cors: "true"
+                  nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+                  nginx.ingress.kubernetes.io/proxy-buffering: "on"
+                  nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+                  nginx.ingress.kubernetes.io/use-regex: "true"
+                tls: true
+            secrets:
+              auth:
+                existingSecret:
+                  adminpassword: "<path:portal/data/stable/iam/sharedidp-keycloak#admin-password>"
+                  managementpassword: "<path:portal/data/stable/iam/sharedidp-keycloak#management-password>"
+              postgresql:
+                auth:
+                  existingSecret:
+                    postgrespassword: "<path:portal/data/stable/iam/sharedidp-postgres#postgres-password>"
+                    password: "<path:portal/data/stable/iam/sharedidp-postgres#password>"
+                    replicationPassword: "<path:portal/data/stable/iam/sharedidp-postgres#replication-password>"
+              realmuser:
+                enabled: true
+                cxtestaccessuser: "<path:portal/data/iam/sharedidp-user#CX-Test-Access-users-0.json>"
+                company1user: "<path:portal/data/iam/sharedidp-user#Company-1-users-0.json>"
+                company2user: "<path:portal/data/iam/sharedidp-user#Company-2-users-0.json>"
+                securitycompany: "<path:portal/data/iam/sharedidp-user#Security-Company-users-0.json>"
+                cxoperator: "<path:portal/data/iam/sharedidp-user#CX-Operator-users-0.json>"
+                serviceprovider: "<path:portal/data/iam/sharedidp-user#Service-Provider-users-0.json>"
+                appprovider: "<path:portal/data/iam/sharedidp-user#App-Provider-users-0.json>"
+                chart: sharedidp
+    chart: sharedidp
+  sources: []
   project: project-portal
diff --git a/consortia/environments/centralidp/values-stable.yaml b/consortia/environments/centralidp/values-stable.yaml
diff --git a/consortia/environments/sharedidp/values-stable.yaml b/consortia/environments/sharedidp/values-stable.yaml