Merge pull request #657 from syedsalman3753/DSD-4578

[DSD-4578] updated charts as per key migration
mosip · May 27, 2024 · e8970cc · e8970cc
2 parents d5e373c + 042e0c4
commit e8970cc
Show file tree

Hide file tree

Showing 22 changed files with 792 additions and 26 deletions.
diff --git a/charts/ida-auth/templates/deployment.yaml b/charts/ida-auth/templates/deployment.yaml
@@ -57,18 +57,20 @@ spec:
       initContainers:
         {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
         - name: volume-permissions
-          image: {{ include "ida-auth.volumePermissions.image" . }}
+          image: {{ template "ida-auth.image" . }}
           imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
           command:
-            - %%commands%%
+            - /bin/bash
+            - -c
+            - chown -R 1001:1001 {{ .Values.persistence.mountDir }}
           securityContext:
             runAsUser: 0
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: foo
-              mountPath: bar
+            - name: {{ .Values.persistence.volume_name }}
+              mountPath: {{ .Values.persistence.mountDir }}
         {{- end }}
         {{- if .Values.enable_insecure }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
@@ -92,8 +94,18 @@ spec:
           env:
             - name: container_user
               value: {{ .Values.containerSecurityContext.runAsUser }}
+            {{- if .Values.additionalResources.javaOpts }}
             - name: JDK_JAVA_OPTIONS
               value: {{ .Values.additionalResources.javaOpts }}
+            {{- end }}
+            {{- if .Values.springConfigNameEnv }}
+            - name: spring_config_name_env
+              value: {{ .Values.springConfigNameEnv }}
+            {{- end }}
+            {{- if .Values.activeProfileEnv }}
+            - name: active_profile_env
+              value: {{ .Values.activeProfileEnv }}
+            {{- end}}
             {{- if .Values.extraEnvVars }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -136,6 +148,10 @@ spec:
             name: cacerts
             subPath: cacerts
           {{- end }}
+          {{- if .Values.persistence.enabled }}
+          - name: {{ .Values.persistence.volume_name }}
+            mountPath: {{ .Values.persistence.mountDir }}
+          {{- end }}
         {{- if .Values.sidecars }}
         {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
         {{- end }}
@@ -144,3 +160,8 @@ spec:
       - name: cacerts
         emptyDir: {}
       {{- end }}
+      {{- if .Values.persistence.enabled }}
+      - name: {{ .Values.persistence.volume_name }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default .Values.persistence.pvc_claim_name  }}
+      {{- end }}
diff --git a/charts/ida-auth/values.yaml b/charts/ida-auth/values.yaml
@@ -333,11 +333,14 @@ persistence:
   ## ReadWriteMany not supported by AWS gp2
   storageClass:
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   size: 10M
+  # existingClaim: pkcs12-keys.p12
   existingClaim:
   # Dir where config and keys are written inside container
-  mountDir:
+  mountDir: /home/mosip/config/
+  volume_name: config
+  # pvc_claim_name: pkcs12-keys.p12
 
 ## Init containers parameters:
 ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
@@ -466,3 +469,6 @@ istio:
         prefix: /idauthentication/v1/vci-exchange
 
 enable_insecure: false
+
+springConfigNameEnv:
+activeProfileEnv:
diff --git a/charts/ida-internal/templates/deployment.yaml b/charts/ida-internal/templates/deployment.yaml
@@ -57,18 +57,20 @@ spec:
       initContainers:
         {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
         - name: volume-permissions
-          image: {{ include "ida-internal.volumePermissions.image" . }}
+          image: {{ template "ida-internal.image" . }}
           imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
           command:
-            - %%commands%%
+            - /bin/bash
+            - -c
+            - chown -R 1001:1001 {{ .Values.persistence.mountDir }}
           securityContext:
             runAsUser: 0
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: foo
-              mountPath: bar
+            - name: {{ .Values.persistence.volume_name }}
+              mountPath: {{ .Values.persistence.mountDir }}
         {{- end }}
         {{- if .Values.enable_insecure }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
@@ -92,8 +94,18 @@ spec:
           env:
             - name: container_user
               value: {{ .Values.containerSecurityContext.runAsUser }}
+            {{- if .Values.additionalResources.javaOpts }}
             - name: JDK_JAVA_OPTIONS
               value: {{ .Values.additionalResources.javaOpts }}
+            {{- end }}
+            {{- if .Values.springConfigNameEnv }}
+            - name: spring_config_name_env
+              value: {{ .Values.springConfigNameEnv }}
+            {{- end }}
+            {{- if .Values.activeProfileEnv }}
+            - name: active_profile_env
+              value: {{ .Values.activeProfileEnv }}
+            {{- end}}
             {{- if .Values.extraEnvVars }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -136,6 +148,10 @@ spec:
             name: cacerts
             subPath: cacerts
           {{- end }}
+          {{- if .Values.persistence.enabled }}
+          - name: {{ .Values.persistence.volume_name }}
+            mountPath: {{ .Values.persistence.mountDir }}
+          {{- end }}
         {{- if .Values.sidecars }}
         {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
         {{- end }}
@@ -144,3 +160,8 @@ spec:
       - name: cacerts
         emptyDir: {}
       {{- end }}
+      {{- if .Values.persistence.enabled }}
+      - name: {{ .Values.persistence.volume_name }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default .Values.persistence.pvc_claim_name  }}
+      {{- end }}
diff --git a/charts/ida-internal/values.yaml b/charts/ida-internal/values.yaml
@@ -333,11 +333,14 @@ persistence:
   ## ReadWriteMany not supported by AWS gp2
   storageClass:
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   size: 10M
+  # existingClaim: pkcs12-keys.p12
   existingClaim:
   # Dir where config and keys are written inside container
-  mountDir:
+  mountDir: /home/mosip/config/
+  volume_name: config
+  # pvc_claim_name: pkcs12-keys.p12
 
 ## Init containers parameters:
 ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
@@ -451,3 +454,5 @@ istio:
   prefix: /idauthentication/v1/internal
 
 enable_insecure: false
+springConfigNameEnv:
+activeProfileEnv:
diff --git a/charts/ida-otp/templates/deployment.yaml b/charts/ida-otp/templates/deployment.yaml
@@ -57,18 +57,20 @@ spec:
       initContainers:
         {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
         - name: volume-permissions
-          image: {{ include "ida-otp.volumePermissions.image" . }}
+          image: {{ template "ida-otp.image" . }}
           imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
           command:
-            - %%commands%%
+            - /bin/bash
+            - -c
+            - chown -R 1001:1001 {{ .Values.persistence.mountDir }}
           securityContext:
             runAsUser: 0
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: foo
-              mountPath: bar
+            - name: {{ .Values.persistence.volume_name }}
+              mountPath: {{ .Values.persistence.mountDir }}
         {{- end }}
         {{- if .Values.enable_insecure }}
           {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
@@ -92,8 +94,18 @@ spec:
           env:
             - name: container_user
               value: {{ .Values.containerSecurityContext.runAsUser }}
+            {{- if .Values.additionalResources.javaOpts }}
             - name: JDK_JAVA_OPTIONS
               value: {{ .Values.additionalResources.javaOpts }}
+            {{- end }}
+            {{- if .Values.springConfigNameEnv }}
+            - name: spring_config_name_env
+              value: {{ .Values.springConfigNameEnv }}
+            {{- end }}
+            {{- if .Values.activeProfileEnv }}
+            - name: active_profile_env
+              value: {{ .Values.activeProfileEnv }}
+            {{- end}}
             {{- if .Values.extraEnvVars }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -136,6 +148,10 @@ spec:
             name: cacerts
             subPath: cacerts
           {{- end }}
+          {{- if .Values.persistence.enabled }}
+          - name: {{ .Values.persistence.volume_name }}
+            mountPath: {{ .Values.persistence.mountDir }}
+          {{- end }}
         {{- if .Values.sidecars }}
         {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
         {{- end }}
@@ -144,3 +160,8 @@ spec:
       - name: cacerts
         emptyDir: {}
       {{- end }}
+      {{- if .Values.persistence.enabled }}
+      - name: {{ .Values.persistence.volume_name }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default .Values.persistence.pvc_claim_name  }}
+      {{- end }}
diff --git a/charts/ida-otp/values.yaml b/charts/ida-otp/values.yaml
@@ -333,11 +333,14 @@ persistence:
   ## ReadWriteMany not supported by AWS gp2
   storageClass:
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   size: 10M
+  # existingClaim: pkcs12-keys.p12
   existingClaim:
   # Dir where config and keys are written inside container
-  mountDir:
+  mountDir: /home/mosip/config/
+  volume_name: config
+  # pvc_claim_name: pkcs12-keys.p12
 
 ## Init containers parameters:
 ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
@@ -450,3 +453,5 @@ istio:
   prefix: /idauthentication/v1/otp
 
 enable_insecure: false
+springConfigNameEnv:
+activeProfileEnv:
diff --git a/charts/key-migration-utility/.gitignore b/charts/key-migration-utility/.gitignore
@@ -0,0 +1 @@
+charts/
diff --git a/charts/key-migration-utility/.helmignore b/charts/key-migration-utility/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/key-migration-utility/Chart.yaml b/charts/key-migration-utility/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: key-migration-utility
+description: A Helm chart to migrate keys from any keystore type to any other supported format.
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - key-migration-utility
+maintainers:
+  - email: [email protected]
+    name: MOSIP
diff --git a/charts/key-migration-utility/README.md b/charts/key-migration-utility/README.md
@@ -0,0 +1,47 @@
+# key-migration-utility
+
+Helm chart for installing Kernel module key-migration-utility.
+
+## TL;DR
+
+```console
+$ helm repo add mosip https://mosip.github.io
+$ helm install my-release mosip/key-migration-utility
+```
+
+## Introduction
+
+The helm chart here essentially contains job that helps to migrate keys from any keystore type to any other supported format.
+
+Keymanager facilitates various keystore types, including `PKCS11`, `PKCS12`, `JCE`, and `offline`.
+
+**Note :** The offline keystore type is not compatible with keymigration operations.
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.1.0
+- PV provisioner support in the underlying infrastructure
+- ReadWriteMany volumes for deployment scaling
+
+## Installing the Chart
+
+To install the chart with the release name `key-migration-utility`.
+
+```console
+helm install my-release mosip/key-migration-utility
+```
+
+The command deploys key-migration-utility on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release
+```
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
diff --git a/charts/key-migration-utility/templates/NOTES.txt b/charts/key-migration-utility/templates/NOTES.txt
@@ -0,0 +1 @@
+