From ebdbb80e6f15320ab9973dadc5cf347b0d0a6910 Mon Sep 17 00:00:00 2001 From: Tyler Longwell Date: Thu, 8 Jun 2023 16:18:13 -0400 Subject: [PATCH 1/5] Initial work on demo SSI stack chart --- charts/Chart.yaml | 11 ++ charts/README.md | 68 +++++++ charts/templates/_helpers.tpl | 126 ++++++++++++ charts/templates/console.yaml | 62 ++++++ charts/templates/did_driver_ion.yaml | 58 ++++++ charts/templates/istio.yaml | 62 ++++++ charts/templates/jaegar.yaml | 58 ++++++ charts/templates/ssi.yaml | 79 ++++++++ charts/templates/universal_resolver.yaml | 58 ++++++ charts/values.yaml | 242 +++++++++++++++++++++++ 10 files changed, 824 insertions(+) create mode 100644 charts/Chart.yaml create mode 100644 charts/README.md create mode 100644 charts/templates/_helpers.tpl create mode 100644 charts/templates/console.yaml create mode 100644 charts/templates/did_driver_ion.yaml create mode 100644 charts/templates/istio.yaml create mode 100644 charts/templates/jaegar.yaml create mode 100644 charts/templates/ssi.yaml create mode 100644 charts/templates/universal_resolver.yaml create mode 100644 charts/values.yaml diff --git a/charts/Chart.yaml b/charts/Chart.yaml new file mode 100644 index 000000000..8fe58de62 --- /dev/null +++ b/charts/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ssi-service +description: A Helm chart for Kubernetes that deploys an SSI service environment +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: + - name: redis-ha + version: 4.23.0 + repository: https://dandydeveloper.github.io/charts/ + condition: redis-ha.enabled diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 000000000..9443483aa --- /dev/null +++ b/charts/README.md @@ -0,0 +1,68 @@ +# SSI Service Helm Chart + +This chart deploys an SSI Service environment on a Kubernetes cluster using the Helm package manager. SSI (Self-Sovereign Identity) Service is a web service that exposes the ssi-sdk as an HTTP API, supporting operations for Verifiable Credentials, Decentralized Identifiers, and more. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +git clone https://github.com/TBD54566975/ssi-service.git +cd ssi-service/charts +helm install my-ssi . +``` + +This command deploys SSI Service on the Kubernetes cluster with the default configuration. + +## Configuration + +The following table lists some of the configurable parameters of the SSI Service chart. See values.yaml for the full list. + +| Field | Description | +|---|---| +| `fullnameOverride` | A string that overrides the full name of the resources. | +| `ssiService` | Configuration for the ssiService. | +| `ssiService.replicaCount` | The number of replicas for the ssiService. | +| `ssiService.image` | The image to use for the ssiService, including the `repository`, the `tag`, and the `pullPolicy`. | +| `ssiService.service` | The service details, including `type`, `port`, and `targetPort`. | +| `ssiService.resources` | The resources to allocate for the ssiService, including CPU and memory `requests`. | +| `ssiService.env` | The environment variables for the ssiService, such as `jaegerHttpUrl`. | +| `ssiService.istio` | The Istio configuration, including `virtualService` and `authorizationPolicy` options. | +| `ssiService.config` | The configuration content for running the service in a production environment. It includes configurations for the server, logging, CORS, services, and more. | +| `uniResolver` | Configuration for the universal resolver service. | +| `uniResolver.replicaCount` | The number of replicas for the uniResolver. | +| `uniResolver.image` | The image to use for the uniResolver, including the `repository`, the `tag`, and the `pullPolicy`. | +| `uniResolver.service` | The service details, including `type`, `port`, and `targetPort`. | +| `uniResolver.resources` | The resources to allocate for the uniResolver, including CPU and memory `requests`. | +| `uniResolver.port` | The port on which the uniResolver will be exposed. | +| `driverDidIon` | Configuration for the ION DID driver service. | +| `driverDidIon.replicaCount` | The number of replicas for the driverDidIon. | +| `driverDidIon.image` | The image to use for the driverDidIon, including the `repository`, the `tag`, and the `pullPolicy`. | +| `driverDidIon.service` | The service details, including `type`, `port`, and `targetPort`. | +| `driverDidIon.resources` | The resources to allocate for the driverDidIon, including CPU and memory `requests`. | +| `jaeger` | Configuration for the Jaeger service. | +| `jaeger.replicaCount` | The number of replicas for the Jaeger service. | +| `jaeger.image` | The image to use for the Jaeger service, including the `repository`, the `tag`, and the `pullPolicy`. | +| `jaeger.service` | The service details, including `type`, `port`, and `targetPort`. | +| `jaeger.resources` | The resources to allocate for the Jaeger service, including CPU and memory `requests`. | +| `tolerations`, `affinity`, `topologySpreadConstraints`, `nodeSelector` | (Commented out) Controls how pods are scheduled. Uncommenting and setting them can affect where and how pods are deployed in the cluster. | +| `redis-ha` | Configuration for the redis-ha installation. Not installed by default | + +Note: For more information about the service's configuration options, refer to the `config` field in the `values.yaml` file. + +## Dependencies + +This chart has a dependency on the Redis HA chart, which is used for high-availability data persistence. If Redis HA is not yet installed or if it's disabled, it will be installed during the deployment of this chart if `redis-ha.enabled` is set to `true`. By default, `redis-ha.enabled` is set to `false`. + +--- + +For more information, please read [the official Helm chart documentation](https://helm.sh/docs/topics/charts/). + +--- + +Please note that the configuration, parameters, and default values can be modified as per your requirements. diff --git a/charts/templates/_helpers.tpl b/charts/templates/_helpers.tpl new file mode 100644 index 000000000..292671716 --- /dev/null +++ b/charts/templates/_helpers.tpl @@ -0,0 +1,126 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ssi-service.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "ssi-service.shortname" -}} +{{- include "ssi-service.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "ssi-service.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ include "ssi-service.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.customLabels -}} +{{ toYaml .Values.customLabels }} +{{- end -}} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "ssi-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ssi-service.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + + + + +{{- define "uni-resolver.fullname" -}} +{{- printf "%s-uni" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "uni-resolver.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ include "uni-resolver.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.customLabels -}} +{{ toYaml .Values.customLabels }} +{{- end -}} +{{- end -}} + +{{- define "uni-resolver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "uni-resolver.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + + + + +{{- define "dion.fullname" -}} +{{- printf "%s-dion" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "dion.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ include "dion.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.customLabels -}} +{{ toYaml .Values.customLabels }} +{{- end -}} +{{- end -}} + +{{- define "dion.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dion.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + + + + +{{- define "jaeger.fullname" -}} +{{- printf "%s-jaeger" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "jaeger.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ include "jaeger.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.customLabels -}} +{{ toYaml .Values.customLabels }} +{{- end -}} +{{- end -}} + +{{- define "jaeger.selectorLabels" -}} +app.kubernetes.io/name: {{ include "jaeger.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + + + + +{{- define "ssi-console.fullname" -}} +{{- printf "%s-con" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "ssi-console.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ include "ssi-console.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.customLabels -}} +{{ toYaml .Values.customLabels }} +{{- end -}} +{{- end -}} + +{{- define "ssi-console.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ssi-console.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/templates/console.yaml b/charts/templates/console.yaml new file mode 100644 index 000000000..8d8f867ff --- /dev/null +++ b/charts/templates/console.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ssi-console.fullname" . }} + labels: + {{- include "ssi-console.labels" . | nindent 4 }} +spec: + type: {{ .Values.ssiConsole.service.type }} + ports: + - port: {{ .Values.ssiConsole.service.port }} + targetPort: {{ .Values.ssiConsole.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "ssi-console.selectorLabels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ssi-console.fullname" . }} + labels: + {{- include "ssi-console.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.ssiConsole.replicaCount }} + selector: + matchLabels: + {{- include "ssi-console.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "ssi-console.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: ssi-console + image: "{{ .Values.ssiConsole.image.repository }}:{{ .Values.ssiConsole.image.tag }}" + imagePullPolicy: {{ .Values.ssiConsole.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.ssiConsole.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: SSI_SERVICE + value: "http://{{ include "ssi-service.fullname" . }}:{{ .Values.ssiService.service.port }}/v1" + {{- with .Values.ssiConsole.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiConsole.affinity }} + affinity: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiConsole.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiConsole.tolerations }} + tolerations: + {{- toYaml . | nindent 13 }} + {{- end }} +--- diff --git a/charts/templates/did_driver_ion.yaml b/charts/templates/did_driver_ion.yaml new file mode 100644 index 000000000..41f4088b2 --- /dev/null +++ b/charts/templates/did_driver_ion.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.driverDidIon.service.nameOverride }} + labels: + {{- include "dion.labels" . | nindent 4 }} +spec: + type: {{ .Values.driverDidIon.service.type }} + ports: + - port: {{ .Values.driverDidIon.service.port }} + targetPort: {{ .Values.driverDidIon.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "dion.selectorLabels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dion.fullname" . }} + labels: + {{- include "dion.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.driverDidIon.replicaCount }} + selector: + matchLabels: + {{- include "dion.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "dion.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: dion + image: "{{ .Values.driverDidIon.image.repository }}:{{ .Values.driverDidIon.image.tag }}" + imagePullPolicy: {{ .Values.driverDidIon.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.driverDidIon.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.driverDidIon.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.driverDidIon.affinity }} + affinity: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.driverDidIon.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.driverDidIon.tolerations }} + tolerations: + {{- toYaml . | nindent 13 }} + {{- end }} diff --git a/charts/templates/istio.yaml b/charts/templates/istio.yaml new file mode 100644 index 000000000..fdd3f718c --- /dev/null +++ b/charts/templates/istio.yaml @@ -0,0 +1,62 @@ +{{- if .Values.istio.virtualService.enabled }} +{{ $ssiService := include "ssi-service.fullname" . -}} +{{ $ssiConsole := include "ssi-console.fullname" . -}} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ $ssiService }} +spec: + hosts: + - "{{ .Values.istio.virtualService.host }}" + gateways: + - {{ .Values.istio.virtualService.gateway }} + http: + - name: "api-route" + match: + - uri: + prefix: "/v1" + - uri: + prefix: "/swagger" + route: + - destination: + host: {{ $ssiService }} + port: + number: {{ .Values.ssiConsole.service.port }} + - name: console-route + route: + - destination: + host: {{ $ssiConsole }} + port: + number: {{ .Values.ssiService.service.port }} +--- +{{- end }} +{{- if .Values.istio.authorizationPolicy.enabled }} +{{ $fullName := include "ssi-service.fullname" . -}} +{{ $shortName := include "ssi-service.shortname" . -}} +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: {{ $shortName }}-host +spec: + action: ALLOW + rules: + - to: + - operation: + hosts: + - "{{ .Values.istio.virtualService.host }}" + - from: + - source: + namespaces: ["{{ .Values.istio.authorizationPolicy.gatewayNamespace }}"] +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: {{ $shortName }}-ns +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Release.Namespace }}"] +--- +{{- end }} diff --git a/charts/templates/jaegar.yaml b/charts/templates/jaegar.yaml new file mode 100644 index 000000000..f7d63d1c5 --- /dev/null +++ b/charts/templates/jaegar.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jaeger.fullname" . }} + labels: + {{- include "jaeger.labels" . | nindent 4 }} +spec: + type: {{ .Values.jaeger.service.type }} + ports: + - port: {{ .Values.jaeger.service.port }} + targetPort: {{ .Values.jaeger.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "jaeger.selectorLabels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jaeger.fullname" . }} + labels: + {{- include "jaeger.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.jaeger.replicaCount }} + selector: + matchLabels: + {{- include "jaeger.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "jaeger.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: jaeger + image: "{{ .Values.jaeger.image.repository }}:{{ .Values.jaeger.image.tag }}" + imagePullPolicy: {{ .Values.jaeger.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.jaeger.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.jaeger.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.jaeger.affinity }} + affinity: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.jaeger.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.jaeger.tolerations }} + tolerations: + {{- toYaml . | nindent 13 }} + {{- end }} diff --git a/charts/templates/ssi.yaml b/charts/templates/ssi.yaml new file mode 100644 index 000000000..8e042e237 --- /dev/null +++ b/charts/templates/ssi.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ssi-service.fullname" . }} + labels: + {{- include "ssi-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.ssiService.service.type }} + ports: + - port: {{ .Values.ssiService.service.port }} + targetPort: {{ .Values.ssiService.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "ssi-service.selectorLabels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ssi-service.fullname" . }} + labels: + {{- include "ssi-service.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.ssiService.replicaCount }} + selector: + matchLabels: + {{- include "ssi-service.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "ssi-service.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: ssi-service + image: "{{ .Values.ssiService.image.repository }}:{{ .Values.ssiService.image.tag }}" + imagePullPolicy: {{ .Values.ssiService.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.ssiService.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: JAEGER_HTTP_URL + value: "{{ .Values.ssiService.env.jaegerHttpUrl }}" + - name: CONFIG_PATH + value: "/etc/ssiservice/ssiservice.toml" + volumeMounts: + - name: {{ include "ssi-service.shortname" . }}-conf + mountPath: /etc/ssiservice + volumes: + - name: {{ include "ssi-service.shortname" . }}-conf + secret: + secretName: {{ include "ssi-service.shortname" . }}-conf + {{- with .Values.ssiService.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiService.affinity }} + affinity: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiService.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.ssiService.tolerations }} + tolerations: + {{- toYaml . | nindent 13 }} + {{- end }} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "ssi-service.shortname" . }}-conf +stringData: + ssiservice.toml: | + {{- .Values.ssiService.config | nindent 4 }} diff --git a/charts/templates/universal_resolver.yaml b/charts/templates/universal_resolver.yaml new file mode 100644 index 000000000..747e7c26b --- /dev/null +++ b/charts/templates/universal_resolver.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "uni-resolver.fullname" . }} + labels: + {{- include "uni-resolver.labels" . | nindent 4 }} +spec: + type: {{ .Values.uniResolver.service.type }} + ports: + - port: {{ .Values.uniResolver.service.port }} + targetPort: {{ .Values.uniResolver.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "uni-resolver.selectorLabels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "uni-resolver.fullname" . }} + labels: + {{- include "uni-resolver.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.uniResolver.replicaCount }} + selector: + matchLabels: + {{- include "uni-resolver.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "uni-resolver.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: uni-resolver + image: "{{ .Values.uniResolver.image.repository }}:{{ .Values.uniResolver.image.tag }}" + imagePullPolicy: {{ .Values.uniResolver.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.uniResolver.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.uniResolver.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.uniResolver.affinity }} + affinity: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.uniResolver.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 13 }} + {{- end }} + {{- with .Values.uniResolver.tolerations }} + tolerations: + {{- toYaml . | nindent 13 }} + {{- end }} diff --git a/charts/values.yaml b/charts/values.yaml new file mode 100644 index 000000000..3800b24c9 --- /dev/null +++ b/charts/values.yaml @@ -0,0 +1,242 @@ +fullnameOverride: "" + +ssiService: + replicaCount: 1 + + image: + repository: ghcr.io/tbd54566975/ssi-service + tag: main + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 8080 + targetPort: 3000 + + resources: + requests: + cpu: 100m + memory: 500Mi + + env: + jaegerHttpUrl: "http://ssi-service-jaeger:14268/api/traces" + + port: 3000 + + # tolerations: + # affinity: + # topologySpreadConstraints: + # nodeSelector: + + # from https://raw.githubusercontent.com/TBD54566975/ssi-service/main/config/prod.toml + config: | + title = "SSI Service Config" + + svn = "0.0.1" + desc = "Configuration to be used while running the service in a production environment." + + # http service configuration + [server] + env = "prod" # either 'dev', 'test', or 'prod' + api_host = "0.0.0.0:3000" + jager_host = "http://ssi-service-jaeger:14268/api/traces" + jager_enabled = true + + # 5 seconds, time is in nanoseconds + read_timeout = 5000000000 + write_timeout = 5000000000 + shutdown_timeout = 5000000000 + + log_location = "log" + # options: trace, debug, info, warning, error, fatal, panic + log_level = "info" + + enable_schema_caching = true + enable_allow_all_cors = true + + # Storage Configuration + [services] + service_endpoint = "http://localhost:8080" + storage = "redis" + + [[services.storage_option]] + id = "redis-address-option" + option = "ssi-service-redis-ha:6379" + + [[services.storage_option]] + id = "storage-password-option" + option = "password" + + # per-service configuration + [services.keystore] + name = "keystore" + password = "default-password" + # master_key_uri = "gcp-kms://projects/*/locations/*/keyRings/*/cryptoKeys/*" + # kms_credentials_path = "credentials.json" + + [services.did] + name = "did" + methods = ["key", "web", "ion"] + local_resolution_methods = ["key", "web", "pkh", "peer"] + universal_resolver_url = "http://ssi-service-uni:8080" + universal_resolver_methods = ["ion"] + ion_resolver_url = "https://ion.tbddev.org" + + [services.schema] + name = "schema" + + [services.credential] + name = "credential" + + [services.issuance] + name = "issuance" + + [services.manifest] + name = "manifest" + + [services.presentation] + name = "presentation" + expiration_duration = "30m" + + [services.webhook] + name = "webhook" + webhook_timeout = "10s" + +ssiConsole: + replicaCount: 1 + + image: + repository: "" + tag: 0.0.1 + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 8080 + targetPort: 80 + + resources: + requests: + cpu: 100m + memory: 100Mi + + port: 8080 + + # tolerations: + # affinity: + # topologySpreadConstraints: + # nodeSelector: + +uniResolver: + replicaCount: 1 + + image: + repository: universalresolver/uni-resolver-web + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 8080 + targetPort: 8080 + + resources: + requests: + cpu: 100m + memory: 100Mi + + port: 8080 + + # tolerations: + # affinity: + # topologySpreadConstraints: + # nodeSelector: + +driverDidIon: + replicaCount: 1 + + image: + repository: identityfoundation/driver-did-ion + tag: v0.8.1 + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 8080 + targetPort: 8080 + nameOverride: driver-did-ion #this is hardcoded in https://github.com/decentralized-identity/universal-resolver/blob/main/uni-resolver-web/src/main/resources/application.yml + + resources: + requests: + cpu: 100m + memory: 100Mi + + port: 8080 + + # tolerations: + # affinity: + # topologySpreadConstraints: + # nodeSelector: + +jaeger: + replicaCount: 1 + + image: + repository: jaegertracing/all-in-one + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 14268 + targetPort: 14268 + + resources: + requests: + cpu: 100m + memory: 100Mi + + port: 14268 + + # tolerations: + # affinity: + # topologySpreadConstraints: + # nodeSelector: + +# see https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml for all options +redis-ha: + enabled: false + + auth: true + redisPassword: password + + exporter: + enabled: true + image: public.ecr.aws/bitnami/redis-exporter + tag: 1.45.0 + + persistentVolume: + enabled: true + size: 10Gi + storageClass: encrypted-gp2 + + redis: + masterGroupName: ssi + config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled + # @default -- `'""'` + save: "300 1" + + image: + # -- Redis tag + tag: 7.0.11-alpine + +istio: + virtualService: + enabled: false + host: ssi.example.com + gateway: istio-system/primary-gateway + + authorizationPolicy: + enabled: false + gatewayNamespace: istio-system From f13283f07f762dec918ca0e11620c283a2d4dd7c Mon Sep 17 00:00:00 2001 From: Andres Uribe Date: Tue, 13 Jun 2023 13:57:27 -0400 Subject: [PATCH 2/5] Update values.yaml --- charts/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/values.yaml b/charts/values.yaml index 3800b24c9..9525c0ad7 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -38,7 +38,7 @@ ssiService: # http service configuration [server] env = "prod" # either 'dev', 'test', or 'prod' - api_host = "0.0.0.0:3000" + api_host = "https://ssi.tbddev.org/" jager_host = "http://ssi-service-jaeger:14268/api/traces" jager_enabled = true From 12d549f52db5efeefedc18e29dee7e9d5f2438ba Mon Sep 17 00:00:00 2001 From: Tyler Longwell Date: Tue, 13 Jun 2023 15:55:23 -0400 Subject: [PATCH 3/5] revert --- charts/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/values.yaml b/charts/values.yaml index 9525c0ad7..3800b24c9 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -38,7 +38,7 @@ ssiService: # http service configuration [server] env = "prod" # either 'dev', 'test', or 'prod' - api_host = "https://ssi.tbddev.org/" + api_host = "0.0.0.0:3000" jager_host = "http://ssi-service-jaeger:14268/api/traces" jager_enabled = true From 36ed7ca56b9e3b0adb3145f5554c749d548a65ee Mon Sep 17 00:00:00 2001 From: Tyler Longwell Date: Fri, 23 Jun 2023 14:48:56 -0400 Subject: [PATCH 4/5] enable redis haproxy --- charts/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/values.yaml b/charts/values.yaml index 3800b24c9..20aa00ec9 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -210,6 +210,9 @@ redis-ha: auth: true redisPassword: password + haproxy: + enabled: true + exporter: enabled: true image: public.ecr.aws/bitnami/redis-exporter From ed7119bbdaba0af2588a5cf0f621417308406ddb Mon Sep 17 00:00:00 2001 From: Tyler Longwell Date: Fri, 23 Jun 2023 14:50:48 -0400 Subject: [PATCH 5/5] use redis haproxy --- charts/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/values.yaml b/charts/values.yaml index 20aa00ec9..40ea9cf93 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -61,7 +61,7 @@ ssiService: [[services.storage_option]] id = "redis-address-option" - option = "ssi-service-redis-ha:6379" + option = "ssi-service-redis-ha-haproxy:6379" [[services.storage_option]] id = "storage-password-option"