TBD54566975 · tlongwell-block · Jun 8, 2023 · Jun 13, 2023 · Jun 13, 2023 · Jun 23, 2023
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: ssi-service
+description: A Helm chart for Kubernetes that deploys an SSI service environment
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+ - name: redis-ha
+ version: 4.23.0
+ repository: https://dandydeveloper.github.io/charts/
+ condition: redis-ha.enabled
@@ -0,0 +1,68 @@
+# SSI Service Helm Chart
+
+This chart deploys an SSI Service environment on a Kubernetes cluster using the Helm package manager. SSI (Self-Sovereign Identity) Service is a web service that exposes the ssi-sdk as an HTTP API, supporting operations for Verifiable Credentials, Decentralized Identifiers, and more.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.0+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+git clone https://github.com/TBD54566975/ssi-service.git
+cd ssi-service/charts
+helm install my-ssi .
+```
+
+This command deploys SSI Service on the Kubernetes cluster with the default configuration.
+
+## Configuration
+
+The following table lists some of the configurable parameters of the SSI Service chart. See values.yaml for the full list.
+
+| Field | Description |
+|---|---|
+| `fullnameOverride` | A string that overrides the full name of the resources. |
+| `ssiService` | Configuration for the ssiService. |
+| `ssiService.replicaCount` | The number of replicas for the ssiService. |
+| `ssiService.image` | The image to use for the ssiService, including the `repository`, the `tag`, and the `pullPolicy`. |
+| `ssiService.service` | The service details, including `type`, `port`, and `targetPort`. |
+| `ssiService.resources` | The resources to allocate for the ssiService, including CPU and memory `requests`. |
+| `ssiService.env` | The environment variables for the ssiService, such as `jaegerHttpUrl`. |
+| `ssiService.istio` | The Istio configuration, including `virtualService` and `authorizationPolicy` options. |
+| `ssiService.config` | The configuration content for running the service in a production environment. It includes configurations for the server, logging, CORS, services, and more. |
+| `uniResolver` | Configuration for the universal resolver service. |
+| `uniResolver.replicaCount` | The number of replicas for the uniResolver. |
+| `uniResolver.image` | The image to use for the uniResolver, including the `repository`, the `tag`, and the `pullPolicy`. |
+| `uniResolver.service` | The service details, including `type`, `port`, and `targetPort`. |
+| `uniResolver.resources` | The resources to allocate for the uniResolver, including CPU and memory `requests`. |
+| `uniResolver.port` | The port on which the uniResolver will be exposed. |
+| `driverDidIon` | Configuration for the ION DID driver service. |
+| `driverDidIon.replicaCount` | The number of replicas for the driverDidIon. |
+| `driverDidIon.image` | The image to use for the driverDidIon, including the `repository`, the `tag`, and the `pullPolicy`. |
+| `driverDidIon.service` | The service details, including `type`, `port`, and `targetPort`. |
+| `driverDidIon.resources` | The resources to allocate for the driverDidIon, including CPU and memory `requests`. |
+| `jaeger` | Configuration for the Jaeger service. |
+| `jaeger.replicaCount` | The number of replicas for the Jaeger service. |
+| `jaeger.image` | The image to use for the Jaeger service, including the `repository`, the `tag`, and the `pullPolicy`. |
+| `jaeger.service` | The service details, including `type`, `port`, and `targetPort`. |
+| `jaeger.resources` | The resources to allocate for the Jaeger service, including CPU and memory `requests`. |
+| `tolerations`, `affinity`, `topologySpreadConstraints`, `nodeSelector` | (Commented out) Controls how pods are scheduled. Uncommenting and setting them can affect where and how pods are deployed in the cluster. |
+| `redis-ha` | Configuration for the redis-ha installation. Not installed by default |
+
+Note: For more information about the service's configuration options, refer to the `config` field in the `values.yaml` file.
+
+## Dependencies
+
+This chart has a dependency on the Redis HA chart, which is used for high-availability data persistence. If Redis HA is not yet installed or if it's disabled, it will be installed during the deployment of this chart if `redis-ha.enabled` is set to `true`. By default, `redis-ha.enabled` is set to `false`.
+
+---
+
+For more information, please read [the official Helm chart documentation](https://helm.sh/docs/topics/charts/).
+
+---
+
+Please note that the configuration, parameters, and default values can be modified as per your requirements.
@@ -0,0 +1,126 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ssi-service.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "ssi-service.shortname" -}}
+{{- include "ssi-service.fullname" . | trunc 55 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "ssi-service.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ include "ssi-service.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.customLabels -}}
+{{ toYaml .Values.customLabels }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ssi-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ssi-service.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+
+
+
+{{- define "uni-resolver.fullname" -}}
+{{- printf "%s-uni" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "uni-resolver.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ include "uni-resolver.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.customLabels -}}
+{{ toYaml .Values.customLabels }}
+{{- end -}}
+{{- end -}}
+
+{{- define "uni-resolver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "uni-resolver.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+
+
+
+{{- define "dion.fullname" -}}
+{{- printf "%s-dion" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "dion.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ include "dion.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.customLabels -}}
+{{ toYaml .Values.customLabels }}
+{{- end -}}
+{{- end -}}
+
+{{- define "dion.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dion.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+
+
+
+{{- define "jaeger.fullname" -}}
+{{- printf "%s-jaeger" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "jaeger.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ include "jaeger.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.customLabels -}}
+{{ toYaml .Values.customLabels }}
+{{- end -}}
+{{- end -}}
+
+{{- define "jaeger.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "jaeger.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+
+
+
+{{- define "ssi-console.fullname" -}}
+{{- printf "%s-con" (include "ssi-service.shortname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "ssi-console.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ include "ssi-console.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.customLabels -}}
+{{ toYaml .Values.customLabels }}
+{{- end -}}
+{{- end -}}
+
+{{- define "ssi-console.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ssi-console.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "ssi-console.fullname" . }}
+ labels:
+ {{- include "ssi-console.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.ssiConsole.service.type }}
+ ports:
+ - port: {{ .Values.ssiConsole.service.port }}
+ targetPort: {{ .Values.ssiConsole.service.targetPort }}
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "ssi-console.selectorLabels" . | nindent 4 }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "ssi-console.fullname" . }}
+ labels:
+ {{- include "ssi-console.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.ssiConsole.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "ssi-console.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "ssi-console.selectorLabels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: ssi-console
+ image: "{{ .Values.ssiConsole.image.repository }}:{{ .Values.ssiConsole.image.tag }}"
+ imagePullPolicy: {{ .Values.ssiConsole.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.ssiConsole.port }}
+ protocol: TCP
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ env:
+ - name: SSI_SERVICE
+ value: "http://{{ include "ssi-service.fullname" . }}:{{ .Values.ssiService.service.port }}/v1"
+ {{- with .Values.ssiConsole.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.ssiConsole.affinity }}
+ affinity:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.ssiConsole.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.ssiConsole.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+---
@@ -0,0 +1,58 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.driverDidIon.service.nameOverride }}
+ labels:
+ {{- include "dion.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.driverDidIon.service.type }}
+ ports:
+ - port: {{ .Values.driverDidIon.service.port }}
+ targetPort: {{ .Values.driverDidIon.service.targetPort }}
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "dion.selectorLabels" . | nindent 4 }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "dion.fullname" . }}
+ labels:
+ {{- include "dion.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.driverDidIon.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "dion.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "dion.selectorLabels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: dion
+ image: "{{ .Values.driverDidIon.image.repository }}:{{ .Values.driverDidIon.image.tag }}"
+ imagePullPolicy: {{ .Values.driverDidIon.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.driverDidIon.port }}
+ protocol: TCP
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.driverDidIon.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.driverDidIon.affinity }}
+ affinity:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.driverDidIon.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
+ {{- with .Values.driverDidIon.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 13 }}
+ {{- end }}
@@ -0,0 +1,62 @@
+{{- if .Values.istio.virtualService.enabled }}
+{{ $ssiService := include "ssi-service.fullname" . -}}
+{{ $ssiConsole := include "ssi-console.fullname" . -}}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: {{ $ssiService }}
+spec:
+ hosts:
+ - "{{ .Values.istio.virtualService.host }}"
+ gateways:
+ - {{ .Values.istio.virtualService.gateway }}
+ http:
+ - name: "api-route"
+ match:
+ - uri:
+ prefix: "/v1"
+ - uri:
+ prefix: "/swagger"
+ route:
+ - destination:
+ host: {{ $ssiService }}
+ port:
+ number: {{ .Values.ssiConsole.service.port }}
+ - name: console-route
+ route:
+ - destination:
+ host: {{ $ssiConsole }}
+ port:
+ number: {{ .Values.ssiService.service.port }}
+---
+{{- end }}
+{{- if .Values.istio.authorizationPolicy.enabled }}
+{{ $fullName := include "ssi-service.fullname" . -}}
+{{ $shortName := include "ssi-service.shortname" . -}}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $shortName }}-host
+spec:
+ action: ALLOW
+ rules:
+ - to:
+ - operation:
+ hosts:
+ - "{{ .Values.istio.virtualService.host }}"
+ - from:
+ - source:
+ namespaces: ["{{ .Values.istio.authorizationPolicy.gatewayNamespace }}"]
+---
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $shortName }}-ns
+spec:
+ action: ALLOW
+ rules:
+ - from:
+ - source:
+ namespaces: ["{{ .Release.Namespace }}"]
+---
+{{- end }}