Skip to content

Instantly share code, notes, and snippets.

@mat-work

mat-work/deploy.sh

Last active July 23, 2024 17:14
Show Gist options
  • Save mat-work/a27e5fa6f4830717c7df3a3f9eed7678 to your computer and use it in GitHub Desktop.
Save mat-work/a27e5fa6f4830717c7df3a3f9eed7678 to your computer and use it in GitHub Desktop.
Download ZIP
Test Deployment
Raw
deploy.sh
#!/bin/bash
# Variables
HELM=helm
KUBECTL=kubectl
CHART=oci://sicpa.jfrog.io/dts-charts/edison-core
VERSION=0.4.3
VALUES=swissign-poc.yaml
APPNAME=swissign-poc-app
NAMESPACE=swissign-poc
# Function to deploy
deploy() {
echo "Deploying Helm chart..."
$HELM template $CHART --version $VERSION --values $VALUES -n $NAMESPACE --name-template $APPNAME | $KUBECTL apply -n $NAMESPACE -f -
if [ $? -eq 0 ]; then
echo "Deployment successful."
else
echo "Deployment failed."
exit 1
fi
}
# Function to clean up
clean() {
echo "Cleaning up Helm chart..."
$HELM template $CHART --version $VERSION --values $VALUES -n $NAMESPACE --name-template $APPNAME | $KUBECTL delete -n $NAMESPACE -f -
if [ $? -eq 0 ]; then
echo "Clean up successful."
else
echo "Clean up failed."
exit 1
fi
}
# Check the command line argument
if [ "$1" == "deploy" ]; then
deploy
elif [ "$1" == "clean" ]; then
clean
else
echo "Usage: $0 {deploy|clean}"
exit 1
fi
Raw
swissign-poc.yaml
%YAML 1.1
---
#region templates
# Construct the jdbc url with global.database information and project.database.name
# If not set, the database name will default to .Chart.Name.
# IMPORTANT: all non-alphanumeric character will be replaced by "_"
x-spring-datasource: &spring-datasource
SPRING_DATASOURCE_URL: >-
jdbc:postgresql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{
include "common.db.name" (dict "value" .Values.project.database.name "context" $)
}}?{{ default .Values.global.database.jdbcOptions .Values.project.database.jdbcOptions }}
# Add an extsecrets section relative to database connection.
# IMPORTANT: this assumes the path to the secret holding credentials information is the same for all charts !
x-spring-extsecrets-credentials: &spring-extsecrets-credentials
credentials:
enabled: '{{ .Values.global.createCredentialSecrets }}'
vaultPathSuffix: edison/{{ .Chart.Name }}/database
data:
SPRING_DATASOURCE_USERNAME: postgresql_username
SPRING_DATASOURCE_PASSWORD: postgresql_password
# Add the extsecrets section relative to database connection.
# IMPORTANT: this assumes the path to the secret holding credentials information is the same for all charts !
x-acapy-extsecrets-credentials: &acapy-extsecrets-credentials
credentials:
enabled: '{{ .Values.global.createCredentialSecrets }}'
vaultPathSuffix: edison/{{ .Chart.Name }}/database
data:
ACAPY_WALLET_STORAGE_CREDS: wallet_storage_creds
x-spring-extsecrets-kafka-credentials: &spring-extsecrets-kafka-credentials
kafkacreds:
enabled: '{{ .Values.global.createCredentialSecrets }}'
vaultPathSuffix: edison/kafka/credentials
data:
KAFKA_USERNAME: kafka_username
KAFKA_PASSWORD: kafka_password
x-spring-kakfa-auth: &spring-kakfa-auth
SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: '{{ .Values.global.kafka.saslMechanism }}'
SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: '{{ .Values.global.kafka.securityProtocol }}'
SPRING_KAFKA_PROPERTIES_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username=$(KAFKA_USERNAME) password=$(KAFKA_PASSWORD);"
# Add the micrometer label in spring boot apps for Prometheus
x-spring-micrometer: &spring-micrometer
micrometer.monitoring: '{{ .Values.global.monitoringEnabled | ternary "enabled" "disabled" }}'
# Add the micrometer label in aca-py boot apps for Prometheus
x-monitoring-aca-py: &monitoring-aca-py
acapy.monitoring: '{{ .Values.global.monitoringEnabled | ternary "enabled" "disabled" }}'
#endregion
global:
hostname: poc.swissign.tld
imageRegistry: sicpa.jfrog.io/dts-platform
# publicSubDomains:
# didcomm: didcomm
# openid: openid
createCredentialSecrets: true
vault:
# external secret store
store: iata-dev-global
# external secret environment base path
basePath: dev/swissign-poc
kafka:
bootstrapServers: kafka-cluster-kafka-bootstrap:9092
SASLEnabled: false
saslMechanism: SCRAM-SHA-512
securityProtocol: SASL_SSL
# TODO remove when refactoring finished
database:
# prefix: '{{ .Release.Namespace }}' # database name prefix (non-alphanumeric chars will be replaced with "_")
host: aurora-rds-dts-dev.cluster-cxeq4qsxa2zk.eu-central-2.rds.amazonaws.com # <-- REQUIRED, e.g. edison-aws2.sicpa.com
# port: 5432
# jdbcOptions: '' # will be appended at the end of the jdbc url, after the '?'
resolver:
auth: false
baseUrl: null
regex: "^did:(?:cheqd|ebsi|ethr|indy|sov|web):.*$"
didWebDomain: null
env:
SPRING_KAFKA_BOOTSTRAP_SERVERS: '{{ .Values.global.kafka.bootstrapServers }}'
monitoringEnabled: false
resilience:
hpaEnabled: false
#region COMPONENTS
# In latest edison-core chart all components are enabled by default.
edison-agent-aca-py:
enabled: false # remove
edison-agent-hooks:
enabled: false # remove
edison-endorsement-provisioner:
enabled: false # remove
edison-didcomm-dispatcher:
enabled: false # remove
edison-didcomm-http-kafka-relay:
enabled: false # remove
edison-identities:
enabled: false # remove
edison-interoperability-profiles:
enabled: false # remove
edison-kms:
enabled: false # remove
edison-openid4vc-orchestrator:
enabled: false # remove
edison-publisher:
enabled: false # remove
edison-secure-storage:
enabled: false # remove
edison-templates:
enabled: false # remove
edison-w3c-status-list:
enabled: false # remove
edison-webhooks:
enabled: false # remove
#endregion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment