diff --git a/aws/apps/deployai/marketplace/bae.yaml b/aws/apps/deployai/marketplace/bae.yaml new file mode 100644 index 00000000..58c77050 --- /dev/null +++ b/aws/apps/deployai/marketplace/bae.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bae-marketplace + namespace: argocd +spec: + destination: + namespace: deployai + server: https://kubernetes.default.svc + project: default + source: + path: aws/deployai/marketplace/bae + repoURL: https://github.com/FIWARE-Ops/fiware-gitops + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/aws/deployai/marketplace/bae/Chart.yaml b/aws/deployai/marketplace/bae/Chart.yaml new file mode 100644 index 00000000..edd48047 --- /dev/null +++ b/aws/deployai/marketplace/bae/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: business-api-ecosystem +description: Chart holder for argo-cd + +type: application +version: 0.9.2 +appVersion: "9.4.8" + +dependencies: +- name: business-api-ecosystem + version: 0.9.2 + repository: https://fiware.github.io/helm-charts diff --git a/aws/deployai/marketplace/bae/templates/role-binding.yaml b/aws/deployai/marketplace/bae/templates/role-binding.yaml new file mode 100644 index 00000000..3b44c12e --- /dev/null +++ b/aws/deployai/marketplace/bae/templates/role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-rb + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +subjects: + - kind: ServiceAccount + name: bae-marketplace-sa + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: {{ .Release.Name }}-scc-anyuid + apiGroup: rbac.authorization.k8s.io diff --git a/aws/deployai/marketplace/bae/templates/role-openshift.yaml b/aws/deployai/marketplace/bae/templates/role-openshift.yaml new file mode 100644 index 00000000..0e953469 --- /dev/null +++ b/aws/deployai/marketplace/bae/templates/role-openshift.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-scc-anyuid + labels: + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use diff --git a/aws/deployai/marketplace/bae/templates/service-account.yaml b/aws/deployai/marketplace/bae/templates/service-account.yaml new file mode 100644 index 00000000..91b4eecb --- /dev/null +++ b/aws/deployai/marketplace/bae/templates/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bae-marketplace-sa + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} diff --git a/aws/deployai/marketplace/bae/values.yaml b/aws/deployai/marketplace/bae/values.yaml new file mode 100644 index 00000000..10c43137 --- /dev/null +++ b/aws/deployai/marketplace/bae/values.yaml @@ -0,0 +1,198 @@ +business-api-ecosystem: + + bizEcosystemApis: + # should set the path to the new apis. + fullnameOverride: tmforum-api-proxy + enabled: false + + tmForum: + catalog: + host: tm-forum-api-product-catalog + port: 8080 + path: + inventory: + host: tm-forum-api-product-inventory + port: 8080 + path: + ordering: + host: tm-forum-api-product-ordering-management + port: 8080 + path: + billing: + host: tm-forum-api-account + port: 8080 + path: + usage: + host: tm-forum-api-usage-management + port: 8080 + path: + party: + host: tm-forum-api-party-catalog + port: 8080 + path: + customer: + host: tm-forum-api-customer-management + port: 8080 + path: + resources: + host: tm-forum-api-resource-catalog + port: 8080 + path: + services: + host: tm-forum-api-service-catalog + port: 8080 + path: + resourceInventory: + host: tm-forum-api-resource-inventory + port: 8080 + path: + + bizEcosystemRss: + enabled: false + + siop: + enabled: true + clientId: marketplace-client + verifier: + host: https://verifier-marketplace.deployai.fiware.dev + allowedRoles: + - seller + - customer + - admin + + # Configuration for the Credential Config Service initiation + ccs: + endpoint: "http://ccs-marketplace-credentials-config-service:8080" + defaultOidcScope: "defaultScope" + # -- Credential configurations for particular scopes + oidcScopes: + defaultScope: + - type: "VerifiableCredential" + trustedParticipantsLists: [ + "https://tir.deployai.fiware.dev" + ] + trustedIssuersLists: [ + "http://til-marketplace-trusted-issuers-list:8080" + ] + - type: "LegalPersonCredential" + trustedParticipantsLists: [ + "https://tir.deployai.fiware.dev" + ] + trustedIssuersLists: [ + "http://til-marketplace-trusted-issuers-list:8080" + ] + - type: "LEARCredentialEmployee" + trustedParticipantsLists: [ + "https://tir.deployai.fiware.dev" + ] + trustedIssuersLists: [ + "http://til-marketplace-trusted-issuers-list:8080" + ] + + externalUrl: https://marketplace.deployai.fiware.dev + + bizEcosystemChargingBackend: + + maxUploadSize: "5242880" + + # ServiceAccount is created via templates + serviceAccount: + create: false + name: bae-marketplace-sa + + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + deployment: + image: + repository: fiware/biz-ecosystem-charging-backend + tag: 9.1.2 + pullPolicy: Always + + plugins: + enabled: true + annotations: + helm.sh/resource-policy: "keep" + + media: + enabled: true + + port: 8006 + + loglevel: debug + + payment: + method: None + + # Use existing secret + existingSecret: bae-cb-secret + + db: + host: mongodb + database: charging_db + user: charging + + backup: + enabled: false + + initContainers: false + propagateToken: true + basePath: /opt/business-ecosystem-charging-backend + token: + enabled: false + + bizEcosystemLogicProxy: + + # ServiceAccount is created via templates + serviceAccount: + create: false + name: bae-marketplace-sa + + securityContext: + ## -- specifies the user UID + runAsUser: 0 + ## -- specifies the group GID + runAsGroup: 0 + + # Use existing secret + existingSecret: bae-lp-secret + + statefulset: + image: + repository: fiware/biz-ecosystem-logic-proxy + tag: "9.4.8" + pullPolicy: Always + + route: + enabled: true + routes: + - host: marketplace.deployai.fiware.dev + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + certificate: + issuer: + kind: ClusterIssuer + name: letsencrypt-aws-prod + ingress: + enabled: false + + port: 8004 + nodeEnvironment: production + + db: + host: mongodb + database: belp_db + user: belp + basePath: /opt/business-ecosystem-logic-proxy + + externalIdp: + enabled: true + initContainers: false + propagateToken: true + additionalEnvVars: + - name: BAE_LP_LEGACY_GUI + value: true diff --git a/aws/deployai/secrets/bae-cb-sealed-secret.yaml b/aws/deployai/secrets/bae-cb-sealed-secret.yaml new file mode 100644 index 00000000..ffeb3c2a --- /dev/null +++ b/aws/deployai/secrets/bae-cb-sealed-secret.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: bae-cb-secret + namespace: deployai +spec: + encryptedData: + dbPassword: AgDP1JgG7/Be7nd5S9uQmbyBRRTXqdurr/Oq/U5FWcxGcPwQup922S94rVP/Wuv/nvbAMgw2Tp5RQWCKb/DQtJnU5RdwgbzsGS7Bb4w7pt285Hi32gkaSUVZlvV/kwXNtGD5/wjGqvmdhd0V0AiW9yWyow0cvhoi+t6NoEi2X1U75DrbCpuZ97yrrPWDra9zDnSeNzF82Oof817B+I0oLC40HBhuQWdM0iByZXKNmipU1ecnh0rXFkoewZOxDB5QSp0gVqA8aykHJ8k/z7u4FXyNCQQtpXajIBnm0q1LE4Gq/yHpwZZ1LjdT+sDrVNkX+pduBUtcIvYsiPKIkd+4PrPrtHOoQdlDCW/HjPasdKbyLllWGBvHKFmPyZ1khe/UqiqclxY5C6hk4XXx3G4kI7g87Rr7eCWhrwSM9pO9tIzPL9KRSZqyTZKnS5LGeBUXc0m89YPzHmxG1m1IlLzR48lJLMyRdosIO/9Kl4FJ34fTbXFPzNn4rNFljm2NcczCw5uRhO1/oIx4gVuNTQnRBqB0vbSraTGTZi36PLyMTCtO9fTrKFTrZoe++Iqa7sxQPqDbYmgYB26m0Kjz6M5JpSX1nJynEwMHqf99f9yvNda30y0IYKK+9O1Xk7LDsPBPS1r0xK8caRFBRZzES+NteHieuCc8+amvv4oz9lEPZ8vvDzJUHSzvTxhQ2LbxlBXA4BAzbSniw+7eHg== + paypalClientSecret: AgCkC/nqMSNxAx4FO14BoQkMGQsN8SqRCLDWXq6df/v4REL/fgqwy7JPMG3m+ft431xMW6ycKbNHNnAfkMMBQP0esggGwbhXsMXMhF/PcGdwYVuWOb0kDfLfFUZkaJJ/opaq0GfZSV8/KxEihttcGhvJ7Rsa3Aylbi5pi+7qpoFiAknzN/seYRxDpfr8DppHEU3/NFTBE0dJPAwBe/Mnj9Qw7K2e46/EqcOfqKkeVBjdcw+NL4VhR4J8SzYvCi+8h262GsKOq6bCtk3GouYGnzPX0hymKRgH6CtGHyxCdUqhNvDY0fbVz42h3Cz8ljs1yocXff9itlStUQP2Y5Ll6ssXOfjYMoue/ZUvtqKGvyVIM13ajPZxlVL7jb2uvvg92PhGpLeWTcDl95Ue16d7COe0Nl2ggIgqeEAXGOgBHXbHyLSofCcFrdJjVnMrAr/ddIZyeMZUYLi9V6VQ0m15+PMJ6ITt7nJZceqlDC5ea8qzD2GPcwk2raHQkW49+5I3ONM/r0DcjFStxpptbf5vHg5694tYPQY730zx3AMnOsNEWyttjjQjZYLhWycUVCPaHEOaQoHSADzZq5lSyWRzZMblyQ4/CioBYlMjbOHYsCtUDkX4NLjliV9thl8/Wl4FxFXscsQ8WWQBynzQAtKLfrw4jHbLC0vLwxKlCm64bnToDFrrubw5oIGXlR3NKhUMF/E2oYVwOuRamv09 + pluginsIdmPassword: AgB/TM0WY45pP7/RyXnNYet05uQW42mFLRfy1DAeUsr786t2Bi7kmNW0C4BEbgtE4k1wH/FHva6x9Hsy+lDszpx6jRptcx+5LCU8r8utUdKV3MVJgSsCEX/OGw/pGKe8ynM/5yktI+kt1vH4zxL0nQpwOJjA2YJtvN2BsZa9SzQEgR31jd6alqVLaoVxDYDaCwxxNBSopV2bT2HucQbVimVNrdGN4Rh4qx92B7Gw1tjI8yPN9TlFoWGj3pwi+zz/mhtorcey5lJa8TVxjkXkSNf+V4lReydL3eTwv7uiuZLwH2PTBDG15Rm/hahzxCFR9J9oKg67sLkTyjN6LvrpqgRBa1rWtiiHcWymuNgVwz2cvf1hown5XdoMqzGV8hoDaE1wHObyymXkKF9rKbAn1rtsOrDX5zttsJOBixkaNpJRriTyiRRaOpuZ124r7ie9ThHD2Z2deX8CHLx8RuFmORr2IyFLoU74GR2/TxyPvBsrSNeQPAxfn6XqIUIDP1BvfbSiPFVx68rqelzx+BjgJrT4BCMh3J+Uo1mHBWiQGbXfs1AB9dpSOTsYg0vtIhoRc8x9JDqaS8TV/v8OIJ+tDKMi3ta8/+MCvTixyG1Yg6bfSo+MWeSAVDeed6KPC6bM6VaHWfSVhqldVyTwCbPgMfZfXXKdLJ4w17qF1xK9rusCeD8SzJBI9gvzjv5rKInTt0u8904WSdmOH2ew + smtpPassword: AgC6xO80d7hTAAc6LUfZfDvTQq4a0dAEzn66l/75Mx1lqOKgiRVbBrpMOZKIRkdvmVKMITmPSNgU5r5abjrWkR/ng6uIWw94Swq0or2xcaGlAK0Sikq9BGBKVc8I+jDm0QKgmhZM0uP5S1gWtQj7196L1ol0HUHtq8C2HDWp/qU0A5arSxCtnvavOfbr7jy6wKg2Yw932yJ8MjFG6jxVEWCgPxpMXaMiLFsewb53KVrZaOhAo6ICrtT7IsTP376spUqZ9QPK89K80GNmwClQvdeYe0hBnx8I63bqcBdwkaoDg73OX3fb3h0jdmiWL5vDTorjMHuwiVX3zhH2DeIHPCdfCfa1Dm3RUBPevpwdoR8e1jbCBirToyTqUE2fHbiridwS4c+oDnvoAVdWUZd30UEFh2+OPSdRYKwMq4PcgKR18+bx5wTiM6zbYaRLsJVCcuqcRBZ5gWcXYi9DSdOKIXymwW90Sk06j0dW/QPSmwCXJE2deJpyiQ8Tol/pmCGhhd1foSRXiPu2lqG8HTngdjebh+aUX8cINvoN314Nc8+Mt6+2O4B32U7miUC5lsutdp2OHyviSQt4oYcLI0uK5cepaH5bKK0jrv9/E0C8Yv4KEtM7cLwGsL60TMJokNwxKLNxmkNwtykshWCKZ7OfeeQzFT5Djtv9TzcbkRamEaOT1Cb7ZQv/H9ZFho8iCrWGghHhyhFib0x66Vwv + template: + metadata: + creationTimestamp: null + name: bae-cb-secret + namespace: deployai diff --git a/aws/deployai/secrets/bae-lp-sealed-secret.yaml b/aws/deployai/secrets/bae-lp-sealed-secret.yaml new file mode 100644 index 00000000..44891e7b --- /dev/null +++ b/aws/deployai/secrets/bae-lp-sealed-secret.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: bae-lp-secret + namespace: deployai +spec: + encryptedData: + dbPassword: AgAMb3H9NDkvh9B5gDQtJQhQw2E/NYqKrQ71IgJAzLvNe97BbIfJo7XmijvOWBnYUPdkIF4Is3G4MmfJgNjNMCGZBNWjWg+0ITqGL9Uj765jD4CeGI1hWIlJf24ELPbsYZRqJm1PGNobP03nvMJRtmsVXdyRO9WCud6tw67CkTGfFA27rO+b976LaSxIj0oHsNUP9RweTfkfIJVnTd+BqVlLlRZEysRKyPQlDuuNiSmwmMPHi71lvOizxTYT+qz7oIa+ag62JPk/q6m0gy68V1CiW9fZXe9ufmDGe/TDiYi1HW+KJ7VZH1u4z0nvwrhRWKWldsQ+t36PTUWWtGnMbQmIb6KiiP8d67H2LLR7LmenLfIJESJatAQahjKOotqJVdNzrOxsMnsHoFlsOC1mAHEsCOsiRRvCTF1WnU4lhOzqfi4nNqMFj7ynr1z1zXTrcjQkdRMPjwtHH1LJjJKIrXd4co6y5W2be5InVDjOsRr3rkSURK/GyKicnDb8+KFY3hfQNzEW4aR4lOXYxzikbjPOoeq4PskNgGlzAMnBjbMO6SnmtD+Ijerv96B2rGQmDiP+Ihb3Okjj7a/iNxJfCEjONYRIh6LjG+KWWJuVIYtjupi2XQVLd16CZLfkJZk5M7wFZnt9cCK3RBgGKXqqjmnuBdzVa4nDesJcIBMmmECgyzTFyT07W4E3pkmDjkbyIVcYcJ2N + idmPassword: AgAvYzSgV4VhBbQFANES4bbGVdPvl76NmWfFtFpomRtX5JdjD3kiKL9iraWbASTZyxWa1PryZKieuulR9rWOGZ+ntelgD4yKOHyM2/eOdEr4OBWa2cqfiqDQQ0+nrkRHGlfzuZ0Fvfs7L8VefYwODbcvBFtPq+U4UF9lsnyiS2Dx9QtAGJOq+dCaWq4eKXSb4szmD2PJQUmgH7r+Hfu40rmtn3GZ60wwsnxOIsM4nasDGsz7xmyGeM5FgG3QumQBkKnAX+6XOhAcjsbxjt5GPdsPJ+HfgsE76VFQxN8NOu4cVSBD05Cfuzm3gY65Z2DOwm/sgmMaJHh1/eIITIpVQHvaIKMHJGTE94kHtcu9qL7iqT3Pi9Gwugnl1kSmIrWqMzG7/LbpSnw5Tg9l3tGHXQ4vrNi2sEeVeHut0KPiTJAcF/zPwluXePhQImgC4vGsaaDT76ot3HepiqjGmwNOiX8NzA1Dscw4WYx41GJZc/Z359g5vjF5SoMQ+4Aogj/+jO3KrdiK9fMm8E4ev9KTB+1bzsQ1GvrW/487yINb+uWYs4tqu9euakCsrSBXcz2NsAt+HqqNgTvebEmLXE7OAtC703PvSI5rcCTdIO/2SgRYtI4Y0bcMbbH9e6ySCJq7qhVd+EBXMnNF9nbn6wI1/D92MoV7FJpQ5kJ8lZC6e0B8x8gplGkW3hjdXnD8t4wrzHLcxGpZZ30aDKuM + oauthClientSecret: AgALsX55XxkoG51ZOpTFa6hYjgtc7WbACloOreFUXic2Cowp3BTb4pd3t+AwjvYmIF311KUVBiYTV+l+u1X/FlppP7vGWKgISW4/IwY3jcyjJm+sbxm/LdsngCgyIDJQ3Dj9Kfo8y5EaNqxvPidCfNeR/0o94FwbDl7n0DVIpCYrEWVS4F+INnQuuMogc0QWkJOaCY7JDaMDk93fbbylKMriXj+92k1mAk7A9TBgTyQGj6m0qWNEV55m+WwQifrIZPRagDsy1c8sDODV5nk3CfQPTGsEnw332WsxNklG7BHtpKI5CSomg9evC1fq40NM9oh9iTkqs9RmeJSs2eMveV8IAM5s/XyXWg+ZN3Rse6vtILV3vXO32v4ypd2Kid2VIM7RYOoUoCwzI7ch2lBuJR2KKXW0F3oZVeyCsyKdOvDVpJnT1zPbrrsbBDXkkKY9RKClqQAAzniaSPtOLKaKx+GfWVK59r8Oi21I039Bo2OGEw307OCrvcsSjsd99getBJIvmSx7f085l05aAe1cqsvrgZOg6yB+JwumLtqMebpyiOImsOv/q3sx4AJt+GJ28+mVByismqkStgk/rwdCqz2v4wS+1HZjItGLvcesf2na2bNZsK54WO7aw/eH9dNU6FPztnioeXL6vVCHbD7AoHqRaNzZvtiSHZn9bpZs0pk+M4T1WeS7xjjzyukak3OTVMmrpkfn35SxUKJU + template: + metadata: + creationTimestamp: null + name: bae-lp-secret + namespace: deployai diff --git a/aws/deployai/secrets/bae-sealed-secret.yaml b/aws/deployai/secrets/bae-sealed-secret.yaml deleted file mode 100644 index b09d83f8..00000000 --- a/aws/deployai/secrets/bae-sealed-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: bae-secret - namespace: deployai -spec: - encryptedData: - dbPassword: AgDYSvUYeSslMGpLRoK4IBsKN54SgK0dYaiAYEEbkoP28qbDs6gYLUybo+lXs4EknHEKz3bfu1DVf1PdGFV5szeW6BS/oHg38Xbpr0Pgm0tC80HNEziLjfONDnsYBSN03Yz1jfD22pyuOLDmn2j3st0lA2lre1oPme1PALZfVMzogzSRRrsgZyR8HTnVmffRDukNzQrIsmo8rgm1Dm2TWo/WnZ6xtD2cJtMKj651oi9FqpJ5keohuxN9aS/d7GhQiIPYsZud91SnjgUxO9l9Vd5JWZqpDKakaO37rab6gxGPoWj0AjPh0DRsl4omzIPTv3O92dHlpREUfLnyUCeUVlj0VTglQvLDe+WWLeqsoo4EmVlssH9Hxjk176bzW6fyB2pskzeLPq7AK7WkIt4Bk0KGmZztTzChUYnGcOamLqN1G8VZ3oJIspDqqKZhL5TB3+ItC6LemWdMO4XGuqSAKnQROsOyyUl05qeGiOpPUZHfEgYRKni/KeXD9xdtQCdNiJlykGtMXhqG04BAN5BDOACyQEmNqYfGcvWeOx+JBYP8k8B6q5RgdoP82/thG+6LboxnAH/vNK6s1dWvKnCXTODUTgU9xAyI7HJ72fftTmvsQMpJqxNWC061EI8YBHryZGNURWs2zqMNG7UxZ8KnOtRvSrqk/5JYQ67k7tbhD2k3XqGrYvFmHkhSmCH+kzNoiRV8w4rFeJIcLmnZyySXVQ== - template: - metadata: - creationTimestamp: null - name: bae-secret - namespace: deployai