Add OnBoarding portal (#443)

Mortega5 · github-actions[bot] · web-flow · commit 7fcc5249fb0b · 2026-02-03T09:01:23.000+01:00
* feat(chart): add onboarding-portal chart

* Update helm documentation

* Update helm documentation

---------

Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
diff --git a/charts/onboarding-portal/Chart.yaml b/charts/onboarding-portal/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: onboarding-portal
+version: 1.2.0
+appVersion: 0.0.1
+type: application
+description: A Helm chart for the OnBoarding Portal
+icon: https://fiware.github.io/catalogue/img/fiware.png
+maintainers:
+  - name: "Miguel Ortega"
+    email: "miguel.ortega@seamware.com"
+keywords:
+  - onboarding
+  - FIWARE
+  - Data Space Connector
diff --git a/charts/onboarding-portal/README.md b/charts/onboarding-portal/README.md
@@ -0,0 +1,73 @@
+# onboarding-portal
+
+![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+
+A Helm chart for the OnBoarding Portal
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Miguel Ortega | <miguel.ortega@seamware.com> |  |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | Affinity rules for pod scheduling |
+| config | object | `{"app":{"documentToSignUrl":"","keycloak":{"auth":{"clientId":"admin-cli","grantType":"password","password":"${APP_KEYCLOAK_PASSWORD}","username":"${APP_KEYCLOAK_USERNAME}"},"baseUrl":""},"login":{"clientId":"${APP_CLIENT_ID}","clientSecret":"${APP_CLIENT_SECRET}","codeChallenge":true,"openIdUrl":"","scope":"openid"},"tir":{"url":""}},"database":{"database":"","host":"","logging":false,"password":"${APP_DB_PASSWORD}","port":5432,"synchronize":true,"type":"postgres","username":"${APP_DB_USERNAME}"},"email":{"enabled":false,"type":"nodemailer"},"logging":{"level":"info"},"server":{"cors":{"allowedHeaders":["Content-Type","Authorization","X-Organization"],"credentials":true,"maxAge":600,"methods":["GET","POST","PUT","DELETE","OPTIONS"],"optionsSuccessStatus":204,"origin":"*"},"port":8080,"storage":{"destFolder":"files","maxSizeMB":5}}}` | Internal application configuration |
+| config.app.documentToSignUrl | string | `""` | URL that contains the pdf to be signed |
+| config.app.keycloak.auth | object | `{"clientId":"admin-cli","grantType":"password","password":"${APP_KEYCLOAK_PASSWORD}","username":"${APP_KEYCLOAK_USERNAME}"}` | Authentication information needed to create new realms |
+| config.app.keycloak.baseUrl | string | `""` | URL of the keycloak where new realms will be created |
+| config.app.login.clientId | string | `"${APP_CLIENT_ID}"` | ClientId of the OpenID server |
+| config.app.login.clientSecret | string | `"${APP_CLIENT_SECRET}"` | ClientSecret of the OpenID server |
+| config.app.login.codeChallenge | bool | `true` | Type of codeChallenge |
+| config.app.login.openIdUrl | string | `""` | URL of the OpenID server (e.g: keycloak) |
+| config.app.login.scope | string | `"openid"` | Scopes required in the openid request |
+| config.app.tir | object | `{"url":""}` | Trust Issuer Register where DID's will be registered |
+| config.database | object | `{"database":"","host":"","logging":false,"password":"${APP_DB_PASSWORD}","port":5432,"synchronize":true,"type":"postgres","username":"${APP_DB_USERNAME}"}` | Database configuration. See [TypeORM documentation](https://typeorm.io/docs/data-source/data-source-options) |
+| config.email | object | `{"enabled":false,"type":"nodemailer"}` | Email configuration using [Nodemailer](https://nodemailer.com/) |
+| config.server.cors | object | `{"allowedHeaders":["Content-Type","Authorization","X-Organization"],"credentials":true,"maxAge":600,"methods":["GET","POST","PUT","DELETE","OPTIONS"],"optionsSuccessStatus":204,"origin":"*"}` | CORS configuration |
+| config.server.port | int | `8080` | Server running port |
+| config.server.storage.destFolder | string | `"files"` | Local folder to store pdf |
+| config.server.storage.maxSizeMB | int | `5` | Max pdf file size |
+| extraEnvVars | list | `[]` | Extra environment variables to pass to the container |
+| fullnameOverride | string | `""` | String to fully override the chart name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"quay.io/seamware/onboarding"` | Repository for the application image |
+| image.tag | string | `""` | Overrides the image tag (defaults to appVersion in Chart.yaml) |
+| imagePullSecrets | list | `[]` | Image pull secrets for private repositories |
+| ingress.annotations | object | `{"nginx.ingress.kubernetes.io/proxy-body-size":"8m","nginx.ingress.kubernetes.io/proxy-buffer-size":"16k"}` | Ingress annotations |
+| ingress.className | string | `""` | Ingress class name |
+| ingress.enabled | bool | `false` | Enable ingress resource |
+| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Ingress host configuration |
+| ingress.tls | list | `[]` | Ingress TLS configuration |
+| livenessProbe | object | `{"httpGet":{"path":"/health/live","port":"http"}}` | Liveness probe configuration |
+| nameOverride | string | `""` | String to partially override the chart name |
+| nodeSelector | object | `{}` | Node selector for pod scheduling |
+| persistence.accessModes | list | `["ReadWriteOnce"]` | Access modes for the PVC |
+| persistence.annotations | object | `{}` | Annotations for the PVC |
+| persistence.create | bool | `false` | Create a new PVC |
+| persistence.enabled | bool | `false` | Enable persistence using PVC |
+| persistence.existingClaim | string | `""` | Existing PVC to use |
+| persistence.size | string | `"1Gi"` | Size of the PVC |
+| persistence.storageClass | string | `""` | Storage class for the PVC |
+| podAnnotations | object | `{}` | Annotations to add to the pod |
+| podLabels | object | `{}` | Labels to add to the pod |
+| podSecurityContext | object | `{}` | Pod-level security context |
+| readinessProbe | object | `{"httpGet":{"path":"/health/ready","port":"http"}}` | Readiness probe configuration |
+| replicaCount | int | `1` | Number of replicas for the deployment |
+| resources | object | `{}` | Resource limits and requests for the pod |
+| secrets | object | `{"database":{"passwordKey":"","secretName":"","usernameKey":""},"keycloak":{"passwordKey":"","secretName":"","usernameKey":""},"login":{"clientIdKey":"","clientSecretKey":"","secretName":""}}` | External secrets mapping configuration |
+| secrets.database | object | `{"passwordKey":"","secretName":"","usernameKey":""}` | Database secrets |
+| secrets.keycloak | object | `{"passwordKey":"","secretName":"","usernameKey":""}` | Onboarding keycloak secrets |
+| secrets.login | object | `{"clientIdKey":"","clientSecretKey":"","secretName":""}` | Admin login secrets |
+| securityContext | object | `{}` | Container-level security context |
+| service.port | int | `80` | Service port |
+| service.type | string | `"ClusterIP"` | Kubernetes Service type |
+| tolerations | list | `[]` | Tolerations for pod scheduling |
+| volumeMounts | list | `[]` | Additional volume mounts |
+| volumes | list | `[]` | Additional volumes to mount |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/onboarding-portal/templates/_helpers.tpl b/charts/onboarding-portal/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "onboarding.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "onboarding.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "onboarding.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "onboarding.labels" -}}
+helm.sh/chart: {{ include "onboarding.chart" . }}
+{{ include "onboarding.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "onboarding.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "onboarding.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/onboarding-portal/templates/configmap.yaml b/charts/onboarding-portal/templates/configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "onboarding.fullname" . }}-cm
+  labels:
+    {{- include "onboarding.labels" . | nindent 4 }}
+data:
+  application.yaml: |-
+  {{- .Values.config | toYaml | nindent 4 }}
diff --git a/charts/onboarding-portal/templates/deployment.yaml b/charts/onboarding-portal/templates/deployment.yaml
@@ -0,0 +1,145 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "onboarding.fullname" . }}
+  labels:
+    {{- include "onboarding.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "onboarding.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "onboarding.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.config.server.port }}
+              protocol: TCP
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: app-config-volume
+              mountPath: /app/config
+              readOnly: true
+            - name: data
+              mountPath: /app/files
+          env:
+            {{- if .Values.secrets.database.secretName }}
+            {{- if .Values.secrets.database.usernameKey }}
+            - name: APP_DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.database.secretName }}
+                  key: {{ .Values.secrets.database.usernameKey }}
+            {{- end }}
+            {{- if .Values.secrets.database.passwordKey }}
+            - name: APP_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.database.secretName }}
+                  key: {{ .Values.secrets.database.passwordKey }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.secrets.login.secretName }}
+            {{- if .Values.secrets.login.clientIdKey }}
+            - name: APP_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.login.secretName }}
+                  key: {{ .Values.secrets.login.clientIdKey }}
+            {{- end }}
+            {{- if .Values.secrets.login.clientSecretKey }}
+            - name: APP_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.login.secretName }}
+                  key: {{ .Values.secrets.login.clientSecretKey }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.secrets.keycloak.secretName }}
+            {{- if .Values.secrets.keycloak.usernameKey }}
+            - name: APP_KEYCLOAK_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.keycloak.secretName }}
+                  key: {{ .Values.secrets.keycloak.usernameKey }}
+            {{- end }}
+            {{- if .Values.secrets.keycloak.passwordKey }}
+            - name: APP_KEYCLOAK_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.keycloak.secretName }}
+                  key: {{ .Values.secrets.keycloak.passwordKey }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.extraEnvVars }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+      volumes:
+        - name: app-config-volume
+          configMap:
+            name: {{ include "onboarding.fullname" . }}-cm
+            defaultMode: 0644
+        {{- if and .Values.persistence.enabled }}
+        {{- if .Values.persistence.existingClaim }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+        {{- else if .Values.persistence.create }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "onboarding.fullname" . }}-pvc
+        {{- end }}
+        {{- else }}
+        - name: data
+          emptyDir: {}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/onboarding-portal/templates/ingress.yaml b/charts/onboarding-portal/templates/ingress.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "onboarding.fullname" . }}
+  labels:
+    {{- include "onboarding.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- with .pathType }}
+            pathType: {{ . }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "onboarding.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/onboarding-portal/templates/pvc.yaml b/charts/onboarding-portal/templates/pvc.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.persistence.enabled .Values.persistence.create }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "onboarding.fullname" . }}-pvc
+  labels:
+    {{- include "onboarding.labels" . | nindent 4 }}
+  {{- if .Values.persistence.annotations }}
+  annotations:
+  {{- .Values.persistence.annotations | toYaml | indent 4 }}
+  {{- end }}
+spec:
+  accessModes: {{ .Values.persistence.accessModes }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+{{- end }}
diff --git a/charts/onboarding-portal/templates/service.yaml b/charts/onboarding-portal/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "onboarding.fullname" . }}
+  labels:
+    {{- include "onboarding.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "onboarding.selectorLabels" . | nindent 4 }}
diff --git a/charts/onboarding-portal/values.yaml b/charts/onboarding-portal/values.yaml
diff --git a/charts/vcverifier/Chart.yaml b/charts/vcverifier/Chart.yaml
diff --git a/charts/vcverifier/README.md b/charts/vcverifier/README.md
