Create Acapy Helm Chart (openwallet-foundation#3599)

* Create Acapy Helm chart

Signed-off-by: Ivan P <[email protected]>

* Update templates, values, create readme

Signed-off-by: Ivan P <[email protected]>

* remove ledger from default values

Signed-off-by: Ivan P <[email protected]>

* Update Readme

Signed-off-by: Ivan P <[email protected]>

* Update acapy version

Signed-off-by: Ivan P <[email protected]>

* Cleanup helpers file

Signed-off-by: Ivan P <[email protected]>

* Implement websockets flag

Signed-off-by: Ivan P <[email protected]>

* Update Readme

Signed-off-by: Ivan P <[email protected]>

* Addressing comments

Signed-off-by: Ivan P <[email protected]>

---------

Signed-off-by: Ivan P <[email protected]>
Co-authored-by: jamshale <[email protected]>

Author: i5okie

charts/acapy/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/acapy/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami/
+  version: 15.5.38
+- name: common
+  repository: https://charts.bitnami.com/bitnami/
+  version: 2.27.0
+digest: sha256:b97fd206aee47f3869935fdbe062eded88b9c429a411b32335e4effa99318c36
+generated: "2025-03-06T09:40:05.890168-08:00"

charts/acapy/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: acapy
+description: A Helm chart for ACA-Py - A Cloud Agent - Python
+type: application
+
+version: 0.1.0
+appVersion: "1.2.4"
+
+dependencies:
+  - name: postgresql
+    version: 15.5.38
+    repository: https://charts.bitnami.com/bitnami/
+    condition: postgresql.enabled
+  - name: common
+    repository: https://charts.bitnami.com/bitnami/
+    tags:
+      - bitnami-common
+    version: 2.x.x

charts/acapy/README.md

@@ -0,0 +1,27 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+1. Get the application URL by running these commands:
+{{- if contains "LoadBalancer" .Values.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
+
+    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }})
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+    echo "http://${SERVICE_IP}:${SERVICE_PORT}"
+
+{{- else if contains "ClusterIP"  .Values.service.type }}
+
+    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }})
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} &
+    echo "http://127.0.0.1:${SERVICE_PORT}"
+
+{{- else if contains "NodePort" .Values.service.type }}
+
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    echo "http://${NODE_IP}:${NODE_PORT}"
+
+{{- end }}

charts/acapy/charts/common-2.27.0.tgz

@@ -0,0 +1,155 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "acapy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create URL based on hostname and TLS status
+*/}}
+{{- define "acapy.agent.url" -}}
+{{- if .Values.ingress.agent.tls -}}
+{{- printf "https://%s" (include "acapy.host" .) }}
+{{- else -}}
+{{- printf "http://%s" (include "acapy.host" .) }}
+{{- end -}}
+{{- end }}
+
+{{/*
+Create Websockets URL based on hostname and TLS status
+*/}}
+{{- define "acapy.agent.wsUrl" -}}
+{{- if .Values.ingress.agent.tls -}}
+{{- printf "wss://%s" (include "acapy.host" .) }}
+{{- else -}}
+{{- printf "ws://%s" (include "acapy.host" .) }}
+{{- end -}}
+{{- end }}
+
+{{/*
+generate hosts if not overriden
+*/}}
+{{- define "acapy.host" -}}
+{{- if .Values.ingress.agent.enabled -}}
+    {{ .Values.ingress.agent.hostname }}
+{{- else -}}
+    {{ .Values.agentUrl }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns a secret if it already in Kubernetes, otherwise it creates
+it randomly.
+
+Usage:
+{{ include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" (include "acapy.databaseSecretName" .) "Key" "postgres-password" "Length" 32) }}
+
+*/}}
+{{- define "getOrGeneratePass" }}
+{{- $len := (default 16 .Length) | int -}}
+{{- $obj := (lookup "v1" .Kind .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key -}}
+{{- else if (eq (lower .Kind) "secret") -}}
+{{- randAlphaNum $len | b64enc -}}
+{{- else -}}
+{{- randAlphaNum $len -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Create a default fully qualified postgresql name.
+*/}}
+{{- define "acapy.database.secretName" -}}
+{{- if .Values.walletStorageCredentials.existingSecret -}}
+{{- .Values.walletStorageCredentials.existingSecret -}}
+{{- else -}}
+{{ printf "%s-postgresql" (include "common.names.fullname" .) }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name for the postgres requirement.
+*/}}
+{{- define "global.postgresql.fullname" -}}
+{{- if .Values.postgresql.fullnameOverride }}
+{{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $postgresContext := dict "Values" .Values.postgresql "Release" .Release "Chart" (dict "Name" "postgresql") -}}
+{{ template "postgresql.v1.primary.fullname" $postgresContext }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate acapy wallet storage config
+*/}}
+{{- define "acapy.walletStorageConfig" -}}
+{{- if .Values.walletStorageConfig.json -}}
+    {{- .Values.walletStorageConfig.json -}}
+{{- else if .Values.walletStorageConfig.url -}}
+    '{"url":"{{ .Values.walletStorageConfig.url }}","max_connections":"{{ .Values.walletStorageConfig.max_connection | default 10 }}", "wallet_scheme":"{{ .Values.walletStorageConfig.wallet_scheme }}"}'
+{{- else if .Values.postgresql.enabled -}}
+    '{"url":"{{ include "global.postgresql.fullname" . }}:{{ .Values.postgresql.primary.service.ports.postgresql }}","max_connections":"{{ .Values.walletStorageConfig.max_connections }}","wallet_scheme":"{{ .Values.walletStorageConfig.wallet_scheme }}"}'
+{{- else -}}
+    ''
+{{ end }}
+{{- end -}}
+
+{{/*
+Generate acapy wallet storage credentials
+*/}}
+{{- define "acapy.walletStorageCredentials" -}}
+{{- if .Values.walletStorageCredentials.json -}}
+    {{- .Values.walletStorageCredentials.json -}}
+{{- else if .Values.postgresql.enabled -}}
+    '{"account":"{{ .Values.postgresql.auth.username }}","password":"$(POSTGRES_PASSWORD)","admin_account":"{{ .Values.walletStorageCredentials.admin_account }}","admin_password":"$(POSTGRES_POSTGRES_PASSWORD)"}'
+{{- else -}}
+    '{"account":"{{ .Values.walletStorageCredentials.account | default "acapy" }}","password":"$(POSTGRES_PASSWORD)","admin_account":"{{ .Values.walletStorageCredentials.admin_account }}","admin_password":"$(POSTGRES_POSTGRES_PASSWORD)"}'
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "acapy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "acapy.labels" -}}
+helm.sh/chart: {{ include "acapy.chart" . }}
+{{ include "acapy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "acapy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "acapy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "acapy.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "acapy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/acapy/charts/postgresql-15.5.38.tgz

@@ -0,0 +1,21 @@
+{{ $secretName := printf "%s-api" (include "common.names.fullname" .) }}
+{{ $adminApiKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $secretName "Key" "adminApiKey" "Length" 32) }}
+{{ $walletKey := include "getOrGeneratePass" (dict "Namespace" .Release.Namespace "Kind" "Secret" "Name" $secretName "Key" "walletKey" "Length" 32) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ printf "%s-api" (include "common.names.fullname" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: agent
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  {{- if not (index .Values "argfile.yml" "admin-insecure-mode") }}
+  adminApiKey: {{ $adminApiKey }}
+  {{- end }}
+  walletKey: {{ $walletKey }}

charts/acapy/templates/NOTES.txt

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-config" (include "common.names.fullname" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: agent0
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  argfile.yml: |
+    label: '{{ include "common.names.fullname" . }}'
+    {{- include "common.tplvalues.render" ( dict "value" (index .Values "argfile.yml") "context" $) | nindent 4 }}
+  {{- if index .Values "ledgers.yml" }}
+  ledgers.yml: |
+    {{- include "common.tplvalues.render" ( dict "value" (index .Values "ledgers.yml") "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if index .Values "plugin-config.yml" }}
+  plugin-config.yml: |
+    {{- include "common.tplvalues.render" ( dict "value" (index .Values "plugin-config.yml") "context" $) | nindent 4 }}
+  {{- end }}