Merge pull request #248 from eclipse-tractusx/feat/r25.03

Feat/r25.03: Added API walkthrough and helm charts for int

Author: matbmoser

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,123 @@
+name: Bug Report
+description: Report a bug or unexpected behavior in Tractus-X IdentityHub / IssuerService
+title: "[BUG] <short description>"
+labels: ["bug", "triage"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for reporting a bug! Please fill in as much detail as possible to help us reproduce and fix the issue.
+
+  - type: dropdown
+    id: component
+    attributes:
+      label: Affected Component
+      description: Which component is affected?
+      options:
+        - IdentityHub
+        - IssuerService
+        - Both
+        - Helm Charts
+        - Documentation
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Which version of Tractus-X IdentityHub are you running?
+      placeholder: "e.g., 0.7.0"
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: A clear and concise description of what the bug is.
+      placeholder: "Describe the unexpected behavior..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What did you expect to happen?
+      placeholder: "I expected..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: What actually happened?
+      placeholder: "Instead, what happened was..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Provide a minimal set of steps to reproduce the issue.
+      placeholder: |
+        1. Call `POST /v1alpha/participants/{id}/credentialdefinitions` with payload `...`
+        2. Then call `POST /api/sts/v1/token`
+        3. Observe error / unexpected output
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant Logs / API Responses
+      description: Paste any relevant logs, error messages, or API responses.
+      render: shell
+
+  - type: dropdown
+    id: deployment
+    attributes:
+      label: Deployment Type
+      options:
+        - Kubernetes (Helm)
+        - Docker Compose
+        - Local / IDE
+        - Other
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Provide details about your environment.
+      placeholder: |
+        - OS: macOS 14 / Ubuntu 22.04 / ...
+        - Java version: 21
+        - Kubernetes version: 1.29
+        - Database: PostgreSQL 15
+      render: markdown
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Any other context, screenshots, or related issues.
+
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have searched existing issues and this is not a duplicate.
+          required: true
+        - label: I have provided a minimal reproduction case.
+          required: false
+        - label: I am willing to submit a pull request to fix this.
+          required: false

charts/tractusx-identityhub/Chart.yaml

@@ -36,12 +36,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: v0.2.0-rc1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "v0.2.0-rc1"
 home: https://github.com/eclipse-tractusx/tractusx-identityhub/tree/main/charts/tractusx-identityhub
 sources:
   - https://github.com/eclipse-tractusx/tractusx-identityhub/tree/main/charts/tractusx-identityhub

charts/tractusx-identityhub/templates/ingress.yaml

@@ -83,7 +83,7 @@ spec:
           {{- range  $name, $mapping := $controlEdcEndpoints }}
           {{- if (has $name $ingressEdcEndpoints) }}
           - path: {{ $mapping.path }}
-            pathType: Prefix
+            pathType: {{ $mapping.pathType | default "Prefix" }}
             backend:
               {{- if semverCompare ">=1.19-0" $gitVersion }}
               service:

charts/tractusx-identityhub/values-int.yaml

@@ -0,0 +1,139 @@
+###############################################################
+# Eclipse Tractus-X - identity-hub
+#
+# Copyright (c) 2025 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+---
+# Example values file for deploying the identity-hub with an external
+# HashiCorp Vault instance (i.e., the bundled dev Vault is disabled).
+#
+# Secrets referenced with the <path:...> syntax are resolved at deploy-time
+# by the ArgoCD Vault Plugin (AVP) or an equivalent secrets-injection tool.
+
+nameOverride: identity-hub
+fullnameOverride: identity-hub
+
+install:
+  # -- Disable the bundled PostgreSQL subchart; use an external database instead
+  postgresql: true
+  # -- Disable the bundled HashiCorp Vault dev-mode subchart
+  vault: false
+
+identityhub:
+  image:
+    pullPolicy: Always
+
+  endpoints:
+    default:
+      port: 8081
+      path: /api
+    identity:
+      port: 8082
+      path: /api/identity
+      # -- API key alias stored in the external vault
+      authKeyAlias: identity-api-key
+    credentials:
+      port: 8083
+      path: /api/credentials
+    did:
+      port: 8084
+      path: /
+    accounts:
+      port: 8085
+      path: /api/accounts
+      authKeyAlias: accounts-api-key
+    version:
+      port: 8086
+      path: /.well-known/api
+      pathType: ImplementationSpecific
+    sts:
+      port: 8087
+      path: /api/sts
+
+  ## Ingress declaration to expose the network service.
+  ingresses:
+    ## Single Ingress exposing all endpoints under one hostname
+    - enabled: true
+      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
+      hostname: "identity-hub.int.catena-x.net"
+      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use
+      className: "nginx"
+      # -- Additional ingress annotations to add
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-prod
+      # -- Endpoints exposed by this ingress resource
+      endpoints:
+        - credentials
+        - did
+        - sts
+        - identity
+        - accounts
+        - version
+      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
+      tls:
+        # -- Enables TLS on the ingress resource
+        enabled: true
+        # -- If present overwrites the default secret name
+        secretName: "tls-secret-identity-hub"
+      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
+      certManager:
+        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
+        issuer: ""
+        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
+        clusterIssuer: ""
+
+  resources:
+    limits:
+      cpu: 1.5
+      memory: 512Mi
+    requests:
+      cpu: 500m
+      memory: 128Mi
+
+#############################
+## PostgreSQL configuration
+#############################
+postgresql:
+  nameOverride: identity-hub-postgresql
+  fullnameOverride: identity-hub-postgresql
+  jdbcUrl: "jdbc:postgresql://identity-hub-postgresql:5432/ih"
+  auth:
+    database: "ih"
+    username: <path:identity-hub/data/db#username>
+    password: <path:identity-hub/data/db#password>
+
+####################################
+## External HashiCorp Vault config
+####################################
+vault:
+  hashicorp:
+    # -- URL of the external HashiCorp Vault instance
+    url: <path:identity-hub/data/vault#url>
+    # -- Authentication token for the external vault
+    token: <path:identity-hub/data/vault#token>
+    # -- Timeout in seconds for vault operations
+    timeout: 30
+    healthCheck:
+      enabled: true
+      standbyOk: true
+    paths:
+      # -- Base path for the KV secrets engine (e.g. /v1/secret)
+      secret: <path:identity-hub/data/vault#secretPath>
+      # -- Health check endpoint of the vault
+      health: /v1/sys/health

charts/tractusx-identityhub/values.yaml

@@ -40,7 +40,7 @@ customCaCerts: {}
 
 identityhub:
   image:
-    repository: ""
+    repository: "tractusx/identityhub"
     # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
     pullPolicy: IfNotPresent
     # -- Overrides the image tag whose default is the chart appVersion

charts/tractusx-issuerservice/Chart.yaml

@@ -36,12 +36,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: v0.2.0-rc1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "v0.2.0-rc1"
 home: https://github.com/eclipse-tractusx/tractusx-identityhub/tree/main/charts/tractusx-issuerservice
 sources:
   - https://github.com/eclipse-tractusx/tractusx-identityhub/tree/main/charts/tractusx-issuerservice
@@ -58,3 +58,7 @@ dependencies:
     version: 0.29.1
     repository: https://helm.releases.hashicorp.com
     condition: install.vault
+  - condition: pgadmin4.enabled
+    name: pgadmin4
+    repository: https://helm.runix.net
+    version: 1.25.x

charts/tractusx-issuerservice/templates/ingress.yaml

@@ -83,7 +83,7 @@ spec:
           {{- range  $name, $mapping := $controlEdcEndpoints }}
           {{- if (has $name $ingressEdcEndpoints) }}
           - path: {{ $mapping.path }}
-            pathType: Prefix
+            pathType: {{ $mapping.pathType | default "Prefix" }}
             backend:
               {{- if semverCompare ">=1.19-0" $gitVersion }}
               service: