Skip to content

Commit 36391cd

Browse files
loneilloneil
authored
Merge pull request #855 from i5okie/feat/chart-update
[chart] Update Acapy sub-chart to version 0.2.1 to use new secrets values
2 parents dc07c0b + 6728032 commit 36391cd

File tree

8 files changed

+70
-45
lines changed

8 files changed

+70
-45
lines changed

charts/vc-authn-oidc/Chart.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
dependencies:
22
- name: acapy
33
repository: https://openwallet-foundation.github.io/helm-charts/
4-
version: 0.1.9
4+
version: 0.2.1
55
- name: mongodb
66
repository: https://charts.bitnami.com/bitnami
77
version: 16.4.1
88
- name: common
99
repository: https://charts.bitnami.com/bitnami
1010
version: 2.31.4
11-
digest: sha256:78aaae4aaa8f1d9fd59aeb99aecaaa4d7464b962e750a1bccdd9cba0a23ef49d
12-
generated: "2025-08-28T18:51:03.693284-07:00"
11+
digest: sha256:8e7a89561462c0f3fdd3ef65f0a8a08c125d0a5c2aedddfe983120bec61fa40a
12+
generated: "2025-09-10T11:46:19.793605-07:00"

charts/vc-authn-oidc/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: A Helm chart to deploy ACAPy VC-AuthN on OpenShift
44
type: application
55

66
appVersion: "2.3.0"
7-
version: 0.4.2
7+
version: 0.4.3
88

99
maintainers:
1010
- email: emiliano.sune@quartech.com
@@ -17,7 +17,7 @@ maintainers:
1717
# Charts the vc-authn-oidc service depends on
1818
dependencies:
1919
- name: acapy
20-
version: 0.1.9
20+
version: 0.2.1
2121
repository: https://openwallet-foundation.github.io/helm-charts/
2222
- name: mongodb
2323
version: 16.4.1

charts/vc-authn-oidc/README.md

Lines changed: 37 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# VC-AuthN OIDC
22

3-
![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square)
3+
![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square)
44

55
A Helm chart to deploy Verifiable Credential Identity Provider for OpenID Connect.
66

@@ -168,27 +168,25 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
168168

169169
### Acapy Configuration
170170

171-
| Name | Description | Value |
172-
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
173-
| `acapy.enabled` | Deploy AcaPy agent instance | `true` |
174-
| `acapy.existingSecret` | Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys. | `""` |
175-
| `acapy.agentSeed.existingSecret` | Name of existing secret with the 'seed' key. | `""` |
176-
| `acapy.image.registry` | | `ghcr.io` |
177-
| `acapy.image.repository` | | `openwallet-foundation/acapy-agent` |
178-
| `acapy.image.pullPolicy` | | `IfNotPresent` |
179-
| `acapy.image.pullSecrets` | | `[]` |
180-
| `acapy.image.tag` | | `py3.12-1.3.1` |
181-
| `acapy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
182-
| `acapy.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
183-
| `acapy.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
184-
| `acapy.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
185-
| `acapy.replicaCount` | Number of AcaPy replicas to deploy | `1` |
186-
| `acapy.autoscaling.enabled` | Enable Horizontal POD autoscaling for AcaPy | `true` |
187-
| `acapy.autoscaling.minReplicas` | Minimum number of AcaPy replicas | `1` |
188-
| `acapy.autoscaling.maxReplicas` | Maximum number of AcaPy replicas | `100` |
189-
| `acapy.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage | `80` |
190-
| `acapy.autoscaling.targetMemoryUtilizationPercentage` | Target Memory utilization percentage | `""` |
191-
| `acapy.autoscaling.stabilizationWindowSeconds` | Stabilization window in seconds | `300` |
171+
| Name | Description | Value |
172+
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
173+
| `acapy.enabled` | Deploy AcaPy agent instance | `true` |
174+
| `acapy.image.registry` | | `ghcr.io` |
175+
| `acapy.image.repository` | | `openwallet-foundation/acapy-agent` |
176+
| `acapy.image.pullPolicy` | | `IfNotPresent` |
177+
| `acapy.image.pullSecrets` | | `[]` |
178+
| `acapy.image.tag` | | `py3.12-1.3.1` |
179+
| `acapy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
180+
| `acapy.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
181+
| `acapy.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
182+
| `acapy.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
183+
| `acapy.replicaCount` | Number of AcaPy replicas to deploy | `1` |
184+
| `acapy.autoscaling.enabled` | Enable Horizontal POD autoscaling for AcaPy | `true` |
185+
| `acapy.autoscaling.minReplicas` | Minimum number of AcaPy replicas | `1` |
186+
| `acapy.autoscaling.maxReplicas` | Maximum number of AcaPy replicas | `100` |
187+
| `acapy.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage | `80` |
188+
| `acapy.autoscaling.targetMemoryUtilizationPercentage` | Target Memory utilization percentage | `""` |
189+
| `acapy.autoscaling.stabilizationWindowSeconds` | Stabilization window in seconds | `300` |
192190

193191
### Acapy configuration file
194192

@@ -220,14 +218,23 @@ Note: Secure values of the configuration are passed via equivalent environment v
220218

221219
### Acapy common configurations
222220

223-
| Name | Description | Value |
224-
| --------------------------------- | ------------------------------------------------- | ------- |
225-
| `acapy.resources.limits` | The cpu and memory limit for the Acapy containers | `{}` |
226-
| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `384Mi` |
227-
| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `250m` |
228-
| `acapy.service.ports.http` | AcaPy service HTTP port | `8021` |
229-
| `acapy.service.ports.admin` | AcaPy service admin port | `8022` |
230-
| `acapy.service.ports.ws` | AcaPy service websockets port | `8023` |
221+
| Name | Description | Value |
222+
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------- | ------------- |
223+
| `acapy.resources.limits` | The cpu and memory limit for the Acapy containers | `{}` |
224+
| `acapy.resources.requests.memory` | The requested memory for the Acapy containers | `384Mi` |
225+
| `acapy.resources.requests.cpu` | The requested cpu for the Acapy containers | `250m` |
226+
| `acapy.service.ports.http` | AcaPy service HTTP port | `8021` |
227+
| `acapy.service.ports.admin` | AcaPy service admin port | `8022` |
228+
| `acapy.service.ports.ws` | AcaPy service websockets port | `8023` |
229+
| `acapy.secrets.api.retainOnUninstall` | When true, adds helm.sh/resource-policy: keep to generated api secret | `true` |
230+
| `acapy.secrets.api.existingSecret` | Name of an existing Secret providing API related keys. If set, the chart will NOT create the api secret. | `""` |
231+
| `acapy.secrets.api.secretKeys.adminApiKey` | Key in the API secret holding the admin API key. | `adminApiKey` |
232+
| `acapy.secrets.api.secretKeys.jwtKey` | Key in the API secret holding the multitenant JWT signing secret. | `jwt` |
233+
| `acapy.secrets.api.secretKeys.walletKey` | Key in the API secret holding the wallet key. | `walletKey` |
234+
| `acapy.secrets.api.secretKeys.webhookapiKey` | Key in the API secret holding the webhook API key (used when embedding in webhook-url). | `webhookapi` |
235+
| `acapy.secrets.seed.retainOnUninstall` | When true, adds helm.sh/resource-policy: keep to generated seed secret | `true` |
236+
| `acapy.secrets.seed.existingSecret` | Name of an existing Secret providing the wallet seed. If set, the chart will NOT create the seed secret. | `""` |
237+
| `acapy.secrets.seed.secretKeys.seed` | Key in the seed secret holding the wallet seed value. | `seed` |
231238

232239
### Acapy NetworkPolicy parameters
233240

charts/vc-authn-oidc/charts/acapy-0.1.9.tgz

-119 KB
Binary file not shown.

charts/vc-authn-oidc/charts/acapy-0.2.1.tgz

122 KB
Binary file not shown.

charts/vc-authn-oidc/templates/_helpers.tpl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -230,8 +230,8 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
230230
Return the acapy secret name
231231
*/}}
232232
{{- define "vc-authn-oidc.acapy.secretName" -}}
233-
{{- if .Values.acapy.existingSecret -}}
234-
{{- .Values.acapy.existingSecret -}}
233+
{{- if .Values.acapy.secrets.api.existingSecret -}}
234+
{{- .Values.acapy.secrets.api.existingSecret -}}
235235
{{- else -}}
236236
{{- printf "%s-%s-api" (include "global.fullname" .) (include "vc-authn-oidc.acapy.name" .) | trunc 63 | trimSuffix "-" -}}
237237
{{- end -}}

charts/vc-authn-oidc/templates/deployment.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ spec:
105105
valueFrom:
106106
secretKeyRef:
107107
name: {{ include "vc-authn-oidc.acapy.secretName" . }}
108-
key: adminApiKey
108+
key: {{ .Values.acapy.secrets.api.secretKeys.adminApiKey | default "adminApiKey" }}
109109
- name: ST_ACAPY_ADMIN_API_KEY_NAME
110110
value: "x-api-key"
111111
{{- else }}
@@ -115,7 +115,7 @@ spec:
115115
valueFrom:
116116
secretKeyRef:
117117
name: {{ include "vc-authn-oidc.acapy.secretName" . }}
118-
key: walletKey
118+
key: {{ .Values.acapy.secrets.api.secretKeys.walletKey | default "walletKey" }}
119119
{{- end }}
120120
- name: SIGNING_KEY_FILEPATH
121121
value: {{ printf "/opt/token/%s" .Values.auth.token.privateKey.filename }}

charts/vc-authn-oidc/values.yaml

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -279,12 +279,6 @@ acapy:
279279
## @param acapy.enabled Deploy AcaPy agent instance
280280
enabled: true
281281

282-
## @param acapy.existingSecret Name of existing secret, required if `enabled` is `false`; Secret must contain `adminApiKey`, `walletKey`, and `webhookApiKey` keys.
283-
existingSecret: ""
284-
## @param acapy.agentSeed.existingSecret Name of existing secret with the 'seed' key.
285-
agentSeed:
286-
existingSecret: ""
287-
288282
## @param acapy.image.registry
289283
## @param acapy.image.repository
290284
## @param acapy.image.pullPolicy
@@ -421,6 +415,30 @@ acapy:
421415
admin: 8022
422416
ws: 8023
423417

418+
## @param acapy.secrets.api.retainOnUninstall When true, adds helm.sh/resource-policy: keep to generated api secret
419+
## @param acapy.secrets.api.existingSecret Name of an existing Secret providing API related keys. If set, the chart will NOT create the api secret.
420+
## @param acapy.secrets.api.secretKeys.adminApiKey Key in the API secret holding the admin API key.
421+
## @param acapy.secrets.api.secretKeys.jwtKey Key in the API secret holding the multitenant JWT signing secret.
422+
## @param acapy.secrets.api.secretKeys.walletKey Key in the API secret holding the wallet key.
423+
## @param acapy.secrets.api.secretKeys.webhookapiKey Key in the API secret holding the webhook API key (used when embedding in webhook-url).
424+
## @param acapy.secrets.seed.retainOnUninstall When true, adds helm.sh/resource-policy: keep to generated seed secret
425+
## @param acapy.secrets.seed.existingSecret Name of an existing Secret providing the wallet seed. If set, the chart will NOT create the seed secret.
426+
## @param acapy.secrets.seed.secretKeys.seed Key in the seed secret holding the wallet seed value.
427+
secrets:
428+
api:
429+
retainOnUninstall: true
430+
existingSecret: ""
431+
secretKeys:
432+
adminApiKey: adminApiKey
433+
jwtKey: jwt
434+
walletKey: walletKey
435+
webhookapiKey: webhookapi
436+
seed:
437+
retainOnUninstall: true
438+
existingSecret: ""
439+
secretKeys:
440+
seed: seed
441+
424442
## @section Acapy NetworkPolicy parameters
425443

426444
## Add networkpolicies

0 commit comments

Comments
 (0)