enhance Helm chart to configure Ditto services via ConfigMap

* instead of configuring via System Properties
eclipse-ditto · Oct 25, 2024 · af37e35 · af37e35
1 parent 275219c
commit af37e35
Show file tree

Hide file tree

Showing 16 changed files with 527 additions and 135 deletions.
diff --git a/deployment/helm/ditto/service-config/connectivity-extension.conf.tpl b/deployment/helm/ditto/service-config/connectivity-extension.conf.tpl
@@ -0,0 +1,14 @@
+# Ditto "Connectivity" configuration extension file to be placed at /opt/ditto/connectivity-extension.conf
+ditto {
+  connectivity {
+    connection {
+      event {
+        historical-headers-to-persist = [
+        {{- range $index, $header := .Values.connectivity.config.persistence.events.historicalHeadersToPersist }}
+          "{{$header}}"
+        {{- end }}
+        ]
+      }
+    }
+  }
+}
diff --git a/deployment/helm/ditto/service-config/gateway-extension.conf.tpl b/deployment/helm/ditto/service-config/gateway-extension.conf.tpl
@@ -0,0 +1,48 @@
+# Ditto "Gateway" configuration extension file to be placed at /opt/ditto/gateway-extension.conf
+ditto {
+  gateway {
+    authentication {
+      oauth {
+        openid-connect-issuers {
+        {{- range $key, $value := .Values.gateway.config.authentication.oauth.openidConnectIssuers }}
+          {{$key}} = {
+            issuer = "{{$value.issuer}}"
+            auth-subjects = [
+            {{- range $index, $subject := $value.authSubjects }}
+              "{{$subject}}"
+            {{- end }}
+            ]
+          }
+        {{- end }}
+        }
+      }
+
+      devops {
+        oauth {
+          openid-connect-issuers {
+          {{- range $key, $value := .Values.gateway.config.authentication.devops.oauth.openidConnectIssuers }}
+            {{$key}} = {
+              issuer = "{{$value.issuer}}"
+              auth-subjects = [
+              {{- range $index, $subject := $value.authSubjects }}
+                "{{$subject}}"
+              {{- end }}
+              ]
+            }
+          {{- end }}
+          }
+        }
+        devops-oauth2-subjects = [
+        {{- range $index, $oauthSubject := .Values.gateway.config.authentication.devops.oauthSubjects }}
+          "{{$oauthSubject}}"
+        {{- end }}
+        ]
+        status-oauth2-subjects = [
+        {{- range $index, $oauthSubject := .Values.gateway.config.authentication.devops.statusOauthSubjects }}
+          "{{$oauthSubject}}"
+        {{- end }}
+        ]
+      }
+    }
+  }
+}
diff --git a/deployment/helm/ditto/service-config/policies-extension.conf.tpl b/deployment/helm/ditto/service-config/policies-extension.conf.tpl
@@ -0,0 +1,50 @@
+# Ditto "Policies" configuration extension file to be placed at /opt/ditto/policies-extension.conf
+ditto {
+  entity-creation {
+    grant = [
+    {{- range $grantIdx, $grant := .Values.policies.config.entityCreation.grants }}
+      {
+        resource-types = ["policy"]
+        namespaces = [
+        {{- range $namespaceIdx, $namespace := $grant.namespaces }}
+          "{{$namespace}}"
+        {{- end }}
+        ]
+        auth-subjects = [
+        {{- range $subjectIdx, $subject := $grant.authSubjects }}
+          "{{$subject}}"
+        {{- end }}
+        ]
+      }
+    {{- end }}
+    ]
+    revoke = [
+    {{- range $revokeIdx, $revoke := .Values.policies.config.entityCreation.revokes }}
+      {
+        resource-types = ["policy"]
+        namespaces = [
+        {{- range $namespaceIdx, $namespace := $revoke.namespaces }}
+          "{{$namespace}}"
+        {{- end }}
+        ]
+        auth-subjects = [
+        {{- range $subjectIdx, $subject := $revoke.authSubjects }}
+          "{{$subject}}"
+        {{- end }}
+        ]
+      }
+    {{- end }}
+    ]
+  }
+  policies {
+    policy {
+      event {
+        historical-headers-to-persist = [
+        {{- range $index, $header := .Values.policies.config.persistence.events.historicalHeadersToPersist }}
+          "{{$header}}"
+        {{- end }}
+        ]
+      }
+    }
+  }
+}
diff --git a/deployment/helm/ditto/service-config/search-extension.conf.tpl b/deployment/helm/ditto/service-config/search-extension.conf.tpl
@@ -0,0 +1,87 @@
+# Ditto "Things Search" configuration extension file to be placed at /opt/ditto/search-extension.conf
+ditto {
+  {{- if .Values.thingsSearch.config.indexedFieldsLimiting.enabled }}
+  extensions {
+    caching-signal-enrichment-facade-provider = "org.eclipse.ditto.thingsearch.service.persistence.write.streaming.SearchIndexingSignalEnrichmentFacadeProvider"
+  }
+  {{- end }}
+
+  search {
+    {{- if .Values.thingsSearch.config.indexedFieldsLimiting.enabled }}
+    namespace-indexed-fields = [
+      {{- range $index, $value := .Values.thingsSearch.config.indexedFieldsLimiting.items }}
+      {
+        namespace-pattern = "{{$value.namespacePattern}}"
+        indexed-fields = [
+        {{- range $fieldIndex, $indexedField := $value.indexedFields }}
+         "{{$indexedField}}"
+        {{- end }}
+        ]
+      }
+      {{- end }}
+    ]
+    {{- end }}
+
+    operator-metrics {
+      custom-metrics {
+        {{- range $cmKey, $cmValue := .Values.thingsSearch.config.operatorMetrics.customMetrics }}
+        {{$cmKey}} = {
+          enabled = {{$cmValue.enabled}}
+          {{- if $cmValue.scrapeInterval }}
+          scrape-interval = "{{$cmValue.scrapeInterval}}"
+          {{- end }}
+          namespaces = [
+          {{- range $index, $namespace := $cmValue.namespaces }}
+            "{{$namespace}}"
+          {{- end }}
+          ]
+          filter = "{{$cmValue.filter}}"
+          tags {
+          {{- range $tagKey, $tagValue := $cmValue.tags }}
+            {{$tagKey}} = "{{$tagValue}}"
+          {{- end }}
+          }
+        }
+        {{- end }}
+      }
+
+      custom-aggregation-metrics {
+        {{- range $camKey, $camValue := .Values.thingsSearch.config.operatorMetrics.customAggregationMetrics }}
+        {{$camKey}} = {
+          enabled = {{$camValue.enabled}}
+          {{- if $camValue.scrapeInterval }}
+          scrape-interval = "{{$camValue.scrapeInterval}}"
+          {{- end }}
+          namespaces = [
+          {{- range $index, $namespace := $camValue.namespaces }}
+            "{{$namespace}}"
+          {{- end }}
+          ]
+          group-by {
+          {{- range $gbKey, $gbValue := $camValue.groupBy }}
+            {{$gbKey}} = "{{$gbValue}}"
+          {{- end }}
+          }
+          tags {
+          {{- range $tagKey, $tagValue := $camValue.tags }}
+            {{$tagKey}} = "{{$tagValue}}"
+          {{- end }}
+          }
+          filters {
+          {{- range $filterKey, $filterValue := $camValue.filters }}
+            {{$filterKey}} {
+              filter = "{{$filterValue.filter}}"
+              inline-placeholder-values {
+              {{- range $inlinePlaceholderKey, $inlinePlaceholderValue := $filterValue.inlinePlaceholderValues }}
+                {{$inlinePlaceholderKey}} = "{{$inlinePlaceholderValue}}"
+              {{- end }}
+              }
+            }
+          {{- end }}
+          }
+        }
+        {{- end }}
+      }
+    }
+  }
+}
diff --git a/deployment/helm/ditto/service-config/things-extension.conf.tpl b/deployment/helm/ditto/service-config/things-extension.conf.tpl
@@ -0,0 +1,126 @@
+# Ditto "Things" configuration extension file to be placed at /opt/ditto/things-extension.conf
+ditto {
+  entity-creation {
+    grant = [
+    {{- range $grantIdx, $grant := .Values.things.config.entityCreation.grants }}
+      {
+        resource-types = ["thing"]
+        namespaces = [
+        {{- range $namespaceIdx, $namespace := $grant.namespaces }}
+          "{{$namespace}}"
+        {{- end }}
+        ]
+        auth-subjects = [
+        {{- range $subjectIdx, $subject := $grant.authSubjects }}
+          "{{$subject}}"
+        {{- end }}
+        ]
+      }
+    {{- end }}
+    ]
+    revoke = [
+    {{- range $revokeIdx, $revoke := .Values.things.config.entityCreation.revokes }}
+      {
+        resource-types = ["thing"]
+        namespaces = [
+        {{- range $namespaceIdx, $namespace := $revoke.namespaces }}
+          "{{$namespace}}"
+        {{- end }}
+        ]
+        auth-subjects = [
+        {{- range $subjectIdx, $subject := $revoke.authSubjects }}
+          "{{$subject}}"
+        {{- end }}
+        ]
+      }
+    {{- end }}
+    ]
+  }
+  things {
+    thing {
+      event {
+        historical-headers-to-persist = [
+        {{- range $index, $header := .Values.things.config.persistence.events.historicalHeadersToPersist }}
+          "{{$header}}"
+        {{- end }}
+        ]
+      }
+    }
+
+    wot {
+      to-thing-description {
+        json-template {{ .Values.things.config.wot.tdJsonTemplate | indent 8 }}
+      }
+
+      tm-model-validation {
+        dynamic-configuration = [
+        {{- range $dynConfIdx, $dynamicWotTmValidationConfig := .Values.things.config.wot.tmValidation.dynamicConfig }}
+          {
+            validation-context {
+            {{- if $dynamicWotTmValidationConfig.validationContext.dittoHeadersPatterns }}
+            {{- if gt (len $dynamicWotTmValidationConfig.validationContext.dittoHeadersPatterns) 0 }}
+              ditto-headers-patterns = [
+              {{- range $dhpIdx, $dittoHeadersPatterns := $dynamicWotTmValidationConfig.validationContext.dittoHeadersPatterns }}
+                {
+                  {{- range $dhpKey, $dhpVal := $dittoHeadersPatterns }}
+                  {{$dhpKey}} = "{{$dhpVal}}"
+                  {{- end }}
+                }
+              {{- end }}
+              ]
+            {{- end }}
+            {{- end }}
+            {{- if $dynamicWotTmValidationConfig.validationContext.thingDefinitionPatterns }}
+            {{- if gt (len $dynamicWotTmValidationConfig.validationContext.thingDefinitionPatterns) 0 }}
+              thing-definition-patterns = [
+              {{- range $tdpIdx, $thingDefinitionPattern := $dynamicWotTmValidationConfig.validationContext.thingDefinitionPatterns }}
+                "{{$thingDefinitionPattern}}"
+              {{- end }}
+              ]
+            }
+            {{- end }}
+            {{- end }}
+            {{- if $dynamicWotTmValidationConfig.validationContext.featureDefinitionPatterns }}
+            {{- if gt (len $dynamicWotTmValidationConfig.validationContext.featureDefinitionPatterns) 0 }}
+              feature-definition-patterns = [
+              {{- range $fdpIdx, $featureDefinitionPattern := $dynamicWotTmValidationConfig.validationContext.featureDefinitionPatterns }}
+                "{{$featureDefinitionPattern}}"
+              {{- end }}
+              ]
+            }
+            {{- end }}
+            {{- end }}
+            config-overrides {
+            {{- range $configOverridesKey, $configOverridesValue := $dynamicWotTmValidationConfig.configOverrides }}
+            {{- if or (eq (kindOf $configOverridesValue) "map") (eq (kindOf $configOverridesValue) "slice") }}
+              {{$configOverridesKey}} {
+              {{- range $nested1ConfigOverridesKey, $nested1ConfigOverridesValue := $configOverridesValue }}
+              {{- if or (eq (kindOf $nested1ConfigOverridesValue) "map") (eq (kindOf $nested1ConfigOverridesValue) "slice") }}
+                {{$nested1ConfigOverridesKey}} {
+                {{- range $nested2ConfigOverridesKey, $nested2ConfigOverridesValue := $nested1ConfigOverridesValue }}
+                {{- if not (kindIs "invalid" $nested2ConfigOverridesValue) }}
+                  {{$nested2ConfigOverridesKey}} = {{$nested2ConfigOverridesValue}}
+                {{- end }}
+                {{- end }}
+                }
+              {{- else }}
+                {{- if not (kindIs "invalid" $nested1ConfigOverridesValue) }}
+                  {{$nested1ConfigOverridesKey}} = {{$nested1ConfigOverridesValue}}
+                {{- end }}
+              {{- end }}
+              {{- end }}
+              }
+            {{- else }}
+              {{- if not (kindIs "invalid" $configOverridesValue) }}
+              {{$configOverridesKey}} = {{$configOverridesValue}}
+              {{- end }}
+            {{- end }}
+            {{- end }}
+            }
+          }
+        {{- end }}
+        ]
+      }
+    }
+  }
+}
diff --git a/deployment/helm/ditto/templates/connectivity-configmap.yaml b/deployment/helm/ditto/templates/connectivity-configmap.yaml
@@ -0,0 +1,26 @@
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0
+#
+# SPDX-License-Identifier: EPL-2.0
+{{- $releaseName := .Release.Name -}}
+{{- $name := include "ditto.name" . -}}
+{{- $labels := include "ditto.labels" . -}}
+{{ $root := . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $releaseName }}-service-config-connectivity-extension-conf
+  labels:
+    app.kubernetes.io/name: {{ $name }}-service-config-connectivity-extension-conf
+{{ $labels | indent 4 }}
+data:
+  connectivity-extension.conf: |-
+{{ tpl ($root.Files.Get "service-config/connectivity-extension.conf.tpl") $ | indent 4 }}
+---