mosip · ckm007 · Dec 4, 2024 · Dec 4, 2024
diff --git a/deploy/ida-apitestrig/install.sh b/deploy/ida-apitestrig/install.sh
@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=ida
-CHART_VERSION=0.0.1-develop
+CHART_VERSION=1.3.0-beta.1-develop
 COPY_UTIL=../copy_cm_func.sh
 
 echo Create $NS namespace

diff --git a/deploy/ida/install.sh b/deploy/ida/install.sh
@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=ida
-CHART_VERSION=0.0.1-develop
+CHART_VERSION=1.3.0-beta.1-develop
 COPY_UTIL=../copy_cm_func.sh
 
 echo Create $NS namespace

diff --git a/helm/ida-auth/Chart.yaml b/helm/ida-auth/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ida-auth
 description: A Helm chart for MOSIP IDA module
 type: application
-version: 0.0.1-develop
+version: 1.3.0-beta.1-develop
 appVersion: ""
 dependencies:
   - name: common

diff --git a/helm/ida-auth/values.yaml b/helm/ida-auth/values.yaml
@@ -12,23 +12,18 @@
 ##
 commonLabels:
   app.kubernetes.io/component: mosip
-
 ## Add annotations to all the deployed resources
 ##
 commonAnnotations: {}
-
 ## Kubernetes Cluster Domain
 ##
 clusterDomain: cluster.local
-
 ## Extra objects to deploy (value evaluated as a template)
 ##
 extraDeploy: []
-
 ## Number of nodes
 ##
 replicaCount: 1
-
 service:
   type: ClusterIP
   port: 80
@@ -49,11 +44,10 @@ service:
   ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
   ##
   externalTrafficPolicy: Cluster
-
 image:
   registry: docker.io
   repository: mosipqa/authentication-service
-  tag: develop
+  tag: 1.3.x
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -65,10 +59,8 @@ image:
   ##
   # pullSecrets:
   #   - myRegistryKeySecretName
-
 ## Port on which this particular spring service module is running.
 springServicePort: 8090
-
 ## Configure extra options for liveness and readiness probes
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
 ##
@@ -82,7 +74,6 @@ startupProbe:
   timeoutSeconds: 5
   failureThreshold: 30
   successThreshold: 1
-
 livenessProbe:
   enabled: true
   httpGet:
@@ -93,7 +84,6 @@ livenessProbe:
   timeoutSeconds: 5
   failureThreshold: 6
   successThreshold: 1
-
 readinessProbe:
   enabled: true
   httpGet:
@@ -104,20 +94,17 @@ readinessProbe:
   timeoutSeconds: 5
   failureThreshold: 6
   successThreshold: 1
-
 ##
 # existingConfigmap:
 
 ## Command and args for running the container (set to default if not set). Use array form
 ##
 command: []
 args: []
-
 ## Deployment pod host aliases
 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
 ##
 hostAliases: []
-
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 ##
 resources:
@@ -131,37 +118,31 @@ resources:
   requests:
     cpu: 100m
     memory: 1000Mi
-
 additionalResources:
   ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
   ## Example: java_opts: "-Xms500M -Xmx500M"
   javaOpts: "-Xms2000M -Xmx2000M"
-
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
 ## Clamav container already runs as 'mosip' user, so we may not need to enable this
 containerSecurityContext:
   enabled: false
   runAsUser: mosip
   runAsNonRoot: true
-
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ##
 podSecurityContext:
   enabled: false
   fsGroup: 1001
-
 ## Pod affinity preset
 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
 ## Allowed values: soft, hard
 ##
 podAffinityPreset: ""
-
 ## Pod anti-affinity preset
 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
 ## Allowed values: soft, hard
 ##
 podAntiAffinityPreset: soft
-
 ## Node affinity preset
 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
 ## Allowed values: soft, hard
@@ -183,32 +164,26 @@ nodeAffinityPreset:
   ##   - e2e-az2
   ##
   values: []
-
 ## Affinity for pod assignment. Evaluated as a template.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 ##
 affinity: {}
-
 ## Node labels for pod assignment. Evaluated as a template.
 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
 ##
 nodeSelector: {}
-
 ## Tolerations for pod assignment. Evaluated as a template.
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
 tolerations: []
-
 ## Pod extra labels
 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 ##
 podLabels: {}
-
 ## Annotations for server pods.
 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 ##
 podAnnotations: {}
-
 ##  pods' priority.
 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
 ##
@@ -217,51 +192,42 @@ podAnnotations: {}
 ## lifecycleHooks for the  container to automate configuration before or after startup.
 ##
 lifecycleHooks: {}
-
 ## Custom Liveness probes for
 ##
 customLivenessProbe: {}
-
 ## Custom Rediness probes
 ##
 customReadinessProbe: {}
-
 ## Update strategy - only really applicable for deployments with RWO PVs attached
 ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
 ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
 ## terminate the single previous pod, so that the new, incoming pod can attach to the PV
 ##
 updateStrategy:
   type: RollingUpdate
-
 ## Additional environment variables to set
 ## Example:
 ## extraEnvVars:
 ##   - name: FOO
 ##     value: "bar"
 ##
 extraEnvVars: []
-
 ## ConfigMap with extra environment variables that used
 ##
 extraEnvVarsCM:
   - global
   - config-server-share
   - artifactory-share
   - softhsm-ida-share
-
 ## Secret with extra environment variables
 ##
 extraEnvVarsSecret: []
-
 ## Extra volumes to add to the deployment
 ##
 extraVolumes: []
-
 ## Extra volume mounts to add to the container
 ##
 extraVolumeMounts: []
-
 ## Add init containers to the  pods.
 ## Example:
 ## initContainers:
@@ -276,17 +242,7 @@ initContainers:
   - command:
       - /bin/bash
       - -c
-      - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host"
-        |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST
-        $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST"
-        -connect "$HOST":443  > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN
-        CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool
-        -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts  -storepass
-        changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts"
-        -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer"
-        ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host;
-        EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts;
-        fi
+      - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" -connect "$HOST":443  > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts  -storepass changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; fi
     env:
       - name: ENABLE_INSECURE
         value: "true"
@@ -304,7 +260,6 @@ initContainers:
     volumeMounts:
       - mountPath: /cacerts
         name: cacerts
-
 ## Add sidecars to the  pods.
 ## Example:
 ## sidecars:
@@ -316,7 +271,6 @@ initContainers:
 ##         containerPort: 1234
 ##
 sidecars: {}
-
 persistence:
   enabled: false
   ## If defined, storageClassName: <storageClass>
@@ -341,7 +295,6 @@ persistence:
   mountDir: /home/mosip/config/
   volume_name: config
   # pvc_claim_name: pkcs12-keys.p12
-
 ## Init containers parameters:
 ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
 ##
@@ -375,12 +328,10 @@ volumePermissions:
     ##   cpu: 100m
     ##   memory: 128Mi
     ##
-
 ## Specifies whether RBAC resources should be created
 ##
 rbac:
   create: true
-
 ## Specifies whether a ServiceAccount should be created
 ##
 serviceAccount:
@@ -389,7 +340,6 @@ serviceAccount:
   ## If not set and create is true, a name is generated using the fullname template
   ##
   name:
-
 ## Prometheus Metrics
 ##
 metrics:
@@ -399,7 +349,6 @@ metrics:
   ##
   podAnnotations:
     prometheus.io/scrape: "true"
-
   endpointPath: /idauthentication/v1/actuator/prometheus
   ## Prometheus Service Monitor
   ## ref: https://github.com/coreos/prometheus-operator
@@ -427,7 +376,6 @@ metrics:
     ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
     ##
     additionalLabels: {}
-
   ## Custom PrometheusRule to be defined
   ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
   ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
@@ -445,7 +393,6 @@ metrics:
     #     labels:
     #       severity: error
     rules: []
-
 ## IDA Auth needs both internal & external access.
 istio:
   enabled: true
@@ -467,8 +414,6 @@ istio:
         prefix: /idauthentication/v1/identity-key-binding
     - uri:
         prefix: /idauthentication/v1/vci-exchange
-
 enable_insecure: false
-
 springConfigNameEnv:
 activeProfileEnv:
diff --git a/helm/ida-internal/Chart.yaml b/helm/ida-internal/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ida-internal
 description: A Helm chart for MOSIP IDA module
 type: application
-version: 0.0.1-develop
+version: 1.3.0-beta.1-develop
 appVersion: ""
 dependencies:
   - name: common