Skip to content

Commit

Permalink
Merge pull request #519 from florianrusch-zf/fix/518-fix-keycloak-spe…
Browse files Browse the repository at this point in the history 
…lling

fix: replace [kK]ey[cC]loac?k with [kK]eycloak
  • Loading branch information
@carslen
carslen authored Jan 26, 2024
2 parents 204cfdd + 7b7db15 commit 01e6616
Show file tree
Hide file tree
Showing 16 changed files with 101 additions and 101 deletions.
8 changes: 4 additions & 4 deletions blog/2023-11-22-release_tutorials.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ This new section aims to provide structured and detailed educational content for

## Details of the First E2E Adopter Journey Tutorial

This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other.
It also explains the basic connection with the core services (e.g. KeyCloak and MIW), as provided by an operating company.
This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other.
It also explains the basic connection with the core services (e.g. Keycloak and MIW), as provided by an operating company.

![Five steps to gain value](@site/static/img/five_steps_to_gain_value.drawio.svg)

Expand All @@ -48,7 +48,7 @@ Please dont forget to add the label `documentation` to your discussion.

:::

### Accessing the Tutorial
### Accessing the Tutorial

The E2E Adopter Journey Tutorial is now available and can be accessed through the [Tractus-X tutorial section](https://eclipse-tractusx.github.io/docs/tutorials). We invite our community members to engage with this new resource and enhance their understanding of the Tractus-X ecosystem.

Expand All @@ -61,6 +61,6 @@ For further information and to access the tutorial, please visit the [Tractus-X
## Stay Connected

Follow our [news section](https://eclipse-tractusx.github.io/blog) and join our [Tractus-X mailing list](https://eclipse-tractusx.github.io/docs/oss/how-to-contribute/#dev-mailinglist)
and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org)
and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org)

For more details about Tractus-X, visit the official [Eclipse Tractus-X Project Page](https://projects.eclipse.org/projects/automotive.tractusx).
6 changes: 3 additions & 3 deletions docs-kits/kits/Data Chain Kit/page_software-operation-view.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,11 @@ This local deployment is an easy installation with helm. This setup is built to

1. [Docker](https://docs.docker.com/get-docker/) is installed and the Docker deamon is running with at least 8GB of memory
2. [helm](https://helm.sh/docs/intro/install/) is installed
3. [Minikube](https://minikube.sigs.k8s.io/docs/start/) is installed and running.
3. [Minikube](https://minikube.sigs.k8s.io/docs/start/) is installed and running.
You can also use any other local Kubernetes cluster, this guide is just using Minikube as a reference.

```bash
minikube start --memory 8192 --cpus 2
minikube start --memory 8192 --cpus 2
```

_Optional_: enable minikube metrics
Expand Down Expand Up @@ -112,7 +112,7 @@ error: timed out waiting for the condition on deployments/irs-frontend
The minikube dashboard will give you feedback on how the status of the deployment currently is:

```bash
minikube dashboard
minikube dashboard
```

Make sure you select the namespace **irs**:
Expand Down
72 changes: 36 additions & 36 deletions docs-kits/kits/knowledge-agents/operation-view/deployment.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ title: Deployment
---
<!--
* Copyright (c) 2021,2023 T-Systems International GmbH
* Copyright (c) 2021,2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2021,2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2021,2023 Mercedes-Benz AG
* Copyright (c) 2021,2023 ZF Friedrichshafen AG
* Copyright (c) 2021,2023 SAP SE
Expand Down Expand Up @@ -100,13 +100,13 @@ As a function provider, you want to
Knowledge Agents on Stable is deployed on the following two tenants
- App Provider 1 (BPNL000000000001)
- Agent-Enabled Dataspace Connector
- In-Memory Hashicorp-Vault Control Plane
- In-Memory Hashicorp-Vault Control Plane
- Hashicorp-Vault Agent Data Plane
- Provisioning Agent incl. Local Database
- Remoting Agent
- App Consumer 4 (BPNL0000000005VV)
- Agent-Enabled Dataspace Connector
- In-Memory Hashicorp-Vault Control Plane
- In-Memory Hashicorp-Vault Control Plane
- Hashicorp-Vault Agent Data Plane

### 1. Prepare the Two Tenants
Expand Down Expand Up @@ -151,8 +151,8 @@ source:
id: BPNL000000000001
nameOverride: agent-connector-provider
fullnameOverride: agent-connector-provider
vault:
hashicorp:
vault:
hashicorp:
enabled: true
url: https://vault.demo.catena-x.net
token: ****
Expand All @@ -166,25 +166,25 @@ source:
transferProxyTokenSignerPublicKey: oem-cert
transferProxyTokenEncryptionAesKey: oem-symmetric-key
controlplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
ssi:
ssi:
miw:
# -- MIW URL
url: "https://managed-identity-wallets-new.stable.demo.catena-x.net"
# -- The BPN of the issuer authority
authorityId: "BPNL00000003CRHK"
oauth:
# -- The URL (of KeyCloak), where access tokens can be obtained
# -- The URL (of Keycloak), where access tokens can be obtained
tokenurl: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
client:
# -- The client ID for KeyCloak
# -- The client ID for Keycloak
id: "sa4"
# -- The alias under which the client secret is stored in the vault.
secretAlias: "stable-provider-miw"
endpoints:
secretAlias: "stable-provider-miw"
endpoints:
management:
authKey: ****
## Ingress declaration to expose the network service.
Expand All @@ -202,11 +202,11 @@ source:
enabled: true
dataplanes:
dataplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
configs:
configs:
dataspace.ttl: |-
################################################
# Catena-X Agent Bootstrap
Expand Down Expand Up @@ -265,8 +265,8 @@ source:
id: BPNL0000000005VV
nameOverride: agent-connector-consumer
fullnameOverride: agent-connector-consumer
vault:
hashicorp:
vault:
hashicorp:
enabled: true
url: https://vault.demo.catena-x.net
token: ****
Expand All @@ -280,25 +280,25 @@ source:
transferProxyTokenSignerPublicKey: consumer-cert
transferProxyTokenEncryptionAesKey: consumer-symmetric-key
controlplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
ssi:
ssi:
miw:
# -- MIW URL
url: "https://managed-identity-wallets-new.stable.demo.catena-x.net"
# -- The BPN of the issuer authority
authorityId: "BPNL00000003CRHK"
oauth:
# -- The URL (of KeyCloak), where access tokens can be obtained
# -- The URL (of Keycloak), where access tokens can be obtained
tokenurl: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
client:
# -- The client ID for KeyCloak
# -- The client ID for Keycloak
id: "sa5"
# -- The alias under which the client secret is stored in the vault.
secretAlias: "stable-consumer-miw"
endpoints:
secretAlias: "stable-consumer-miw"
endpoints:
management:
authKey: ***
## Ingress declaration to expose the network service.
Expand All @@ -316,11 +316,11 @@ source:
enabled: true
dataplanes:
dataplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
configs:
configs:
dataspace.ttl: |-
################################################
# Catena-X Agent Bootstrap
Expand Down Expand Up @@ -411,28 +411,28 @@ source:
obda: https://w3id.org/obda/vocabulary#
rdfs: http://www.w3.org/2000/01/rdf-schema#
oem: urn:oem:
[MappingDeclaration] @collection [[
mappingId dtc-meta
target bpnl:{bpnl} rdf:type cx-common:BusinessPartner ; cx-core:id {bpnl}^^xsd:string .
target bpnl:{bpnl} rdf:type cx-common:BusinessPartner ; cx-core:id {bpnl}^^xsd:string .
source SELECT distinct "bpnl" FROM "dtc"."meta"
mappingId dtc-content
target oem:Analysis/{id} rdf:type cx-reliability:Analysis ; cx-core:id {code}^^xsd:string ; cx-core:name {description}^^xsd:string .
source SELECT * FROM "dtc"."content"
mappingId dtc-part
target oem:Part/{entityGuid} rdf:type cx-vehicle:Part ; cx-core:id {enDenomination}^^xsd:string ; cx-core:name {classification}^^xsd:string .
source SELECT * FROM "dtc"."part"
mappingId dtc-meta-part
target oem:Part/{entityGuid} cx-vehicle:manufacturer bpnl:{bpnl}.
target oem:Part/{entityGuid} cx-vehicle:manufacturer bpnl:{bpnl}.
source SELECT "bpnl","entityGuid" FROM "dtc"."part"
mappingId dtc-part-content
target oem:Analysis/{dtc_id} cx-reliability:analysedObject oem:Part/{part_entityGuid}.
target oem:Analysis/{dtc_id} cx-reliability:analysedObject oem:Part/{part_entityGuid}.
source SELECT "part_entityGuid","dtc_id" FROM "dtc"."content_part"
]]
chart: provisioning-agent
destination:
Expand Down
6 changes: 3 additions & 3 deletions ...d_docs/version-23.09/kits/Data Chain Kit/Success Stories/page_trace-x_story.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ All this saves' costs by seamlessly tracking parts as well as creates trust thro

![success2](@site/static/img/IRS2.png)

Applying and using the Item Relationship Service had the following benefits:
Applying and using the Item Relationship Service had the following benefits:

* With the decision using the IRS we could speed our development of Trace-X through out the scope of their helm charts including a running service with test data. That alone was very benefitial to have a stable environment with data
* With the decision using the IRS we could speed our development of Trace-X through out the scope of their helm charts including a running service with test data. That alone was very beneficial to have a stable environment with data
* The IRS fulfills a high level of quality in code which provides a reliable service
* The deployment via helm charts has been built so that it can fit in existing architecture components through out configuration like the Digital Twin Registry, the EDC, Semantic Hub, Keycloack and others. This enabled Trace-X to configure the Service smoothly into the architecture of the application
* The deployment via helm charts has been built so that it can fit in existing architecture components through out configuration like the Digital Twin Registry, the EDC, Semantic Hub, Keycloak and others. This enabled Trace-X to configure the Service smoothly into the architecture of the application
* The IRS abstracts the communication with partners along the supply chain, that makes it easy to build business processes on that. It abstracts a technical level to a logical level to enhance the speed of implementation of a Software Provider
* The IRS with the standardized API provides a data interoperability level on data chains
* The Team behind the IRS is fast in implementing and adapting new features
Expand Down
14 changes: 7 additions & 7 deletions ...version-23.09/kits/tractusx-edc/charts/tractusx-connector-azure-vault/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
- the [Managed Identity Walled (MIW)](https://github.com/catenax-ng/tx-managed-identity-wallets) must be running and reachable via network
- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
Portal during participant onboarding
- KeyCloak must be running and reachable via network
- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
- Keycloak must be running and reachable via network
- an account with Keycloak must be created for this BPN and the connector must be able to obtain access tokens
- the client ID and client secret corresponding to that account must be known

### Preparatory work

- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- store your Keycloak client secret in the Azure KeyVault. The exact procedure is as follows:

```bash
az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
Expand All @@ -36,8 +36,8 @@ Be sure to provide the following configuration entries to your Tractus-X EDC Hel

- `controlplane.ssi.miw.url`: the URL
- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
- `controlplane.ssi.oauth.tokenurl`: the URL (of Keycloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for Keycloak
- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

### Launching the application
Expand Down Expand Up @@ -160,9 +160,9 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
| controlplane.ssi.miw.url | string | `""` | MIW URL |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for Keycloak |
| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of Keycloak), where access tokens can be obtained |
| controlplane.tolerations | list | `[]` | |
| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
Expand Down
14 changes: 7 additions & 7 deletions ...docs/version-23.09/kits/tractusx-edc/charts/tractusx-connector-memory/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ A Helm chart for Tractus-X Eclipse Data Space Connector based on memory. Please
- the [Managed Identity Walled (MIW)](https://github.com/catenax-ng/tx-managed-identity-wallets) must be running and reachable via network
- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
Portal during participant onboarding
- KeyCloak must be running and reachable via network
- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
- Keycloak must be running and reachable via network
- an account with Keycloak must be created for this BPN and the connector must be able to obtain access tokens
- the client ID and client secret corresponding to that account must be known

### Preparatory work

- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
- store your Keycloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.

### Configure the chart
Expand All @@ -28,8 +28,8 @@ Be sure to provide the following configuration entries to your Tractus-X EDC Hel

- `runtime.ssi.miw.url`: the URL
- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority
- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
- `runtime.ssi.oauth.client.id`: client ID for KeyCloak
- `runtime.ssi.oauth.tokenurl`: the URL (of Keycloak), where access tokens can be obtained
- `runtime.ssi.oauth.client.id`: client ID for Keycloak
- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

### Launching the application
Expand Down Expand Up @@ -155,9 +155,9 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.5.0 \
| runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
| runtime.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
| runtime.ssi.miw.url | string | `""` | MIW URL |
| runtime.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
| runtime.ssi.oauth.client.id | string | `""` | The client ID for Keycloak |
| runtime.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
| runtime.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
| runtime.ssi.oauth.tokenurl | string | `""` | The URL (of Keycloak), where access tokens can be obtained |
| runtime.tolerations | list | `[]` | |
| runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
| runtime.url.public | string | `""` | |
Expand Down
Loading

0 comments on commit 01e6616

Please sign in to comment.