Skip to content

Commit

Permalink
fix: replace KeyCloak with Keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
@florianrusch-zf
florianrusch-zf committed Dec 1, 2023
1 parent 4139063 commit 44f8e85
Show file tree
Hide file tree
Showing 17 changed files with 129 additions and 129 deletions.
8 changes: 4 additions & 4 deletions blog/2023-11-22-release_tutorials.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ This new section aims to provide structured and detailed educational content for

## Details of the First E2E Adopter Journey Tutorial

This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other.
It also explains the basic connection with the core services (e.g. KeyCloak and MIW), as provided by an operating company.
This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other.
It also explains the basic connection with the core services (e.g. Keycloak and MIW), as provided by an operating company.

![Five steps to gain value](@site/static/img/five_steps_to_gain_value.drawio.svg)

Expand All @@ -48,7 +48,7 @@ Please dont forget to add the label `documentation` to your discussion.

:::

### Accessing the Tutorial
### Accessing the Tutorial

The E2E Adopter Journey Tutorial is now available and can be accessed through the [Tractus-X tutorial section](https://eclipse-tractusx.github.io/docs/tutorials). We invite our community members to engage with this new resource and enhance their understanding of the Tractus-X ecosystem.

Expand All @@ -61,6 +61,6 @@ For further information and to access the tutorial, please visit the [Tractus-X
## Stay Connected

Follow our [news section](https://eclipse-tractusx.github.io/blog) and join our [Tractus-X mailing list](https://eclipse-tractusx.github.io/docs/oss/how-to-contribute/#dev-mailinglist)
and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org)
and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org)

For more details about Tractus-X, visit the official [Eclipse Tractus-X Project Page](https://projects.eclipse.org/projects/automotive.tractusx).
72 changes: 36 additions & 36 deletions docs-kits/kits/knowledge-agents/operation-view/deployment.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ title: Deployment
---
<!--
* Copyright (c) 2021,2023 T-Systems International GmbH
* Copyright (c) 2021,2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2021,2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2021,2023 Mercedes-Benz AG
* Copyright (c) 2021,2023 ZF Friedrichshafen AG
* Copyright (c) 2021,2023 SAP SE
Expand Down Expand Up @@ -100,13 +100,13 @@ As a function provider, you want to
Knowledge Agents on Stable is deployed on the following two tenants
- App Provider 1 (BPNL000000000001)
- Agent-Enabled Dataspace Connector
- In-Memory Hashicorp-Vault Control Plane
- In-Memory Hashicorp-Vault Control Plane
- Hashicorp-Vault Agent Data Plane
- Provisioning Agent incl. Local Database
- Remoting Agent
- App Consumer 4 (BPNL0000000005VV)
- Agent-Enabled Dataspace Connector
- In-Memory Hashicorp-Vault Control Plane
- In-Memory Hashicorp-Vault Control Plane
- Hashicorp-Vault Agent Data Plane

### 1. Prepare the Two Tenants
Expand Down Expand Up @@ -151,8 +151,8 @@ source:
id: BPNL000000000001
nameOverride: agent-connector-provider
fullnameOverride: agent-connector-provider
vault:
hashicorp:
vault:
hashicorp:
enabled: true
url: https://vault.demo.catena-x.net
token: ****
Expand All @@ -166,25 +166,25 @@ source:
transferProxyTokenSignerPublicKey: oem-cert
transferProxyTokenEncryptionAesKey: oem-symmetric-key
controlplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
ssi:
ssi:
miw:
# -- MIW URL
url: "https://managed-identity-wallets-new.stable.demo.catena-x.net"
# -- The BPN of the issuer authority
authorityId: "BPNL00000003CRHK"
oauth:
# -- The URL (of KeyCloak), where access tokens can be obtained
# -- The URL (of Keycloak), where access tokens can be obtained
tokenurl: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
client:
# -- The client ID for KeyCloak
# -- The client ID for Keycloak
id: "sa4"
# -- The alias under which the client secret is stored in the vault.
secretAlias: "stable-provider-miw"
endpoints:
secretAlias: "stable-provider-miw"
endpoints:
management:
authKey: ****
## Ingress declaration to expose the network service.
Expand All @@ -202,11 +202,11 @@ source:
enabled: true
dataplanes:
dataplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
configs:
configs:
dataspace.ttl: |-
################################################
# Catena-X Agent Bootstrap
Expand Down Expand Up @@ -265,8 +265,8 @@ source:
id: BPNL0000000005VV
nameOverride: agent-connector-consumer
fullnameOverride: agent-connector-consumer
vault:
hashicorp:
vault:
hashicorp:
enabled: true
url: https://vault.demo.catena-x.net
token: ****
Expand All @@ -280,25 +280,25 @@ source:
transferProxyTokenSignerPublicKey: consumer-cert
transferProxyTokenEncryptionAesKey: consumer-symmetric-key
controlplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
ssi:
ssi:
miw:
# -- MIW URL
url: "https://managed-identity-wallets-new.stable.demo.catena-x.net"
# -- The BPN of the issuer authority
authorityId: "BPNL00000003CRHK"
oauth:
# -- The URL (of KeyCloak), where access tokens can be obtained
# -- The URL (of Keycloak), where access tokens can be obtained
tokenurl: "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
client:
# -- The client ID for KeyCloak
# -- The client ID for Keycloak
id: "sa5"
# -- The alias under which the client secret is stored in the vault.
secretAlias: "stable-consumer-miw"
endpoints:
secretAlias: "stable-consumer-miw"
endpoints:
management:
authKey: ***
## Ingress declaration to expose the network service.
Expand All @@ -316,11 +316,11 @@ source:
enabled: true
dataplanes:
dataplane:
securityContext:
securityContext:
readOnlyRootFilesystem: false
image:
image:
pullPolicy: Always
configs:
configs:
dataspace.ttl: |-
################################################
# Catena-X Agent Bootstrap
Expand Down Expand Up @@ -411,28 +411,28 @@ source:
obda: https://w3id.org/obda/vocabulary#
rdfs: http://www.w3.org/2000/01/rdf-schema#
oem: urn:oem:
[MappingDeclaration] @collection [[
mappingId dtc-meta
target bpnl:{bpnl} rdf:type cx-common:BusinessPartner ; cx-core:id {bpnl}^^xsd:string .
target bpnl:{bpnl} rdf:type cx-common:BusinessPartner ; cx-core:id {bpnl}^^xsd:string .
source SELECT distinct "bpnl" FROM "dtc"."meta"
mappingId dtc-content
target oem:Analysis/{id} rdf:type cx-reliability:Analysis ; cx-core:id {code}^^xsd:string ; cx-core:name {description}^^xsd:string .
source SELECT * FROM "dtc"."content"
mappingId dtc-part
target oem:Part/{entityGuid} rdf:type cx-vehicle:Part ; cx-core:id {enDenomination}^^xsd:string ; cx-core:name {classification}^^xsd:string .
source SELECT * FROM "dtc"."part"
mappingId dtc-meta-part
target oem:Part/{entityGuid} cx-vehicle:manufacturer bpnl:{bpnl}.
target oem:Part/{entityGuid} cx-vehicle:manufacturer bpnl:{bpnl}.
source SELECT "bpnl","entityGuid" FROM "dtc"."part"
mappingId dtc-part-content
target oem:Analysis/{dtc_id} cx-reliability:analysedObject oem:Part/{part_entityGuid}.
target oem:Analysis/{dtc_id} cx-reliability:analysedObject oem:Part/{part_entityGuid}.
source SELECT "part_entityGuid","dtc_id" FROM "dtc"."content_part"
]]
chart: provisioning-agent
destination:
Expand Down
14 changes: 7 additions & 7 deletions docs-kits/kits/tractusx-edc/charts/tractusx-connector-azure-vault/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
- the [Managed Identity Walled (MIW)](https://github.com/catenax-ng/tx-managed-identity-wallets) must be running and reachable via network
- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
Portal during participant onboarding
- KeyCloak must be running and reachable via network
- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
- Keycloak must be running and reachable via network
- an account with Keycloak must be created for this BPN and the connector must be able to obtain access tokens
- the client ID and client secret corresponding to that account must be known

### Preparatory work

- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- store your Keycloak client secret in the Azure KeyVault. The exact procedure is as follows:

```bash
az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
Expand All @@ -36,8 +36,8 @@ Be sure to provide the following configuration entries to your Tractus-X EDC Hel

- `controlplane.ssi.miw.url`: the URL
- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
- `controlplane.ssi.oauth.tokenurl`: the URL (of Keycloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for Keycloak
- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

### Launching the application
Expand Down Expand Up @@ -160,9 +160,9 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
| controlplane.ssi.miw.url | string | `""` | MIW URL |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for Keycloak |
| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of Keycloak), where access tokens can be obtained |
| controlplane.tolerations | list | `[]` | |
| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
Expand Down
14 changes: 7 additions & 7 deletions docs-kits/kits/tractusx-edc/charts/tractusx-connector-memory/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ A Helm chart for Tractus-X Eclipse Data Space Connector based on memory. Please
- the [Managed Identity Walled (MIW)](https://github.com/catenax-ng/tx-managed-identity-wallets) must be running and reachable via network
- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
Portal during participant onboarding
- KeyCloak must be running and reachable via network
- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
- Keycloak must be running and reachable via network
- an account with Keycloak must be created for this BPN and the connector must be able to obtain access tokens
- the client ID and client secret corresponding to that account must be known

### Preparatory work

- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
- store your Keycloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.

### Configure the chart
Expand All @@ -28,8 +28,8 @@ Be sure to provide the following configuration entries to your Tractus-X EDC Hel

- `runtime.ssi.miw.url`: the URL
- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority
- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
- `runtime.ssi.oauth.client.id`: client ID for KeyCloak
- `runtime.ssi.oauth.tokenurl`: the URL (of Keycloak), where access tokens can be obtained
- `runtime.ssi.oauth.client.id`: client ID for Keycloak
- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

### Launching the application
Expand Down Expand Up @@ -155,9 +155,9 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.5.0 \
| runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
| runtime.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
| runtime.ssi.miw.url | string | `""` | MIW URL |
| runtime.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
| runtime.ssi.oauth.client.id | string | `""` | The client ID for Keycloak |
| runtime.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
| runtime.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
| runtime.ssi.oauth.tokenurl | string | `""` | The URL (of Keycloak), where access tokens can be obtained |
| runtime.tolerations | list | `[]` | |
| runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
| runtime.url.public | string | `""` | |
Expand Down
14 changes: 7 additions & 7 deletions docs-kits/kits/tractusx-edc/charts/tractusx-connector/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
- the [Managed Identity Walled (MIW)](https://github.com/catenax-ng/tx-managed-identity-wallets) must be running and reachable via network
- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
Portal during participant onboarding
- KeyCloak must be running and reachable via network
- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
- Keycloak must be running and reachable via network
- an account with Keycloak must be created for this BPN and the connector must be able to obtain access tokens
- the client ID and client secret corresponding to that account must be known

### Preparatory work

- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
- store your Keycloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.

### Configure the chart
Expand All @@ -31,8 +31,8 @@ Be sure to provide the following configuration entries to your Tractus-X EDC Hel

- `controlplane.ssi.miw.url`: the URL
- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
- `controlplane.ssi.oauth.tokenurl`: the URL (of Keycloak), where access tokens can be obtained
- `controlplane.ssi.oauth.client.id`: client ID for Keycloak
- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

### Launching the application
Expand Down Expand Up @@ -152,9 +152,9 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.5.0 \
| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
| controlplane.ssi.miw.url | string | `""` | MIW URL |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
| controlplane.ssi.oauth.client.id | string | `""` | The client ID for Keycloak |
| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of Keycloak), where access tokens can be obtained |
| controlplane.tolerations | list | `[]` | |
| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
Expand Down
Loading

0 comments on commit 44f8e85

Please sign in to comment.