adds tutorial for connector deployment in local k8s cluster

.github/workflows/terraform.yaml

@@ -0,0 +1,24 @@
+name: Terraform
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'deployment/**'
+  pull_request:
+    paths:
+      - 'deployment/**'
+
+jobs:
+  Checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Check Terraform files are properly formatted (run "terraform fmt -recursive" to fix)'
+        run: |
+          terraform fmt -recursive
+          git diff --exit-code

deployment/.gitignore

@@ -0,0 +1,41 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Dependency lock file
+*.hcl
+
+# Keys
+id_rsa*
+*.pem

deployment/kind.config.yaml

@@ -0,0 +1,18 @@
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP

deployment/main.tf

@@ -0,0 +1,84 @@
+locals {
+  postgres_credentials_secret_name = "postgres-db"
+
+  docker_image_pull_secret_name = "dockerconfigjson-github-com"
+  base64Token                   = base64encode("${var.container_registry_username}:${var.container_registry_token}")
+  secretJson                    = "{\"auths\":{\"ghcr.io\":{\"auth\":\"${local.base64Token}\"}}}"
+
+  registration_service_mock_name = "registration-service-mock"
+  registration_service_mock_port = 8080
+  registration_service_mock_host = "${local.registration_service_mock_name}:${local.registration_service_mock_port}"
+}
+
+###################
+## POSTGRESQL DB ##
+###################
+
+module "db" {
+  source = "./modules/db"
+
+  participant_names = [for p in var.participants : p.name]
+}
+
+####################################
+## K8S SECRET WITH DB CREDENTIALS ##
+####################################
+
+resource "kubernetes_secret" "postgresql-db-secret" {
+
+  metadata {
+    name = local.postgres_credentials_secret_name
+  }
+
+  data = {
+    "username" = module.db.postgres_username
+    "password" = module.db.postgres_password
+  }
+}
+
+##############################
+## DOCKER IMAGE PULL SECRET ##
+##############################
+
+resource "kubernetes_secret_v1" "docker-image-pull-secret" {
+
+  metadata {
+    name = local.docker_image_pull_secret_name
+  }
+
+  data = {
+    ".dockerconfigjson" = local.secretJson
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+}
+
+#########################
+## EONA-X PARTICIPANTS ##
+#########################
+
+module "participant" {
+  source = "./modules/participant"
+
+  for_each                         = { for p in var.participants : p.name => p }
+  participant                      = each.value
+  postgres_host                    = module.db.postgres_host
+  registration_service_url         = "http://${local.registration_service_mock_host}"
+  postgres_credentials_secret_name = kubernetes_secret.postgresql-db-secret.metadata.0.name
+  docker_image_pull_secret_name    = local.docker_image_pull_secret_name
+  connector_docker_image_repo      = var.connector_docker_image_repo
+  connector_helm_chart_repo        = var.connector_helm_chart_repo
+  connector_version                = var.connector_version
+}
+
+###############################
+## REGISTRATION SERVICE MOCK ##
+###############################
+
+module "registration-service-mock" {
+  source = "./modules/registration-service-mock"
+
+  participants_did = [for p in module.participant : p.did_url]
+  name             = local.registration_service_mock_name
+  server_port      = local.registration_service_mock_port
+}

deployment/modules/db/init.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+
+## Participants DB initialization
+for db in ${participants}
+do
+  psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" -c "CREATE DATABASE $db"
+  psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$db" -a -f /docker-entrypoint-initdb.d/db_bootstrap_script.sql
+done

deployment/modules/db/main.tf

@@ -0,0 +1,117 @@
+locals {
+  pg_image    = "postgres:15.3-alpine3.18"
+  pg_username = "postgres"
+  pg_password = "postgres"
+
+  sql_files_path      = fileset(path.module, "sql/*.sql")
+  sql_files_full_path = formatlist("${path.module}/%s", local.sql_files_path)
+  sql_files           = [for p in local.sql_files_full_path : file(p)]
+  db_bootstrap_script = join("\n", local.sql_files)
+}
+
+resource "kubernetes_deployment" "postgres" {
+  metadata {
+    name = "postgres"
+    labels = {
+      app = "postgres"
+    }
+  }
+
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "postgres"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "postgres"
+        }
+      }
+      spec {
+        container {
+          image = local.pg_image
+          name  = "postgres"
+
+          env {
+            name  = "POSTGRES_USER"
+            value = local.pg_username
+          }
+
+          env {
+            name  = "POSTGRES_PASSWORD"
+            value = local.pg_password
+          }
+
+          port {
+            container_port = var.postgres_port
+            name           = "postgres-port"
+          }
+
+          volume_mount {
+            mount_path = "/docker-entrypoint-initdb.d/"
+            name       = "pg-initdb"
+          }
+
+          # Uncomment this to assign (more) resources
+          #          resources {
+          #            limits = {
+          #              cpu    = "2"
+          #              memory = "512Mi"
+          #            }
+          #            requests = {
+          #              cpu    = "250m"
+          #              memory = "50Mi"
+          #            }
+          #          }
+          liveness_probe {
+            exec {
+              command = ["pg_isready", "-U", "postgres"]
+            }
+            failure_threshold = 10
+            period_seconds    = 5
+            timeout_seconds   = 30
+          }
+        }
+        volume {
+          name = "pg-initdb"
+          config_map {
+            name = kubernetes_config_map.postgres-config.metadata.0.name
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_config_map" "postgres-config" {
+  metadata {
+    name = "pg-initdb-config"
+  }
+
+
+  data = {
+    "db_bootstrap_script.sql" = local.db_bootstrap_script
+    "init.sh" = templatefile("${path.module}/init.sh", {
+      participants : join(" ", var.participant_names)
+    })
+  }
+}
+
+resource "kubernetes_service" "pg-service" {
+  metadata {
+    name = "postgres"
+  }
+  spec {
+    selector = {
+      app = kubernetes_deployment.postgres.spec.0.template.0.metadata[0].labels.app
+    }
+    port {
+      name        = "pg-port"
+      port        = var.postgres_port
+      target_port = var.postgres_port
+    }
+  }
+}

deployment/modules/db/output.tf

@@ -0,0 +1,11 @@
+output "postgres_host" {
+  value = "${kubernetes_service.pg-service.metadata.0.name}:${var.postgres_port}"
+}
+
+output "postgres_username" {
+  value = local.pg_username
+}
+
+output "postgres_password" {
+  value = local.pg_password
+}

deployment/modules/db/providers.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}

deployment/modules/db/sql/asset.sql

@@ -0,0 +1,30 @@
+--
+--  Copyright (c) 2022 - 2023 Daimler TSS GmbH
+--
+--  This program and the accompanying materials are made available under the
+--  terms of the Apache License, Version 2.0 which is available at
+--  https://www.apache.org/licenses/LICENSE-2.0
+--
+--  SPDX-License-Identifier: Apache-2.0
+--
+--  Contributors:
+--       Daimler TSS GmbH - Initial SQL Query
+--       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - improvements
+--
+
+-- THIS SCHEMA HAS BEEN WRITTEN AND TESTED ONLY FOR POSTGRES
+
+-- table: edc_asset
+CREATE TABLE IF NOT EXISTS edc_asset
+(
+    asset_id           VARCHAR NOT NULL,
+    created_at         BIGINT  NOT NULL,
+    properties         JSON    DEFAULT '{}',
+    private_properties JSON    DEFAULT '{}',
+    data_address       JSON    DEFAULT '{}',
+    PRIMARY KEY (asset_id)
+);
+
+COMMENT ON COLUMN edc_asset.properties IS 'Asset properties serialized as JSON';
+COMMENT ON COLUMN edc_asset.private_properties IS 'Asset private properties serialized as JSON';
+COMMENT ON COLUMN edc_asset.data_address IS 'Asset DataAddress serialized as JSON';

deployment/modules/db/sql/contract-definition.sql

@@ -0,0 +1,27 @@
+--
+--  Copyright (c) 2022 Daimler TSS GmbH
+--
+--  This program and the accompanying materials are made available under the
+--  terms of the Apache License, Version 2.0 which is available at
+--  https://www.apache.org/licenses/LICENSE-2.0
+--
+--  SPDX-License-Identifier: Apache-2.0
+--
+--  Contributors:
+--       Daimler TSS GmbH - Initial SQL Query
+--       Microsoft Corporation - refactoring
+--       SAP SE - add private properties to contract definition
+--
+
+-- table: edc_contract_definitions
+-- only intended for and tested with H2 and Postgres!
+CREATE TABLE IF NOT EXISTS edc_contract_definitions
+(
+    created_at             BIGINT  NOT NULL,
+    contract_definition_id VARCHAR NOT NULL,
+    access_policy_id       VARCHAR NOT NULL,
+    contract_policy_id     VARCHAR NOT NULL,
+    assets_selector        JSON    NOT NULL,
+    private_properties     JSON,
+    PRIMARY KEY (contract_definition_id)
+);