From 1abb07d684e50315f5fa7f51e18808f17800614a Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 12:06:41 -0500 Subject: [PATCH 1/6] run helm-docs --- charts/platform/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/platform/README.md b/charts/platform/README.md index a08e8991..967b7307 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -1,6 +1,6 @@ # platform -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.0](https://img.shields.io/badge/AppVersion-v0.7.0-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.8.1](https://img.shields.io/badge/AppVersion-v0.8.1-informational?style=flat-square) A Helm Chart for OpenTDF Platform @@ -247,7 +247,7 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat | server.http.readTimeout | string | `nil` | The maximum duration for reading the entire request including the body, ex. 30s, a negative value indicates no timeout, if unset or zero use application's default (5s). | | server.http.writeTimeout | string | `nil` | The maximum duration before timing out writes of the response, ex. 30s, a negative value indicates no timeout, if unset or zero use application's default (10s). | | server.port | int | `9000` | The server port | -| server.public_hostname | string | `""` | @deprecated Use `services.kas.config.registered_kas_uri` instead. The client facing name for the policy services, including KAS. This is baked into Key Access Objects, and required for key management with the policy service. | +| server.public_hostname | string | `""` | The client facing name for the policy services, including KAS. This is baked into Key Access Objects, and required for key management with the policy service. @deprecated Use `services.kas.config.registered_kas_uri` instead. | | server.tls.additionalTrustedCerts | list | `[]` | Additional trusted certificates. These can be loaded following [projected volume](https://kubernetes.io/docs/concepts/storage/projected-volumes/) | | server.tls.enabled | bool | `false` | Enables tls for platform server | | server.tls.secret | string | `nil` | The server tls certificate. If not set, a self-signed certificate is generated | @@ -266,12 +266,12 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat | services.entityresolution.subgroups | bool | `false` | Subgroups | | services.entityresolution.url | string | `nil` | Identity Provider Entity Resolver | | services.extraServices | object | `{}` | Additional services | -| services.kas.config | object | `{"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}],"preview":{"ec_tdf_enabled":false,"key_management":false},"root_key":null,registered_kas_uri:""}` | KAS service Configuration as yaml | -| services.kas.config.registered_kas_uri | string | "" | The URI this KAS is registered with in the platform database. Used when `services.kas.config.preview.key_management` is enabled, if present. If not present, fallsback to using `public_hostname` and inferring the URI. | +| services.kas.config | object | `{"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}],"preview":{"ec_tdf_enabled":false,"key_management":false},"registered_kas_uri":null,"root_key":null}` | KAS service Configuration as yaml | | services.kas.config.keyring | list | `[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]` | Default keys for clients to use | | services.kas.config.preview | object | `{"ec_tdf_enabled":false,"key_management":false}` | Preview feature enablement | | services.kas.config.preview.ec_tdf_enabled | bool | `false` | Whether tdf based ecc support is enabled. | | services.kas.config.preview.key_management | bool | `false` | Whether new key management features are enabled. | +| services.kas.config.registered_kas_uri | string | `nil` | Used by key management, if present. | | services.kas.privateKeysSecret | string | `"kas-private-keys"` | KAS secret containing keys @deprecated Use `private_keys_secret` instead. This value will be removed in a future release. | | services.kas.private_keys_secret | string | `""` | KAS secret containing keys kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem | | services.kas.root_key_secret | object | `{"key":"root_key","name":"kas-root-key"}` | Key needed when key_management feature is enabled (openssl rand 32 -hex) openssl rand 32 -hex | kubectl create secret generic kas-root-key --from-file=root_key=/dev/stdin | From ef5f3962bf89ee30ab845350c630df473ec9de2f Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 12:13:09 -0500 Subject: [PATCH 2/6] docs. --- charts/platform/README.md | 2 +- charts/platform/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/platform/README.md b/charts/platform/README.md index 967b7307..6a8c2339 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -271,7 +271,7 @@ Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/plat | services.kas.config.preview | object | `{"ec_tdf_enabled":false,"key_management":false}` | Preview feature enablement | | services.kas.config.preview.ec_tdf_enabled | bool | `false` | Whether tdf based ecc support is enabled. | | services.kas.config.preview.key_management | bool | `false` | Whether new key management features are enabled. | -| services.kas.config.registered_kas_uri | string | `nil` | Used by key management, if present. | +| services.kas.config.registered_kas_uri | string | `nil` | The URI this KAS is registered with in the platform database. Used by key management, if present. | | services.kas.privateKeysSecret | string | `"kas-private-keys"` | KAS secret containing keys @deprecated Use `private_keys_secret` instead. This value will be removed in a future release. | | services.kas.private_keys_secret | string | `""` | KAS secret containing keys kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem | | services.kas.root_key_secret | object | `{"key":"root_key","name":"kas-root-key"}` | Key needed when key_management feature is enabled (openssl rand 32 -hex) openssl rand 32 -hex | kubectl create secret generic kas-root-key --from-file=root_key=/dev/stdin | diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 19e14457..76c6f2f5 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -455,8 +455,7 @@ services: kas: # -- KAS service Configuration as yaml config: - # -- The URI this KAS is registered with in the platform database. - # -- Used by key management, if present. + # -- The URI this KAS is registered with in the platform database. Used by key management, if present. registered_kas_uri: # -- Preview feature enablement preview: From 108c40d95f9ae1c2d24061401838ac6d89829b22 Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 13:22:32 -0500 Subject: [PATCH 3/6] docs. --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index bd186932..06d9cf4f 100644 --- a/README.md +++ b/README.md @@ -29,3 +29,8 @@ For chart specific documentation, please refer to the README.md files in the res ### Charts - [Platform](charts/platform/README.md) + +#### Contributing + +When updating the charts, run `helm-docs` after to update the +README.md with the proper changes. From b54489425a4260c075e7a4589e86f531e607633e Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 13:24:02 -0500 Subject: [PATCH 4/6] docs. --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 06d9cf4f..000b9d3a 100644 --- a/README.md +++ b/README.md @@ -32,5 +32,4 @@ For chart specific documentation, please refer to the README.md files in the res #### Contributing -When updating the charts, run `helm-docs` after to update the -README.md with the proper changes. +After updating the charts, run `helm-docs` to update the [README.md](chartsplatforn/README.md). From 2750852e30c7270579b0b1e0494b1e67ae54c7bb Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 13:24:26 -0500 Subject: [PATCH 5/6] fix link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 000b9d3a..5fae6243 100644 --- a/README.md +++ b/README.md @@ -32,4 +32,4 @@ For chart specific documentation, please refer to the README.md files in the res #### Contributing -After updating the charts, run `helm-docs` to update the [README.md](chartsplatforn/README.md). +After updating the charts, run `helm-docs` to update the [README.md](charts/platforn/README.md). From 0df71191c72985d94a3fd287c46d88a40438d15b Mon Sep 17 00:00:00 2001 From: Chris Reed Date: Wed, 13 Aug 2025 13:25:21 -0500 Subject: [PATCH 6/6] fix link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fae6243..915a91e7 100644 --- a/README.md +++ b/README.md @@ -32,4 +32,4 @@ For chart specific documentation, please refer to the README.md files in the res #### Contributing -After updating the charts, run `helm-docs` to update the [README.md](charts/platforn/README.md). +After updating the charts, run `helm-docs` to update the [README.md](charts/platform/README.md).