Traction is designed with an API-first architecture layered on top of Hyperledger Aries Cloud Agent Python (ACA-Py) and streamlines the process of sending and receiving digital credentials for governments and organizations.
Hi,
Recently i using traction with docker .But when i tried to deploy traction in kubernetes via helm charts , i am unable to find admin name,key for innkeeper or config them under plugin-config.yaml of acapy inside values.yaml .but its of no use,Can some one help me about which step i am doing wrong and also how to config innkeeper to use custom admin name and key
Below is the acapy section of values.yaml i am using ,
@param acapy.argfile.yml.auto-accept-invites Automatically accept invites without firing a webhook event or waiting for an admin request. Default: false.
I got my problem solved,its not about configuration os issuer,but to expose the tenant-proxy via nodeport because to make it accessable to tenant-ui outside kubernetes cluster
Hi, Recently i using traction with docker .But when i tried to deploy traction in kubernetes via helm charts , i am unable to find admin name,key for innkeeper or config them under plugin-config.yaml of acapy inside values.yaml .but its of no use,Can some one help me about which step i am doing wrong and also how to config innkeeper to use custom admin name and key
Below is the acapy section of values.yaml i am using ,
@section Acapy Configuration
acapy:
image: repository: ghcr.io/bcgov/traction-plugins-acapy pullPolicy: IfNotPresent pullSecrets: [] tag: "" serviceAccount: create: false annotations: {} automountServiceAccountToken: true name: "" replicaCount: 1
AcaPy Autoscaling configuration
autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 stabilizationWindowSeconds: 300
labelOverride: ""
@section Acapy configuration file
@param acapy.argfile.yml.auto-accept-invites Automatically accept invites without firing a webhook event or waiting for an admin request. Default: false.
argfile.yml: auto-accept-invites: true auto-accept-requests: true auto-create-revocation-transactions: true auto-ping-connection: true auto-promote-author-did: true auto-provision: true auto-request-endorsement: true auto-respond-credential-offer: false auto-respond-credential-proposal: false auto-respond-credential-request: true auto-respond-messages: true auto-respond-presentation-proposal: true auto-respond-presentation-request: false auto-store-credential: true auto-verify-presentation: true auto-write-transactions: true emit-new-didcomm-mime-type: true emit-new-didcomm-prefix: true endorser-alias: endorser endorser-protocol-role: author genesis-transactions-list: /home/aries/ledgers.yml label: '{{ include "acapy.label" .}}' log-level: info monitor-ping: true monitor-revocation-notification: true multitenant-admin: true multitenant: true notify-revocation: true preserve-exchange-records: true public-invites: true read-only-ledger: false tails-server-base-url: https://tails-test.vonx.io tails-server-upload-url: https://tails-test.vonx.io wallet-name: askar-wallet wallet-storage-type: postgres_storage wallet-type: askar
Acapy multiledger configuration file
param acapy.ledgers.yml [object] YAML configuration for connecting to multiple HyperLedger
ledgers.yml:
id: bcovrin-test is_production: true is_write: true genesis_url: "http://test.bcovrin.vonx.io/genesis" endorser_did: "Q5uukoJmdf7cNSh2u6NPEu" endorser_alias: "endorser-traction"
walletStorageConfig: json: "" url: "" max_connections: 10 wallet_scheme: DatabasePerWallet
walletStorageCredentials: json: '' account: acapy admin_account: postgres existingSecret: "" secretKeys: adminPasswordKey: admin-password userPasswordKey: database-password
@section Acapy Plugins
Specify the plugins to enable.
plugins: basicmessageStorage: true connectionUpdate: true multitenantProvider: true tractionInnkeeper: true rpc: true
@section Acapy Plugin Configuration
Specify configuration values for each plugin.
Configuration values are plugin specific, and are rendered as is into the plugin-config.yml file.
plugin-config.yml: multitenant_provider: manager: class_name: multitenant_provider.v1_0.manager.AskarMultitokenMultitenantManager always_check_provided_wallet_key: true errors: on_unneeded_wallet_key: false token_expiry: units: days amount: 1 traction_innkeeper: innkeeper_wallet: wallet_name: traction_innkeeper tenant_id: traction_innkeeper wallet_key: change-me print_key: false print_token: false connect_to_endorser:
@section Acapy tails persistence configuration
persistence:
@param acapy.persistence.existingClaim Name of an existing PVC to use
existingClaim: ""
@param acapy.persistence.mountPath
mountPath: /mnt/traction-tails
/home/aries/.indy_client/tails
param acapy.persistence.storageClass PVC Storage Class
If defined, storageClassName:
If set to "-", storageClassName: "", which disables dynamic provisioning
If undefined (the default) or set to null, no storageClassName spec is
set, choosing the default provisioner. (gp2 on AWS, standard on
GKE, AWS & OpenStack)
storageClass: traction
@param acapy.persistence.accessModes PVC Access Mode. ReadWriteMany is required for each Acapy pod to access the same volume.
accessModes:
@param acapy.persistence.size PVC Storage Request for tails volume
size: 1Gi
Acapy common configurations
param acapy.resources.requests.cpu The requested cpu for the Acapy containers
resources: limits: cpu: 300m memory: 300Mi requests: cpu: 120m memory: 200Mi
param acapy.podAnnotations Map of annotations to add to the acapy pods
podAnnotations: {}
param acapy.podSecurityContext Pod Security Context
ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext: {}
fsGroup: 2000
param acapy.containerSecurityContext Container Security Context
ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext: {}
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
Acapy service configuration
service:
param acapy.service.type Kubernetes Service type
type: ClusterIP
param acapy.service.adminPort Port to expose for admin service
adminPort: 8031
param acapy.service.httpPort Port to expose for http service
httpPort: 8030
param acapy.affinity Affinity for acapy pods assignment
ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
param acapy.nodeSelector Node labels for acapy pods assignment
ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
param acapy.tolerations Tolerations for acapy pods assignment
ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
section Acapy NetworkPolicy parameters
networkPolicy:
param acapy.networkPolicy.enabled Enable network policies
enabled: false
param acapy.networkPolicy.ingress.enabled Enable ingress rules
param acapy.networkPolicy.ingress.namespaceSelector [object] Namespace selector label that is allowed to access the Tenant proxy pods.
param acapy.networkPolicy.ingress.podSelector [object] Pod selector label that is allowed to access the Tenant proxy pods.
ingress: enabled: false namespaceSelector: {}
network.openshift.io/policy-group: ingress
podSelector: {}
openshift: route:
enabled: false
path: "/"
targetPort: http
timeout: 2m tls:
wildcardPolicy: None adminRoute:
enabled: false
path: "/"
targetPort: admin
timeout: 2m tls:
wildcardPolicy: None secret: adminApiKey: generated: true
value: "" walletKey:
@param acapy.secret.walletKey.existingSecret Name of an existing secret to use. Must contain
walletKey
key.existingSecret: "" pluginInnkeeper:
@param acapy.secret.pluginInnkeeper.existingSecret Name of an existing secret to use. Must contain
tenantid
, andwalletkey
keys.existingSecret: ""
@param acapy.secret.pluginInnkeeper.generated Generate plugin innkeeper secret values
generated: true
@param acapy.secret.pluginInnkeeper.walletkey Override plugin innkeeper wallet key
walletkey: ""
@param acapy.secret.pluginInnkeeper.tenantid Override plugin innkeeper tenant id
tenantid: ""