- updated the release pipeline to automatically add new versions
- modified local cluster deployment to use resource quotas from startup
- added subnet address variable for services configuration for local cluster and set default value to '10.0.26.0/16'
- split internal and external virtual service for minio service
- extended rabbitmq scraping for specific queues
- refactored infrastructure resources istio, jaeger and prometheus
- deactivate validateJwt for bundidp-mock
- refactored resource module for better handling of resource definitions
- fixed application modules will not be planned caused by pull secrets implementation
- refactored module istio_routing_configurations for trigger errors on plan
- upgraded provider hashicorp/kubernets to 3.1.0
- updated install-/update-tools scripts for use latest terraform-docs version
- added Kyverno and Policy Reporter Metrics + prometheus scraping annotations
- added Kyverno Dashboard
- added Authentication-Policies for idm
- fixed service annotation for Kyverno
- handed over the image pull secret to the kyverno policies in all namespaces
- new batch endpoints in ARS
- changed REF-FKB postgres host in switchDatabase.sh
- update Database Pipeline for location switching and add surveillance-pseudonym-service-ars, ars-service to restart list
- simplified ARS/BIS virtual service configuration
- changed PROD-FKB postgres host in switchDatabase.sh
- fixed restart all services for test stages and including handling for dmz and are namespaces
- fixed service dependencies in the dmz namespace
- added new module istio_routing_configurations for define to create istio routing rules by yaml file
- added pgbouncer to dependency to ars-service
- extended install-tools script with python3-pip and python3-venv
- added
-mflag to.scripts/update-service-local.shto patch multiple matching deployments/cronjobs at once (e.g. all variants of a service likevalidation-service-*) - fixed HTTP method matching in Istio routing rule generation (
istio_routing_configurationsmodule now correctly appliesmethodfilter in match blocks) - add ARE Setup
- Added ResourceQuota configuration for namespaces
- fixed wrong namespace module name in idm
- removed feature flag FEATURE_FLAG_NEW_API_ENDPOINTS and related configurations
- upgraded provider hashicorp/random to 3.8.1
- enable ResourceQuota admission plugin in KIND cluster
- reverted removed ff NEW_API_ENDPOINTS for portal-igs
- removed ff NEW_API_ENDPOINTS for portal-igs
- fixed prometheus scraping for local cluster
- added rabbitmq url for secure-message-gateway
- added spring profiles config for ars-service
- added new deployment strategy "rolling" to deploy i.a. stateful sets without downtime
- added RabbitMq secret to demis namespace
- fix apt-key command in install-tools.sh
- deploy dmz before services
- remove profile for ars-service
- added rabbitmq user password hash
- changed/fixed refresh rancher api token pipeline for fkb location
- added new helm values for istio-ingressgateway
- moved Pipeline to other project
- added environment variable for code mapping client addresses to futs and lifecycle-validation-service
- fixed typos in validation-service-charts
- update pipelines/targets of dmz-dev, dmz-qs, dmz-prod-test for test-stages
- fix mesh secret handling
- removed feature flag FEATURE_FLAG_NEW_API_ENDPOINTS and related configurations
- upgraded provider hashicorp/random to 3.8.1
- fixed pipeline for infrastructure rollout for correct defining of GOOGLE_APPLICATION_CREDENTIALS
- added postgres and pgbouncer to dmz namespace
- added database-configurations for bulk
- set headers x-fhir-profile, x-fhir-api-version, x-fhir-api-request-origin, x-fhir-api-submission-type in istio-values.yaml of notification-gateway and notification-processing-service
- modularized http timeouts and retries for all services
- added hmac secret variable for ars bulk service
- made bulk-inbound-service reachable for bulk and upload
- Remove unnecessary IGS-variable storage_tls_certificate
- added environment variables to dmz/bulk-inbound-service
- added waf and secure-message-gateway to dmz namespace
- adjusted paths for ARS bulk upload to current specification
- set timeout for minio to 5 min for local cluster
- bulk-inbound-service reachable from ingres
- added functionality of kubeconfig usage for terraform on kkp stages
- edit depends_on to futs for gateway igs
- fixed package-registry url for validation-services and futs services
- added make target for ref-fkb and prod-fkb
- fixed kiali configuration for connecting to istio resources
- added new policies: kubernetes-network-policies for all application namespaces
- upgraded providers
- hashicorp/helm version to 3.1.1
- hashicorp/kubernetes version to 3.0.1
- refactored jaeger deployment
- fixed naming errors and enforce lint conventions
- added flag for enabling istio native sidecar usage (default false)
- increased default memory limit for istio proxy to 256Mi
- fixed DMZ terraform backend activation
- fixed ignoring config options with null value
- fixed 'all' keyword for feature flags and configs
- fixed Jaeger Resource requests and limits
- added fhir-profiles-metadata module for services futs-core and futs-igs
- added validation for services are allowed to define profiles in active versions file
- modified deployment order. Now services validation-service-core, validation-service-igs, validation-service-ars, futs-core and futs-igs depends on package-registry.
- added ARE modul (EKM3)
- added DMZ modul
- added destination-lookup-service urls to NPS, NRS and LVS
- fix gitlab urls in scripts
- removed truststore-certs-secrets for keycloak
- add resource requests and limits for istio proxy sidecars
- added prometheus jobs for rabbitmq and improved for services in local
- fix namespace name for new testenvironment
- fix istio metrics path for metric scraping
- fix default db for ref environment in switch database script
- added truststore-certs-secrets for keycloak
- Fix new API endpoints routing for portal pathogen and disease to futs
- added tsl-download endpoint
- added support of FHIR packages
- add grafana metrics annotations for istiod
- add meldungs domain for mesh network policies
- truncate checksums
- refactor module fhir-profiles-metadata for better profile update handling on non-canary deployment of validation services (requires service version 2.9.1)
- Add additional test-configuration for prod-test environment
- cron jobs will be only manually triggered if references services or own service will be updated
- adding coding standards to CONTRIBUTING.md
- added versioned s3-controller urls for igs
- receiving sequence data for outdated api version supported
- removed Test User IDs from Notification Processing Service Template
- add scale down and scale up make targets for all demis deployments
- add secretKeyRef for ars-pseudo-purger
- fix traffic weight for non-canary deployments
- adjust tests for modules helm_deployment and flags
- environment variable added to surveillance-pseudonym-service-ars
- removed ars-pseudonymization-service
- add new cronjob surveillance-pseudonym-purger-ars
- add starting dependency for keycloak to local idp
- add checksums to all secrets
- add secret checksums to all helm charts from all services that use these secrets
- split file chart-destination-lookup.tf in files chart-destination-lookup-writer.tf, chart-destination-lookup-reader.tf and chart-destination-lookup-purger.tf
- added sidecar tsl-deliverer-mock for keycloak. Needed only for local and dev deployment
- changed redis ACL for the reader and writer accounts
- upgrade required terraform version to 1.9.0
- upgrade provider hashicorp/helm to 3.0.2
- for local development KIND version 0.30.0 is required
- update apt package manager resource for helm (old is unavailable)
- add db entries for pgbouncer only if necessary
- determine postgres initialization config from running services
- updating kyverno
- fix grafana dashboard download issue on empty folder in terraform
- upgrade provider hashicorp/kubernetes to 2.38.0
- update custom dashboards
- add more documentation for customizing new EKM deployment modules
- add destination lookup services to switch database script
- Update structure of the service account Kubernetes secret.
- add database for destination-lookup to pgbouncer and postgres
- remove unused variables from ekm-template
- add resource for destination-lookup-service
- make stage-configuration-data optional
- remove unused secret for gematik-idp
- changed routing of requests to FUTS
- added profile version for IGS in Gateway-IGS
- add module fhir-profiles-metadata v2
- add setup for provisioning modes dedicated, distributed and combined on validation services
- add setup for versioned profile snapshots and external access on validation services, ars-service, igs-service, report-processing-service and notification-processing-service
- add Support for new API Endpoint for Backend-Services
- new API Endpoint change for FFS Reader Search url
- add new API endpoints for portal-bedoccupancy
- add new API endpoints for portal-pathogen
- add new API endpoints for HLS
- add new API endpoints for NG
- add new API endpoints for RPS
- add new API endpoints for policies-authorizations
- add new API endpoints for portal-disease
- add new API endpoints for notification-gateway
- add new API endpoints for portal-shell
- add new API endpoints for portal-igs
- new API endpoint use profile header x-fhir-profile instead of fhirProfile
- make TF_EXTRA_ARGS environment variable available for passing parameters from command line to opentofu
- ARS: use surveillance-pseudonym-service-ars instead of ars-pseudonymization-service
- ARS: add secret ars-pseudo-hash-pepper to demis environment
- surveillance-pseudonym-service-ars: app-values extended
- add support for using Kubernetes secrets to provide GCP service account key files.
- add ekm-template
- skip manual job creation if job is suspended (CUS, FSP, KUP)
- add surveillance-pseudonym database to pgbouncer
- remove NCAPI mirror
- Add new service: surveillance-pseudonym-service-ars
- Remove external virtual service from package-registry
- remove NCAPI and pseudo-storage database from pgbouncer and postgres
- Update switch Database Script
- Remove deprecated Pseudonymization-Storage-Service
- use last version of activated gcp secrets for deployments
- Remove NCAPI References + API Key
- Add Filter to exclude option values with null values
- Added new service: Package Registry
- Add ABC Prod Fra
- Remove external virtual service from ars-pseudonymization-service
- Remove keycloak-gematik-idp-public-key as variable and add as config option.
- Remove keycloak-gematik-idp-public-key as variable and add as config option.
- Terminology server FHIR snapshot configuration change to apply all validation services' snapshots
- Update Database Pipeline for abc Cluster
- Added default addresses for 'ars-service'
- Update gitignore
- Update Readme with new disclaimer
- Update Jenkins Pipelines for publishing to GitHub
- Update Jenkins Pipelines for automatic validation
- Add functionality defining alternative fhir-profile-snapshot version for futs
- fix null update for profiles in canary to main transition on active-versions.yaml
- Add charts for new service 'ars-pseudonymization-service'
- Add charts for new service 'terminology-server'
- Add functionality defining multiple profiles for validation services
- Add new secret for keycloak token exchange
- Add new secret for certificate-update-service
- Helm Chart Template Values are now part of theis repository
- Resources and Replicas can be fully customised over a variable
- Added new Makefile targets for linting, docs, formatting
- New Project Structure, centralization of identity management services in own namespace
- Minor bugfixes
- First official GitHub-Release