feat: various configs for slim (#118)

* feat(slim): multiple slim configs

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* fix: add example slim client configs

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* fix: update default slim chart

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* feat: add cert-manger deploy

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* fix: add task to remove cert-manager

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* fix: typo

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

* fix: update slim chart

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

---------

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>

Author: pbalogh-sa

integrations/agntcy-slim/Taskfile.yml

@@ -13,7 +13,8 @@ vars:
   IMAGE_REPO: '{{ .IMAGE_REPO | default "ghcr.io/agntcy" }}'
   SLIM_IMAGE_TAG: '{{ .SLIM_IMAGE_TAG | default "0.3.15" }}'
   MCP_PROXY_IMAGE_TAG: '{{ .MCP_PROXY_IMAGE_TAG | default "0.1.5" }}'
-  SLIM_CHART_TAG: '{{ .SLIM_CHART_TAG | default "v0.1.5" }}'
+  SLIM_CHART_TAG: '{{ .SLIM_CHART_TAG | default "v0.1.7" }}'
+  SLIM_CONFIG: '{{ .SLIM_CONFIG | default "base" }}'
 
   IMAGE_BAKE_OPTS: '{{ .IMAGE_BAKE_OPTS | default "--set *.platform=linux/arm64" }}'
   LANGCHAIN_APP_TAG: '{{ .LANGCHAIN_APP_TAG | default "v0.0.10" }}'
@@ -53,6 +54,7 @@ tasks:
           --set slim.image.tag="{{ .SLIM_IMAGE_TAG }}" \
           --set mcpProxy.image.tag="{{ .MCP_PROXY_IMAGE_TAG }}" \
           --set mcpProxy.enabled="{{ .MCP_PROXY_DEPLOY }}" \
+          -f components/config/{{ .SLIM_CONFIG }}/server-config.yaml \
           --namespace {{ .HELM_NAMESPACE }} \
           --create-namespace \
           --install \
@@ -62,9 +64,33 @@ tasks:
 
   test-env:cleanup:
     desc: Remove agent slim test env
+    cmds:
+      - helm delete --namespace {{ .HELM_NAMESPACE }} agntcy-slim
+
+  cert-manager:deploy:
+    desc: Deploy cert-manager
     cmds:
       - |
-        helm delete --namespace {{ .HELM_NAMESPACE }} agntcy-slim
+        helm repo add jetstack https://charts.jetstack.io --force-update
+        helm upgrade cert-manager jetstack/cert-manager \
+          --namespace cert-manager \
+          --create-namespace \
+          --version v1.17.2 \
+          --set crds.enabled=true \
+          --install \
+          --wait \
+          --wait-for-jobs \
+          --timeout "15m"
+
+  cert-manager:remove:
+    desc: Remove cert-manager
+    cmds:
+      - helm delete cert-manger -n cert-manger
+
+  certificates:create:
+    desc: Create certificates
+    cmds:
+      - kubectl apply -f components/certificates
 
   build:agentic-apps:
     desc: Build agentic containers

integrations/agntcy-slim/components/certificates/ca-based-issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: ecdsa-ca-issuer
+spec:
+  ca:
+    secretName: ecdsa-ca-secret

integrations/agntcy-slim/components/certificates/client-cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mtls-client-cert
+spec:
+  secretName: mtls-client-tls
+  privateKey:
+    algorithm: ECDSA
+    size: 384  # secp384r1
+  issuerRef:
+    name: ecdsa-ca-issuer
+    kind: ClusterIssuer
+  commonName: "client.agntcy.org"
+  dnsNames:
+    - client.agntcy.org
+  usages:
+    - client auth

integrations/agntcy-slim/components/certificates/ecdsa-ca-cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ecdsa-ca
+  namespace: cert-manager
+spec:
+  secretName: ecdsa-ca-secret
+  isCA: true
+  privateKey:
+    algorithm: ECDSA
+    size: 384  # This selects secp384r1 (P-384)
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+  commonName: "my-ecdsa-ca"
+  dnsNames:
+    - ca.agntcy.org

integrations/agntcy-slim/components/certificates/self-signed-cluster-issuer.yaml

@@ -0,0 +1,6 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}

integrations/agntcy-slim/components/certificates/server-cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mtls-server-cert
+spec:
+  secretName: mtls-server-tls
+  privateKey:
+    algorithm: ECDSA
+    size: 384  # secp384r1
+  issuerRef:
+    name: ecdsa-ca-issuer
+    kind: ClusterIssuer
+  commonName: "server.agntcy.org"
+  dnsNames:
+    - server.agntcy.org
+  usages:
+    - server auth

integrations/agntcy-slim/components/config/base/client-config.yaml

@@ -0,0 +1,22 @@
+# Copyright AGNTCY Contributors (https://github.com/agntcy)
+# SPDX-License-Identifier: Apache-2.0
+
+slim:
+  config:
+    tracing:
+      log_level: info
+      display_thread_names: true
+      display_thread_ids: true
+
+    runtime:
+      n_cores: 0
+      thread_name: "slim-data-plane"
+      drain_timeout: 10s
+
+    services:
+      slim/0:
+        pubsub:
+          clients:
+            - endpoint: "http://agntcy-slim:46357"
+              tls:
+                insecure: true

integrations/agntcy-slim/components/config/base/server-config.yaml

@@ -0,0 +1,29 @@
+# Copyright AGNTCY Contributors (https://github.com/agntcy)
+# SPDX-License-Identifier: Apache-2.0
+
+slim:
+  config:
+    tracing:
+      log_level: debug
+      display_thread_names: true
+      display_thread_ids: true
+
+    runtime:
+      n_cores: 0
+      thread_name: "slim-data-plane"
+      drain_timeout: 10s
+
+    services:
+      slim/0:
+        pubsub:
+          servers:
+            - endpoint: "0.0.0.0:46357"
+              tls:
+                insecure: true
+          clients: []
+
+        controller:
+          server:
+            endpoint: "0.0.0.0:46358"
+            tls:
+              insecure: true

integrations/agntcy-slim/components/config/mtls/client-config.yaml

@@ -0,0 +1,34 @@
+# Copyright AGNTCY Contributors (https://github.com/agntcy)
+# SPDX-License-Identifier: Apache-2.0
+
+slim:
+  config:
+    tracing:
+      log_level: debug
+      display_thread_names: true
+      display_thread_ids: true
+
+    runtime:
+      n_cores: 0
+      thread_name: "slim-data-plane"
+      drain_timeout: 10s
+
+    services:
+      slim/0:
+        pubsub:
+          clients:
+            - endpoint: "https://agntcy-slim:46357"
+              tls:
+                ca_file: "/etc/certs/ca.crt"
+                cert_file: "/etc/certs/tls.crt"
+                key_file: "/etc/certs/tls.key"
+
+  extraVolumes:
+    - name: certs
+      secret:
+        secretName: mtls-server-tls
+
+  extraVolumeMounts:
+    - name: certs
+      mountPath: "/etc/certs"
+      readOnly: true

integrations/agntcy-slim/components/config/mtls/server-config.yaml

@@ -0,0 +1,37 @@
+# Copyright AGNTCY Contributors (https://github.com/agntcy)
+# SPDX-License-Identifier: Apache-2.0
+
+slim:
+  config:
+    tracing:
+      log_level: debug
+      display_thread_names: true
+      display_thread_ids: true
+
+    runtime:
+      n_cores: 0
+      thread_name: "slim-data-plane"
+      drain_timeout: 10s
+
+    services:
+      slim/0:
+        pubsub:
+          servers:
+          - endpoint: "0.0.0.0:46357"
+            tls:
+              cert_file: "/etc/certs/tls.crt"
+              key_file: "/etc/certs/tls.key"
+
+              client_ca_file: "/etc/certs/ca.crt"
+
+          clients: []
+
+  extraVolumes:
+    - name: certs
+      secret:
+        secretName: mtls-server-tls
+
+  extraVolumeMounts:
+    - name: certs
+      mountPath: "/etc/certs"
+      readOnly: true