From e499ec8b59586343b6110b29133318daca669016 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Thu, 11 May 2023 00:01:20 +0300
Subject: [PATCH 1/9] First code dump of the Go-module, including all the code,
 helm chart and README

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 Dockerfile                         |  16 +++
 Makefile                           |  62 ++++++++
 README.md                          | 217 +++++++++++++++++++++++++++-
 conf.sample.yaml                   |  14 ++
 fybrikapplication.yaml             |  18 +++
 go.mod                             |  48 +++++++
 go.sum                             | 129 +++++++++++++++++
 helm/Chart.yaml                    |   4 +
 helm/files/conf.yaml               |  39 ++++++
 helm/templates/_helpers.tpl        |  64 +++++++++
 helm/templates/configmap.yaml      |  11 ++
 helm/templates/deployment.yaml     |  95 +++++++++++++
 helm/templates/service.yaml        |  19 +++
 helm/templates/serviceaccount.yaml |   8 ++
 helm/values.yaml                   |  78 +++++++++++
 main.go                            | 218 +++++++++++++++++++++++++++++
 module.yaml                        |  32 +++++
 17 files changed, 1071 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100644 conf.sample.yaml
 create mode 100644 fybrikapplication.yaml
 create mode 100644 go.mod
 create mode 100644 go.sum
 create mode 100644 helm/Chart.yaml
 create mode 100644 helm/files/conf.yaml
 create mode 100644 helm/templates/_helpers.tpl
 create mode 100644 helm/templates/configmap.yaml
 create mode 100644 helm/templates/deployment.yaml
 create mode 100644 helm/templates/service.yaml
 create mode 100644 helm/templates/serviceaccount.yaml
 create mode 100644 helm/values.yaml
 create mode 100644 main.go
 create mode 100644 module.yaml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e2d3bee
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM golang:1.18-alpine
+
+WORKDIR /
+COPY go.mod ./
+COPY go.sum ./
+RUN go mod download
+
+COPY main.go ./
+
+RUN chmod +rwx ./tmp
+
+EXPOSE 8080
+
+RUN go build -o go-module-server main.go
+
+CMD [ "/go-module-server" ]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..c817325
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,62 @@
+DOCKER_NAME = go-module
+DOCKER_HOSTNAME = ghcr.io
+DOCKER_NAMESPACE = aradhalevy
+DOCKER_TAG ?= master
+
+TEMP := /tmp
+CHART_LOCAL_PATH ?= helm 
+CHART_NAME ?= go-module-chart
+HELM_RELEASE ?= rel1-${DOCKER_NAME}
+HELM_TAG ?= 0.0.0
+
+FYBRIKAPPLICATION_NAME ?= my-notebook
+FYBRIKAPPLICATION_YAML ?= fybrikapplication.yaml
+FYBRIK_NAMESPACE ?= fybrik-notebook-sample
+
+
+IMG := ${DOCKER_HOSTNAME}/${DOCKER_NAMESPACE}/${DOCKER_NAME}:${DOCKER_TAG}
+
+
+CHART_REGISTRY_PATH := oci://${DOCKER_HOSTNAME}/${DOCKER_NAMESPACE}
+
+# To enable OCI experimental support for Helm versions prior to v3.8.0, HELM_EXPERIMENTAL_OCI is set
+export HELM_EXPERIMENTAL_OCI=1
+export GODEBUG=x509ignoreCN=0
+
+.PHONY: helm-verify
+helm-verify: 
+	helm lint ${CHART_LOCAL_PATH}
+	helm install --dry-run ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HELM_VALUES}
+
+.PHONY: helm-uninstall
+helm-uninstall: 
+	helm uninstall ${HELM_RELEASE} || true
+
+.PHONY: helm-install
+helm-install: helm
+	helm install ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HELM_VALUES}
+
+.PHONY: helm-chart-push
+helm-chart-push:
+	helm package ${CHART_LOCAL_PATH} --version=${HELM_TAG} --destination=${TEMP}
+	helm push ${TEMP}/${CHART_NAME}-${HELM_TAG}.tgz ${CHART_REGISTRY_PATH}
+	rm -rf ${TEMP}/${CHART_NAME}-${HELM_TAG}.tgz
+
+.PHONY: docker-build 
+docker-build:
+	docker build . -t ${IMG}
+
+.PHONY: docker-push 
+docker-push: docker-build
+	docker push ${IMG}
+
+.PHONY: run-fybrikapp 
+run-fybrikapp:
+	-kubectl delete fybrikapplication ${FYBRIKAPPLICATION_NAME} -n ${FYBRIK_NAMESPACE}
+	kubectl apply -f ${FYBRIKAPPLICATION_YAML} -n ${FYBRIK_NAMESPACE}
+
+.PHONY: module-logs 
+module-logs :
+	FIRST_POD=$$(kubectl get pods -n fybrik-blueprints -o jsonpath='{.items[0].metadata.name}'); \
+	kubectl logs  $$FIRST_POD -n fybrik-blueprints;
+
diff --git a/README.md b/README.md
index ac303d5..407a792 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,216 @@
-# go-module
\ No newline at end of file
+# Go-module
+
+This Go-module is intended as a template module for Fybrik written in [Go](https://go.dev/).
+
+This module features a read capability of data assets, using a generic server implementation written with [Gin Web Framework](https://pkg.go.dev/github.com/gin-gonic/gin) for Go.
+
+# How a Fybrik Application can access a dataset, using a Go module for Fybrik
+To see the Go module for Fybrik in action, you need to take these steps:
+1. Install Fybrik
+2. Register the Go-module to Fybrik
+3. Prepare a data asset and register it in a data catalog
+4. Define data access policy
+5. Deploy a Fybrik application
+6. Access the data asset using the Go-module 
+
+### Install fybrik
+Install Fybrik v1.3 using the [Quick Start](https://fybrik.io/v1.3/get-started/quickstart/), without the section of `Install modules`, and make sure to install Fybrik with Katalog as the data catalog.
+
+### Register the Go-module to Fybrik
+
+To register The Go-module as a Fybrik module apply `module.yaml` to the fybrik-system namespace of your cluster.
+
+To install the module, download the `module.yaml` from the repository and run:
+
+```bash
+kubectl apply -f module.yaml -n fybrik-system
+```
+
+### Register a data asset
+
+First, you should create a new Kubernetes namespace and set it as the active namespace: 
+
+```bash
+kubectl create namespace fybrik-notebook-sample
+kubectl config set-context --current --namespace=fybrik-notebook-sample
+```
+
+### Prepare a data asset and register it in a data catalog
+
+This example uses a sample of 100 lines of the [Synthetic Financial Datasets For Fraud Detection](https://www.kaggle.com/ealaxi/paysim1) dataset. Download [`PS_20174392719_1491204439457_log.csv`](https://raw.githubusercontent.com/fybrik/fybrik/master/samples/notebook/PS_20174392719_1491204439457_log.csv) from GitHub. 
+
+Upload the CSV file to an object storage of your choice such as AWS S3. For experimentation you can install localstack to your cluster instead of using a cloud service:
+
+1. Define variables for access key and secret key
+      ```bash
+      export ACCESS_KEY="myaccesskey"
+      export SECRET_KEY="mysecretkey"
+      ```
+2. Install localstack to the currently active namespace and wait for it to be ready:
+      ```bash
+      helm repo add localstack-charts https://localstack.github.io/helm-charts
+      helm install localstack localstack-charts/localstack \
+       --version 0.4.3 \
+       --set image.tag="1.2.0" \
+       --set startServices="s3" \
+       --set service.type=ClusterIP \
+       --set livenessProbe.initialDelaySeconds=25
+      kubectl wait --for=condition=ready --all pod -n fybrik-notebook-sample --timeout=120s
+      ```
+
+3. Create a port-forward to communicate with localstack server:
+      ```bash
+      kubectl port-forward svc/localstack 4566:4566 &
+      ```
+4. Use [AWS CLI](https://aws.amazon.com/cli/) to upload the dataset to a new created bucket in the localstack server (make sure to replace /path/to/PS... with the directory you downloaded the data set to):
+      ```bash
+      export ENDPOINT="http://127.0.0.1:4566"
+      export BUCKET="demo"
+      export OBJECT_KEY="PS_20174392719_1491204439457_log.csv"
+      export FILEPATH="/path/to/PS_20174392719_1491204439457_log.csv"
+      export REGION=theshire
+      aws configure set aws_access_key_id ${ACCESS_KEY} && aws configure set aws_secret_access_key ${SECRET_KEY}
+      aws configure set region ${REGION}
+      aws --endpoint-url=${ENDPOINT} s3api create-bucket --bucket ${BUCKET} --region ${REGION} --create-bucket-configuration LocationConstraint=${REGION}
+      aws --endpoint-url=${ENDPOINT} s3api put-object --bucket ${BUCKET} --key ${OBJECT_KEY} --body ${FILEPATH}
+      ```
+
+In this step you are performing the role of the data owner, registering his data in the data catalog and registering the credentials for accessing the data in the credential manager.
+
+We now explain how to register a dataset in the Katalog data catalog.
+
+Begin by registering the credentials required for accessing the dataset as a kubernetes secret. Replace the values for `access_key` and `secret_key` with the values from the object storage service that you used and run:
+
+    ```yaml
+    cat << EOF | kubectl apply -f -
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: paysim-csv
+    type: Opaque
+    stringData:
+      access_key: "${ACCESS_KEY}"
+      secret_key: "${SECRET_KEY}"
+    EOF
+    ```
+
+Next, register the data asset itself in the data catalog.
+We use port-forwarding to send asset creation requests to the Katalog connector.
+    ```bash
+    cat << EOF | kubectl apply -f -
+    apiVersion: katalog.fybrik.io/v1alpha1
+    kind: Asset
+    metadata:
+      name: paysim-csv
+    spec:
+      secretRef:
+        name: paysim-csv
+      details:
+        dataFormat: csv
+        connection:
+          name: s3
+          s3:
+            endpoint: "http://localstack.fybrik-notebook-sample.svc.cluster.local:4566"
+            bucket: "demo"
+            object_key: "PS_20174392719_1491204439457_log.csv"
+      metadata:
+        name: Synthetic Financial Datasets For Fraud Detection
+        geography: theshire
+        tags:
+          finance: true
+    EOF
+    ```
+
+### Define data access policy
+
+Acting as the data steward, define an [OpenPolicyAgent](https://www.openpolicyagent.org/). In this example we just access the data asset without redacting columns. Below is the policy (written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/#what-is-rego) language):
+
+```rego
+package dataapi.authz
+rule[{}] { true }
+```
+In this sample only the policy above is applied. Copy the policy to a file named `sample-policy.rego` and then run:
+
+```bash
+kubectl -n fybrik-system create configmap sample-policy --from-file=sample-policy.rego
+kubectl -n fybrik-system label configmap sample-policy openpolicyagent.org/policy=rego
+while [[ $(kubectl get cm sample-policy -n fybrik-system -o 'jsonpath={.metadata.annotations.openpolicyagent\.org/policy-status}') != '{"status":"ok"}' ]]; do echo "waiting for policy to be applied" && sleep 5; done
+```
+
+### Deploy a Fybrik application
+
+Create a `FybrikApplication` resource to register the notebook workload to the control plane of Fybrik. The value you place in the `dataSetID` field is your asset ID, as explained above. you can run the following to Create a `FybrikApplication` resource for this example:
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: app.fybrik.io/v1beta1
+kind: FybrikApplication
+metadata:
+  name: my-notebook
+  labels:
+    app: my-notebook
+spec:
+  selector:
+    workloadSelector:
+      matchLabels:
+        app: my-notebook
+  appInfo:
+    intent: Fraud Detection
+  data:
+    - dataSetID: "fybrik-notebook-sample/paysim-csv"
+      requirements:
+        interface: 
+          protocol: fybrik-go
+EOF
+```
+
+Run the following command to wait until the `FybrikApplication` is ready:
+
+```bash
+while [[ $(kubectl get fybrikapplication my-notebook -o 'jsonpath={.status.ready}') != "true" ]]; do echo "waiting for FybrikApplication" && sleep 5; done
+```
+
+### Access the data asset using the Go-module
+
+In your terminal, run the following command to print the endpoint to use for reading the data. It fetches the code from the `FybrikApplication` resource:
+
+```bash
+export ENDPOINT_SCHEME=$(kubectl get fybrikapplication my-notebook -o "jsonpath={.status.assetStates.fybrik-notebook-sample/paysim-csv.endpoint.fybrik-go.scheme}")
+export ENDPOINT_HOSTNAME=$(kubectl get fybrikapplication my-notebook -o "jsonpath={.status.assetStates.fybrik-notebook-sample/paysim-csv.endpoint.fybrik-go.hostname}")
+export ENDPOINT_PORT=$(kubectl get fybrikapplication my-notebook -o "jsonpath={.status.assetStates.fybrik-notebook-sample/paysim-csv.endpoint.fybrik-go.port}")
+export ASSET_NAME="fybrik-notebook-sample%%2Fpaysim-csv"
+printf "\n${ENDPOINT_SCHEME}://${ENDPOINT_HOSTNAME}:${ENDPOINT_PORT}/${ASSET_NAME}\n\n"
+```
+
+The next steps use the endpoint to read the data in a Kubernetes pod. 
+
+to first set up a basic pod run:
+
+```bash
+kubectl run mypod --image=docker.io/library/alpine:3.18 -i --tty -- sh
+```
+
+Now, in the shell of the pod that opened up, run the following (make sure to put in the ENDPOINT you printed):
+
+```bash
+apk --no-cache add curl util-linux && curl -L -o /tmp/data.csv ('ENTER ENDPOINT HERE') && column -s, -t < /tmp/data.csv
+```
+
+And you should be able to see the  data set.
+
+### Cleanup 
+
+When you're finished experimenting with a sample, you may clean up as follows:
+
+1. Stop ```kubectl port-forward``` processes (e.g., using ```pkill kubectl```)
+2. Delete the namespace created for this sample:
+
+```bash
+kubectl delete namespace fybrik-notebook-sample
+```
+
+3. Delete the policy created in the fybrik-system namespace:
+
+```bash
+NS="fybrik-system"; kubectl -n $NS get configmap | awk '/sample/{print $1}' | xargs  kubectl delete -n $NS configmap
+```
\ No newline at end of file
diff --git a/conf.sample.yaml b/conf.sample.yaml
new file mode 100644
index 0000000..305f51a
--- /dev/null
+++ b/conf.sample.yaml
@@ -0,0 +1,14 @@
+
+data:
+- name: "fybrik-notebook-sample/paysim-csv"
+  capability: read
+  format: "csv"
+  connection:
+    type: s3
+    s3:
+      endpoint_url: http://localstack.fybrik-notebook-sample.svc.cluster.local:4566
+      vault_credentials:
+        address: http://vault.fybrik-system:8200
+        authPath: /v1/auth/kubernetes/login
+        role: module
+        secretPath: /v1/kubernetes-secrets/paysim-csv?namespace=fybrik-notebook-sample
\ No newline at end of file
diff --git a/fybrikapplication.yaml b/fybrikapplication.yaml
new file mode 100644
index 0000000..d6d30b5
--- /dev/null
+++ b/fybrikapplication.yaml
@@ -0,0 +1,18 @@
+apiVersion: app.fybrik.io/v1beta1
+kind: FybrikApplication
+metadata:
+  name: my-notebook
+  labels:
+    app: my-notebook
+spec:
+  selector:
+    workloadSelector:
+      matchLabels:
+        app: my-notebook
+  appInfo:
+    intent: Fraud Detection
+  data:
+    - dataSetID: "fybrik-notebook-sample/paysim-csv"
+      requirements:
+        interface: 
+          protocol: fybrik-go
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..34e79e0
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,48 @@
+module main
+
+go 1.18
+
+require (
+	github.com/minio/minio-go/v7 v7.0.50
+	github.com/rs/zerolog v1.29.0
+	gopkg.in/yaml.v2 v2.4.0
+)
+
+require (
+	github.com/bytedance/sonic v1.8.0 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.9.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.11.2 // indirect
+	github.com/goccy/go-json v0.10.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/rogpeppe/go-internal v1.8.0 // indirect
+	github.com/rs/xid v1.4.0 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.9 // indirect
+	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
+	golang.org/x/crypto v0.6.0 // indirect
+	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..87c869a
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,129 @@
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
+github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
+github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
+github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
+github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
+github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
+github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
+github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
+github.com/minio/minio-go/v7 v7.0.50 h1:4IL4V8m/kI90ZL6GupCARZVrBv8/XrcKcJhaJ3iz68k=
+github.com/minio/minio-go/v7 v7.0.50/go.mod h1:IbbodHyjUAguneyucUaahv+VMNs/EOTV9du7A7/Z3HU=
+github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
+github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
+github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY=
+github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.29.0 h1:Zes4hju04hjbvkVkOhdl2HpZa+0PmVwigmo8XoORE5w=
+github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.9 h1:rmenucSohSTiyL09Y+l2OCk+FrMxGMzho2+tjr5ticU=
+github.com/ugorji/go/codec v1.2.9/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
new file mode 100644
index 0000000..04c9aca
--- /dev/null
+++ b/helm/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for installing go-module in Kubernetes
+name: go-module-chart
+version: "0.0.0"
diff --git a/helm/files/conf.yaml b/helm/files/conf.yaml
new file mode 100644
index 0000000..fa5bb11
--- /dev/null
+++ b/helm/files/conf.yaml
@@ -0,0 +1,39 @@
+{{ if .Values.assets -}}
+data:
+{{- range $asset := .Values.assets }}
+  - name: {{ $asset.assetID | quote }}
+    capability: {{ $asset.capability }}
+    {{- if and (.args) (eq (len .args) 1) -}}
+    {{- with (index .args 0) }}
+    format: {{ .format | quote }}
+    {{- if index . "connection" "s3" }}
+    connection:
+      type: s3
+      s3:
+        bucket: {{ .connection.s3.bucket }}
+        object_key: {{ .connection.s3.object_key }}
+        endpoint_url: {{trimPrefix "http://" .connection.s3.endpoint}}
+        {{- range $k, $v := .vault }}
+        {{- if or (eq $k "read") (eq $k "write") }}
+        vault_credentials:
+          {{- if $v.address }}
+          address: {{ $v.address }}
+          {{- end }}
+          {{- if $v.authPath }}
+          authPath: {{ $v.authPath }}
+          {{- end }}
+          {{- if $v.role }}
+          role: {{ $v.role }}
+          {{- end }}
+          {{- if $v.secretPath }}
+          secretPath: {{ $v.secretPath }}
+          {{- end }}
+        {{- end }}
+        {{- end }}
+    {{- end }}
+    {{- end }}
+    {{- end }}
+{{- end -}}
+{{- else -}}
+data: []
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
new file mode 100644
index 0000000..4cd930d
--- /dev/null
+++ b/helm/templates/_helpers.tpl
@@ -0,0 +1,64 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "go-module-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "go-module-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "go-module-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+processPodSecurityContext skips certain keys in Values.podSecurityContext
+map if running on openshift.
+*/}}
+{{- define "fybrik.processPodSecurityContext" }}
+{{- $podSecurityContext := deepCopy .podSecurityContext }}
+{{- if .context.Capabilities.APIVersions.Has "security.openshift.io/v1" }}
+  {{- range $k, $v := .podSecurityContext }}
+    {{- if or (eq $k "runAsUser") (eq $k "seccompProfile") }}
+      {{- $_ := unset $podSecurityContext $k }}
+    {{- end }}
+   {{- end }}
+{{- end }}
+{{- $podSecurityContext | toYaml }}
+{{- end }}
+
+{{/*
+Print Data directory.
+*/}}
+{{- define "fybrik.getDataDir" -}}
+/data
+{{- end }}
+
+{{/*
+Print sub directory in /data directory. The sub directory is
+passed as parameter to the function.
+*/}}
+{{- define "fybrik.getDataSubdir" -}}
+{{- $dir := toString (first .) -}}
+{{- printf "%s/%s" (include "fybrik.getDataDir" .) $dir }}
+{{- end }}
\ No newline at end of file
diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
new file mode 100644
index 0000000..768c98a
--- /dev/null
+++ b/helm/templates/configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "go-module-server.fullname" . }}
+data:
+  conf.yaml: |- 
+{{- if .Values.config_override }}
+{{ .Values.config_override  | indent 4}}
+{{- else }}
+{{ tpl ( .Files.Get "files/conf.yaml" ) . | indent 4 }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
new file mode 100644
index 0000000..f11ab96
--- /dev/null
+++ b/helm/templates/deployment.yaml
@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "go-module-server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "go-module-server.name" . }}
+    helm.sh/chart: {{ include "go-module-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "go-module-server.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "go-module-server.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- range $key, $val := .Values.labels }}
+        {{ $key }}: {{ $val | quote }}
+        {{- end }}    
+      annotations:
+        sidecar.istio.io/inject: "true"
+    spec:
+      serviceAccountName: {{ include "go-module-server.fullname" . }}
+      securityContext:
+        {{- include "fybrik.processPodSecurityContext" (dict "context" . "podSecurityContext" .Values.podSecurityContext) | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          {{- if .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- end }}
+          ports:
+            - name: grpc
+              containerPort: 8080
+              protocol: TCP
+          securityContext:
+          {{- .Values.containerSecurityContext | toYaml | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            - name: DATA_DIR
+              value: {{ include "fybrik.getDataDir" . }}
+            - name: MIN_TLS_VERSION
+              value:  {{ .Values.tls.minVersion }}
+          volumeMounts:
+            - name: data
+              mountPath: {{ include "fybrik.getDataDir" . }}
+            - readOnly: true
+              mountPath: /etc/conf
+              name: config
+            {{- if .Values.tls.certs.certSecretName }}
+            - mountPath: {{ include "fybrik.getDataSubdir" ( tuple "tls-cert" ) }}
+              name: tls-cert
+              readOnly: true
+            {{- end }}
+            {{- if .Values.tls.certs.cacertSecretName }}
+            - mountPath: {{ include "fybrik.getDataSubdir" ( tuple "tls-cacert" ) }}
+              name: tls-cacert
+              readOnly: true
+            {{- end }}
+      volumes:
+        - name: data
+          emptyDir:
+            sizeLimit: {{ .Values.dataDirSizeLimit }}
+        - name: config
+          configMap:
+            name: {{ include "go-module-server.fullname" . }}
+        {{- if .Values.tls.certs.certSecretName }}
+        - name: tls-cert
+          secret:
+            defaultMode: 420
+            secretName: {{ .Values.tls.certs.certSecretName }}
+        {{- end }}
+        {{- if .Values.tls.certs.cacertSecretName }}
+        - name: tls-cacert
+          secret:
+            defaultMode: 420
+            secretName: {{ .Values.tls.certs.cacertSecretName }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
\ No newline at end of file
diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml
new file mode 100644
index 0000000..4d4d6ee
--- /dev/null
+++ b/helm/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app.kubernetes.io/name: {{ include "go-module-server.name" . }}
+    helm.sh/chart: {{ include "go-module-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: 8080
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "go-module-server.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
new file mode 100644
index 0000000..ff7e781
--- /dev/null
+++ b/helm/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "go-module-server.fullname" . }}
+{{- if .Values.image.pullSecret }}
+imagePullSecrets: 
+  - name: {{ .Values.image.pullSecret }}
+{{- end }}
\ No newline at end of file
diff --git a/helm/values.yaml b/helm/values.yaml
new file mode 100644
index 0000000..160b274
--- /dev/null
+++ b/helm/values.yaml
@@ -0,0 +1,78 @@
+# Default values for arrow-flight-module.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: ghcr.io/aradhalevy/go-module
+  tag: master
+  pullPolicy: Always
+  pullSecret: null
+
+# Set the size limit of the data directory.
+dataDirSizeLimit: 200Mi
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 80
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+# Pod Security Context.
+# ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
+podSecurityContext:
+  runAsNonRoot: true
+  # Ignored on openshift.
+  runAsUser: 10001
+  # Ignored on openshift.
+  seccompProfile:
+    type: RuntimeDefault
+# Container Security Context.
+# ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
+containerSecurityContext:
+  privileged: false
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+tls:
+  # Relavent if TLS is used between vault and the module.
+  # MinVersion contains the minimum TLS version that is acceptable.
+  # If not provided, the system default value is used.
+  # Possible values are SSL-3, TLS-1, TLS-1.1, TLS-1.2 and TLS-1.3.
+  # ref: https://docs.python.org/3/library/ssl.html#ssl.TLSVersion.MINIMUM_SUPPORTED
+  minVersion: TLS-1.3
+  certs:
+    # Name of kubernetes secret that holds the module certificate.
+    # The secret should be of `kubernetes.io/tls` type.
+    # certSecretName: "test-tls-module-certs"
+    certSecretName: ""
+    # Name of kubernetes secret that holds the certificate authority (CA) certificates
+    # which are used by the module to validate the connection to vault.
+    # The CA certificates key in the secret should have `.crt` suffix.
+    # The provided certificates replaces the certificates in the system CA certificate store.
+    # If the secret is not provided then the CA certificates are taken from the system
+    # CA certificate store, for example `/etc/ssl/certs/`.
+    # cacertSecretName: "test-tls-ca-certs"
+    cacertSecretName: ""
\ No newline at end of file
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..c580fc6
--- /dev/null
+++ b/main.go
@@ -0,0 +1,218 @@
+package main
+
+import (
+	"errors"
+	"context"
+	"log"
+	"io"
+	"net/http"
+	"encoding/json"
+	"os"
+	"fmt"
+	"strings"
+
+	"gopkg.in/yaml.v2"
+	"github.com/rs/zerolog"
+
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/gin-gonic/gin"
+)
+
+type VaultClient struct {
+	Address     string
+	AuthPath    string
+	Role        string
+	JwtFilePath string
+	Logger      *zerolog.Logger
+}
+
+type ConfValues struct {
+	Data []struct {
+		Name       string `yaml:"name"`
+		Capability string `yaml:"capability"`
+		Format     string `yaml:"format"`
+		Connection struct {
+			Type string `yaml:"type"`
+			S3   struct {
+				Bucket    string `yaml:"bucket"`
+				ObjectKey string `yaml:"object_key"`
+				EndpointURL      string `yaml:"endpoint_url"`
+				VaultCredentials struct {
+					Address    string `yaml:"address"`
+					AuthPath   string `yaml:"authPath"`
+					Role       string `yaml:"role"`
+					SecretPath string `yaml:"secretPath"`
+				} `yaml:"vault_credentials"`
+			} `yaml:"s3"`
+			
+		} `yaml:"connection"`
+		Transformations string `yaml:"transformations"`
+	} `yaml:"data"`
+}
+
+var confValues ConfValues
+
+func (v *VaultClient) GetToken() (string, error) {
+	jwt, err := os.ReadFile(v.JwtFilePath)
+	if err != nil {
+		v.Logger.Error().Msg("Failed to read JWT file")
+		return "", err
+	}
+
+	j := make(map[string]string)
+	j["jwt"] = string(jwt)
+	j["role"] = v.Role
+
+	fullAuthPath := v.Address + v.AuthPath
+	jsonStr, err := json.Marshal(j)
+	if err != nil {
+		v.Logger.Error().Msg("Failed to transform map to JSON string")
+		return "", err
+	}
+
+	requestBody := strings.NewReader(string(jsonStr))
+	resp, _ := http.Post(fullAuthPath, "encoding/json", requestBody) //nolint
+	responseBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		v.Logger.Error().Msg("Failed to get token from vault")
+		return "", err
+	}
+
+	responseMap := make(map[string]interface{})
+	err = json.Unmarshal(responseBody, &responseMap)
+	if err != nil {
+		v.Logger.Error().Msg("malformed response from vault")
+		return "", err
+	}
+
+	var token string
+	if value, ok := responseMap["auth"]; ok {
+		token = value.(map[string]interface{})["client_token"].(string)
+		v.Logger.Info().Msg("Successfully obtained token from Vault")
+		return token, nil
+	}
+	const MalformedVaultResponseMessage = "Malformed response from vault"
+	v.Logger.Error().Msg(MalformedVaultResponseMessage)
+	return "", errors.New(MalformedVaultResponseMessage)
+}
+
+func (v *VaultClient) GetSecret(token, secretPath string) ([]byte, error) {
+	req, err := http.NewRequestWithContext(context.Background(), "GET", v.Address+secretPath, http.NoBody)
+	if err != nil {
+		v.Logger.Error().Msg("Failed to prepare Vault secret request")
+		return nil, err
+	}
+
+	req.Header.Set("X-Vault-Token", token)
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil || resp.StatusCode != http.StatusOK {
+		v.Logger.Error().Msg("Failed to obtain secret from Vault")
+		return nil, err
+	}
+	defer resp.Body.Close()
+	responseBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		v.Logger.Error().Msg("Failed to read Vault secret")
+		return nil, err
+	}
+
+	v.Logger.Info().Msg("Successfully read Vault secret")
+	return responseBody, nil
+}
+
+
+
+func (v *VaultClient) ExtractS3CredentialsFromSecret(secret []byte) (string, string, error) {
+	secretMap := make(map[string]interface{})
+	err := json.Unmarshal(secret, &secretMap)
+	if err != nil {
+		v.Logger.Error().Msg("Malformed secret response from vault")
+		return "", "", err
+	}
+
+	if value, ok := secretMap["data"]; ok {
+		data := value.(map[string]interface{})
+		v.Logger.Info().Msg("Successfully extracted S3 credentials from Vault secret")
+		return data["access_key"].(string), data["secret_key"].(string), nil
+	}
+	const FailedToExtractS3CredentialsFromVaultSecret = "Failed to extract S3 credentials from Vault secret"
+	v.Logger.Error().Msg(FailedToExtractS3CredentialsFromVaultSecret)
+	return "", "", errors.New(FailedToExtractS3CredentialsFromVaultSecret)
+}
+
+func setupRouter() *gin.Engine {
+	router := gin.Default()
+	router.UseRawPath=true 
+	router.GET(":key", GetDataAsset)
+	return router
+}
+
+func GetDataAsset(c *gin.Context) {
+	key := c.Param("key")
+	found:= false
+	for _, data := range confValues.Data {
+		if data.Name != key {
+			continue
+		}
+		found = true
+		client := VaultClient{
+			Address:     data.Connection.S3.VaultCredentials.Address,
+			AuthPath:    data.Connection.S3.VaultCredentials.AuthPath,
+			Role:        data.Connection.S3.VaultCredentials.Role,
+			JwtFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token",
+			Logger:      &zerolog.Logger{},
+		}
+		token, err := client.GetToken()
+		if err != nil {
+			client.Logger.Err(err).Msg("Failed to get token from vault")
+		}
+		secret, err := client.GetSecret(token, data.Connection.S3.VaultCredentials.SecretPath)
+		if err != nil {
+			client.Logger.Err(err).Msg("Failed to get secret from vault")
+		}
+		accessKey, secretKey, err := client.ExtractS3CredentialsFromSecret(secret)
+		if err != nil {
+			client.Logger.Err(err).Msg("Failed to extract S3 credentials from Vault secret")
+		}
+		useSSL := false
+		endpoint :=  data.Connection.S3.EndpointURL
+		minioClient, err := minio.New(endpoint, &minio.Options{
+			Creds:  credentials.NewStaticV4(accessKey, secretKey, ""),
+			Secure: useSSL,
+		})
+		if err != nil {
+			client.Logger.Err(err).Msg("Failed to connect to S3 using Minio client")
+		}
+		localFile := "./tmp/" + data.Connection.S3.ObjectKey
+		if err := minioClient.FGetObject(context.Background(), data.Connection.S3.Bucket, data.Connection.S3.ObjectKey,
+			localFile, minio.GetObjectOptions{}); err != nil {
+			client.Logger.Err(err).Msg("Failed to fetch object from S3")
+		}
+		c.File(localFile)
+		return
+	}
+	if found == false {
+		var NotFound string = "Data asset: " + key + " not found"
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": NotFound,
+		})
+	}
+}
+
+func main() {
+	confYamlFile, err := os.ReadFile("./etc/conf/conf.yaml")
+	if err != nil {
+		log.Fatalf("error reading YAML file: %v", err)
+	}
+	err = yaml.Unmarshal(confYamlFile,&confValues)
+	if err != nil {
+		log.Fatalf("error unmarshaling YAML data: %v", err)
+	}
+	router := setupRouter()
+	err = router.Run(":8080")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
\ No newline at end of file
diff --git a/module.yaml b/module.yaml
new file mode 100644
index 0000000..e809c4e
--- /dev/null
+++ b/module.yaml
@@ -0,0 +1,32 @@
+apiVersion: app.fybrik.io/v1beta1
+kind: FybrikModule
+metadata:
+  name: go-module-server
+  labels:
+    name: go-module-server
+    version: latest # semantic version
+spec:
+  type: service
+  chart:
+    name: ghcr.io/aradhalevy/go-module-chart:0.0.0
+    values:
+      image.tag: master
+  capabilities:
+    - capability: read
+      scope: workload
+      api:
+        connection:
+          name: fybrik-go
+          fybrik-go:
+            hostname: "{{ .Release.Name }}.{{ .Release.Namespace }}"
+            port: 80
+            scheme: http
+      supportedInterfaces:
+        - source:
+            protocol: s3
+            dataformat: parquet
+        - source:
+            protocol: s3
+            dataformat: csv
+        - source:
+            protocol: fybrik-go
\ No newline at end of file

From 1f3bd41b2be48940b9731a26b56cae7b1a71de0a Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Thu, 11 May 2023 00:08:28 +0300
Subject: [PATCH 2/9] added white spaces at the end of the files so Alexey
 won't be mad at me

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 Dockerfile                         | 2 +-
 conf.sample.yaml                   | 2 +-
 fybrikapplication.yaml             | 2 +-
 helm/files/conf.yaml               | 2 +-
 helm/templates/_helpers.tpl        | 2 +-
 helm/templates/configmap.yaml      | 2 +-
 helm/templates/deployment.yaml     | 2 +-
 helm/templates/serviceaccount.yaml | 2 +-
 helm/values.yaml                   | 2 +-
 main.go                            | 2 +-
 module.yaml                        | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e2d3bee..f28ff5d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,4 +13,4 @@ EXPOSE 8080
 
 RUN go build -o go-module-server main.go
 
-CMD [ "/go-module-server" ]
\ No newline at end of file
+CMD [ "/go-module-server" ]
diff --git a/conf.sample.yaml b/conf.sample.yaml
index 305f51a..82f5514 100644
--- a/conf.sample.yaml
+++ b/conf.sample.yaml
@@ -11,4 +11,4 @@ data:
         address: http://vault.fybrik-system:8200
         authPath: /v1/auth/kubernetes/login
         role: module
-        secretPath: /v1/kubernetes-secrets/paysim-csv?namespace=fybrik-notebook-sample
\ No newline at end of file
+        secretPath: /v1/kubernetes-secrets/paysim-csv?namespace=fybrik-notebook-sample
diff --git a/fybrikapplication.yaml b/fybrikapplication.yaml
index d6d30b5..3c9b49d 100644
--- a/fybrikapplication.yaml
+++ b/fybrikapplication.yaml
@@ -15,4 +15,4 @@ spec:
     - dataSetID: "fybrik-notebook-sample/paysim-csv"
       requirements:
         interface: 
-          protocol: fybrik-go
\ No newline at end of file
+          protocol: fybrik-go
diff --git a/helm/files/conf.yaml b/helm/files/conf.yaml
index fa5bb11..065d6c8 100644
--- a/helm/files/conf.yaml
+++ b/helm/files/conf.yaml
@@ -36,4 +36,4 @@ data:
 {{- end -}}
 {{- else -}}
 data: []
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 4cd930d..cea354f 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -61,4 +61,4 @@ passed as parameter to the function.
 {{- define "fybrik.getDataSubdir" -}}
 {{- $dir := toString (first .) -}}
 {{- printf "%s/%s" (include "fybrik.getDataDir" .) $dir }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
index 768c98a..a65cae2 100644
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@@ -8,4 +8,4 @@ data:
 {{ .Values.config_override  | indent 4}}
 {{- else }}
 {{ tpl ( .Files.Get "files/conf.yaml" ) . | indent 4 }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index f11ab96..322b868 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -92,4 +92,4 @@ spec:
     {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-    {{- end }}
\ No newline at end of file
+    {{- end }}
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
index ff7e781..ff0c473 100644
--- a/helm/templates/serviceaccount.yaml
+++ b/helm/templates/serviceaccount.yaml
@@ -5,4 +5,4 @@ metadata:
 {{- if .Values.image.pullSecret }}
 imagePullSecrets: 
   - name: {{ .Values.image.pullSecret }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 160b274..038bf1f 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -75,4 +75,4 @@ tls:
     # If the secret is not provided then the CA certificates are taken from the system
     # CA certificate store, for example `/etc/ssl/certs/`.
     # cacertSecretName: "test-tls-ca-certs"
-    cacertSecretName: ""
\ No newline at end of file
+    cacertSecretName: ""
diff --git a/main.go b/main.go
index c580fc6..d652e36 100644
--- a/main.go
+++ b/main.go
@@ -215,4 +215,4 @@ func main() {
 	if err != nil {
 		fmt.Println(err)
 	}
-}
\ No newline at end of file
+}
diff --git a/module.yaml b/module.yaml
index e809c4e..a8d6971 100644
--- a/module.yaml
+++ b/module.yaml
@@ -29,4 +29,4 @@ spec:
             protocol: s3
             dataformat: csv
         - source:
-            protocol: fybrik-go
\ No newline at end of file
+            protocol: fybrik-go

From 671df30d87630d575b0474e41eaa00e48688b630 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Thu, 11 May 2023 11:03:18 +0300
Subject: [PATCH 3/9] some fixes to formatting in readme

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 README.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 407a792..91a3072 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ To install the module, download the `module.yaml` from the repository and run:
 kubectl apply -f module.yaml -n fybrik-system
 ```
 
-### Register a data asset
+### Prepare a data asset and register it in a data catalog
 
 First, you should create a new Kubernetes namespace and set it as the active namespace: 
 
@@ -35,8 +35,6 @@ kubectl create namespace fybrik-notebook-sample
 kubectl config set-context --current --namespace=fybrik-notebook-sample
 ```
 
-### Prepare a data asset and register it in a data catalog
-
 This example uses a sample of 100 lines of the [Synthetic Financial Datasets For Fraud Detection](https://www.kaggle.com/ealaxi/paysim1) dataset. Download [`PS_20174392719_1491204439457_log.csv`](https://raw.githubusercontent.com/fybrik/fybrik/master/samples/notebook/PS_20174392719_1491204439457_log.csv) from GitHub. 
 
 Upload the CSV file to an object storage of your choice such as AWS S3. For experimentation you can install localstack to your cluster instead of using a cloud service:
@@ -80,8 +78,7 @@ In this step you are performing the role of the data owner, registering his data
 We now explain how to register a dataset in the Katalog data catalog.
 
 Begin by registering the credentials required for accessing the dataset as a kubernetes secret. Replace the values for `access_key` and `secret_key` with the values from the object storage service that you used and run:
-
-    ```yaml
+    ```bash
     cat << EOF | kubectl apply -f -
     apiVersion: v1
     kind: Secret
@@ -96,6 +93,7 @@ Begin by registering the credentials required for accessing the dataset as a kub
 
 Next, register the data asset itself in the data catalog.
 We use port-forwarding to send asset creation requests to the Katalog connector.
+
     ```bash
     cat << EOF | kubectl apply -f -
     apiVersion: katalog.fybrik.io/v1alpha1

From c12152cfa922f7f9eafedc48d79fc4a0ae8279c1 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Thu, 11 May 2023 11:15:43 +0300
Subject: [PATCH 4/9] some more fixes to formatting in readme

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 README.md | 73 ++++++++++++++++++++++++++++---------------------------
 1 file changed, 37 insertions(+), 36 deletions(-)

diff --git a/README.md b/README.md
index 91a3072..ccc4ded 100644
--- a/README.md
+++ b/README.md
@@ -78,46 +78,47 @@ In this step you are performing the role of the data owner, registering his data
 We now explain how to register a dataset in the Katalog data catalog.
 
 Begin by registering the credentials required for accessing the dataset as a kubernetes secret. Replace the values for `access_key` and `secret_key` with the values from the object storage service that you used and run:
-    ```bash
-    cat << EOF | kubectl apply -f -
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: paysim-csv
-    type: Opaque
-    stringData:
-      access_key: "${ACCESS_KEY}"
-      secret_key: "${SECRET_KEY}"
-    EOF
-    ```
+
+```bash
+cat << EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+    name: paysim-csv
+type: Opaque
+stringData:
+    access_key: "${ACCESS_KEY}"
+    secret_key: "${SECRET_KEY}"
+EOF
+```
 
 Next, register the data asset itself in the data catalog.
 We use port-forwarding to send asset creation requests to the Katalog connector.
 
-    ```bash
-    cat << EOF | kubectl apply -f -
-    apiVersion: katalog.fybrik.io/v1alpha1
-    kind: Asset
-    metadata:
-      name: paysim-csv
-    spec:
-      secretRef:
-        name: paysim-csv
-      details:
-        dataFormat: csv
-        connection:
-          name: s3
-          s3:
-            endpoint: "http://localstack.fybrik-notebook-sample.svc.cluster.local:4566"
-            bucket: "demo"
-            object_key: "PS_20174392719_1491204439457_log.csv"
-      metadata:
-        name: Synthetic Financial Datasets For Fraud Detection
-        geography: theshire
-        tags:
-          finance: true
-    EOF
-    ```
+```bash
+cat << EOF | kubectl apply -f -
+apiVersion: katalog.fybrik.io/v1alpha1
+kind: Asset
+metadata:
+  name: paysim-csv
+spec:
+  secretRef: 
+    name: paysim-csv
+  details:
+    dataFormat: csv
+    connection:
+      name: s3
+      s3:
+        endpoint: "http://localstack.fybrik-notebook-sample.svc.cluster.local:4566"
+        bucket: "demo"
+        object_key: "PS_20174392719_1491204439457_log.csv"
+  metadata:
+    name: Synthetic Financial Datasets For Fraud Detection
+    geography: theshire 
+    tags:
+      finance: true
+EOF
+```
 
 ### Define data access policy
 

From b5e87a04a89ccbd1e22e21bd76994d69aca023b6 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Tue, 16 May 2023 10:36:45 +0300
Subject: [PATCH 5/9] adressed review comments, mainly took down unrelevant
 makefile targets, and fixed some ReadMe issues

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 Makefile                       | 14 --------------
 README.md                      | 25 ++++---------------------
 helm/templates/deployment.yaml |  2 +-
 3 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/Makefile b/Makefile
index c817325..a55f4a2 100644
--- a/Makefile
+++ b/Makefile
@@ -9,10 +9,6 @@ CHART_NAME ?= go-module-chart
 HELM_RELEASE ?= rel1-${DOCKER_NAME}
 HELM_TAG ?= 0.0.0
 
-FYBRIKAPPLICATION_NAME ?= my-notebook
-FYBRIKAPPLICATION_YAML ?= fybrikapplication.yaml
-FYBRIK_NAMESPACE ?= fybrik-notebook-sample
-
 
 IMG := ${DOCKER_HOSTNAME}/${DOCKER_NAMESPACE}/${DOCKER_NAME}:${DOCKER_TAG}
 
@@ -50,13 +46,3 @@ docker-build:
 docker-push: docker-build
 	docker push ${IMG}
 
-.PHONY: run-fybrikapp 
-run-fybrikapp:
-	-kubectl delete fybrikapplication ${FYBRIKAPPLICATION_NAME} -n ${FYBRIK_NAMESPACE}
-	kubectl apply -f ${FYBRIKAPPLICATION_YAML} -n ${FYBRIK_NAMESPACE}
-
-.PHONY: module-logs 
-module-logs :
-	FIRST_POD=$$(kubectl get pods -n fybrik-blueprints -o jsonpath='{.items[0].metadata.name}'); \
-	kubectl logs  $$FIRST_POD -n fybrik-blueprints;
-
diff --git a/README.md b/README.md
index 91a3072..de3c141 100644
--- a/README.md
+++ b/README.md
@@ -9,9 +9,8 @@ To see the Go module for Fybrik in action, you need to take these steps:
 1. Install Fybrik
 2. Register the Go-module to Fybrik
 3. Prepare a data asset and register it in a data catalog
-4. Define data access policy
-5. Deploy a Fybrik application
-6. Access the data asset using the Go-module 
+4. Deploy a Fybrik application
+5. Access the data asset using the Go-module 
 
 ### Install fybrik
 Install Fybrik v1.3 using the [Quick Start](https://fybrik.io/v1.3/get-started/quickstart/), without the section of `Install modules`, and make sure to install Fybrik with Katalog as the data catalog.
@@ -20,10 +19,10 @@ Install Fybrik v1.3 using the [Quick Start](https://fybrik.io/v1.3/get-started/q
 
 To register The Go-module as a Fybrik module apply `module.yaml` to the fybrik-system namespace of your cluster.
 
-To install the module, download the `module.yaml` from the repository and run:
+To install the module:
 
 ```bash
-kubectl apply -f module.yaml -n fybrik-system
+kubectl apply -f https://raw.githubusercontent.com/aradhalevy/go-module/go-module-setup/module.yaml -n fybrik-system
 ```
 
 ### Prepare a data asset and register it in a data catalog
@@ -119,22 +118,6 @@ We use port-forwarding to send asset creation requests to the Katalog connector.
     EOF
     ```
 
-### Define data access policy
-
-Acting as the data steward, define an [OpenPolicyAgent](https://www.openpolicyagent.org/). In this example we just access the data asset without redacting columns. Below is the policy (written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/#what-is-rego) language):
-
-```rego
-package dataapi.authz
-rule[{}] { true }
-```
-In this sample only the policy above is applied. Copy the policy to a file named `sample-policy.rego` and then run:
-
-```bash
-kubectl -n fybrik-system create configmap sample-policy --from-file=sample-policy.rego
-kubectl -n fybrik-system label configmap sample-policy openpolicyagent.org/policy=rego
-while [[ $(kubectl get cm sample-policy -n fybrik-system -o 'jsonpath={.metadata.annotations.openpolicyagent\.org/policy-status}') != '{"status":"ok"}' ]]; do echo "waiting for policy to be applied" && sleep 5; done
-```
-
 ### Deploy a Fybrik application
 
 Create a `FybrikApplication` resource to register the notebook workload to the control plane of Fybrik. The value you place in the `dataSetID` field is your asset ID, as explained above. you can run the following to Create a `FybrikApplication` resource for this example:
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index 322b868..86d5bca 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- end }}
           ports:
-            - name: grpc
+            - name: http
               containerPort: 8080
               protocol: TCP
           securityContext:

From 28874e3afe5990e4468bead361fdf22868e0b1f4 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Wed, 17 May 2023 16:47:24 +0300
Subject: [PATCH 6/9] added values.sample.yaml for testing and changed ReadMe a
 bit according to review

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 README.md          |  1 +
 values.sample.yaml | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 values.sample.yaml

diff --git a/README.md b/README.md
index 31919f3..144a351 100644
--- a/README.md
+++ b/README.md
@@ -140,6 +140,7 @@ spec:
     intent: Fraud Detection
   data:
     - dataSetID: "fybrik-notebook-sample/paysim-csv"
+      flow: read
       requirements:
         interface: 
           protocol: fybrik-go
diff --git a/values.sample.yaml b/values.sample.yaml
new file mode 100644
index 0000000..dd97ff3
--- /dev/null
+++ b/values.sample.yaml
@@ -0,0 +1,21 @@
+labels:
+  app.fybrik.io/app-name: fybrik-flight-read
+uuid: 12345678
+assets:
+- args:
+  - connection:
+      name: s3
+      s3:
+        bucket: fybrik-test-bucket
+        endpoint: s3.eu-gb.cloud-object-storage.appdomain.cloud
+        object_key: test1.parquet
+    format: parquet
+    vault:
+      read:
+        address: http://vault.fybrik-system:8200
+        authPath: /v1/auth/kubernetes/login
+        role: module
+        secretPath: /v1/kubernetes-secrets/data-creds?namespace=fybrik-notebook-sample
+  assetID: "test1"
+  capability: read
+  
\ No newline at end of file

From ce2cde53ab6326ea553dff7f4d9127199529bbda Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Wed, 17 May 2023 16:51:21 +0300
Subject: [PATCH 7/9] white space at end of file

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 values.sample.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/values.sample.yaml b/values.sample.yaml
index dd97ff3..b0f8457 100644
--- a/values.sample.yaml
+++ b/values.sample.yaml
@@ -18,4 +18,3 @@ assets:
         secretPath: /v1/kubernetes-secrets/data-creds?namespace=fybrik-notebook-sample
   assetID: "test1"
   capability: read
-  
\ No newline at end of file

From 08482dcb7090ad4b9003e8d273dbda6b8e465f9e Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Wed, 17 May 2023 17:24:41 +0300
Subject: [PATCH 8/9] simplified the supported interface of the module yaml,
 added option to helm un/install in the makefile

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 Makefile    | 2 ++
 module.yaml | 7 +------
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index a55f4a2..dea3283 100644
--- a/Makefile
+++ b/Makefile
@@ -8,6 +8,8 @@ CHART_LOCAL_PATH ?= helm
 CHART_NAME ?= go-module-chart
 HELM_RELEASE ?= rel1-${DOCKER_NAME}
 HELM_TAG ?= 0.0.0
+HELM_VALUES ?= \
+	--set hello=world1
 
 
 IMG := ${DOCKER_HOSTNAME}/${DOCKER_NAMESPACE}/${DOCKER_NAME}:${DOCKER_TAG}
diff --git a/module.yaml b/module.yaml
index a8d6971..ae6690e 100644
--- a/module.yaml
+++ b/module.yaml
@@ -24,9 +24,4 @@ spec:
       supportedInterfaces:
         - source:
             protocol: s3
-            dataformat: parquet
-        - source:
-            protocol: s3
-            dataformat: csv
-        - source:
-            protocol: fybrik-go
+

From 325bad166c6ae3c2eef44547b0e325ae18550137 Mon Sep 17 00:00:00 2001
From: Arad Halevy <arad.halevy@ibm.com>
Date: Wed, 24 May 2023 13:48:52 +0300
Subject: [PATCH 9/9] removed the cleanup of policies because in this readme we
 dont use policies

Signed-off-by: Arad Halevy <arad.halevy@ibm.com>
---
 README.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/README.md b/README.md
index 144a351..0c3bfbf 100644
--- a/README.md
+++ b/README.md
@@ -191,9 +191,3 @@ When you're finished experimenting with a sample, you may clean up as follows:
 ```bash
 kubectl delete namespace fybrik-notebook-sample
 ```
-
-3. Delete the policy created in the fybrik-system namespace:
-
-```bash
-NS="fybrik-system"; kubectl -n $NS get configmap | awk '/sample/{print $1}' | xargs  kubectl delete -n $NS configmap
-```
\ No newline at end of file