[indy] Upgrade to 1.12.6 and support for Kubernetes 1.28+ (#2531)

Signed-off-by: Roy,Sownak <[email protected]>
hyperledger-bevel · Apr 3, 2024 · 2122220 · 2122220
1 parent 85c84e3
commit 2122220
Show file tree

Hide file tree

Showing 20 changed files with 68 additions and 120 deletions.
diff --git a/platforms/hyperledger-indy/charts/indy-node/Chart.yaml b/platforms/hyperledger-indy/charts/indy-node/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
 appVersion: "2.0"
 description: "hyperledger-indy: charts for indy-node StatefulSet"
 name: indy-node
-version: 1.0.0
+version: 1.0.1
diff --git a/platforms/hyperledger-indy/charts/indy-node/README.md b/platforms/hyperledger-indy/charts/indy-node/README.md
@@ -145,10 +145,6 @@ add_new_org: false
 | -------------------- | ---------------------------------------------| ------------- |
 | domainGenesis        | Provide the domain genesis                   | ""            |
 | poolGenesis          | Provide the pool genesis                     | ""            |
-
-
-
-### ambassador
 
 ### vault
 

diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml
@@ -7,10 +7,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ $.Values.metadata.name }}-config
-  namespace: {{ $.Values.metadata.namespace }}
+  name: {{ $.Values.node.name }}-config
+  namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ $.Values.metadata.name }}-config
+    app.kubernetes.io/name: {{ $.Values.node.name }}-config
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}

diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml
@@ -7,8 +7,8 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: "{{ $.Values.metadata.name }}"
-  namespace: "{{ $.Values.metadata.namespace }}"
+  name: "{{ $.Values.node.name }}"
+  namespace: {{ .Release.Namespace }}
 spec:
   type: {{ $.Values.service.type }}
   ports:
@@ -25,15 +25,15 @@ spec:
     nodePort: {{ $.Values.service.ports.clientTargetPort }}
     {{ end }}
   selector:
-    app: "{{ $.Values.metadata.name }}"
+    app: "{{ $.Values.node.name }}"
 
 {{- if eq $.Values.proxy.provider "ambassador" }}
 ---
 apiVersion: getambassador.io/v3alpha1
 kind: Listener
 metadata:
   name: "{{ .Values.node.name }}-node-listener"
-  namespace: {{ .Values.metadata.namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
   port: {{ .Values.node.ambassadorPort }}
   protocol: TCP
@@ -46,17 +46,17 @@ apiVersion: getambassador.io/v3alpha1
 kind: TCPMapping
 metadata:
   name: "{{ .Values.node.name }}-node-mapping"
-  namespace: {{ .Values.metadata.namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
   port: {{ .Values.node.ambassadorPort }}
-  service: "{{ .Values.node.name }}.{{ .Values.metadata.namespace }}:{{ .Values.node.targetPort }}"
+  service: "{{ .Values.node.name }}.{{ .Release.Namespace }}:{{ .Values.service.ports.nodeTargetPort }}"
 
 ---
 apiVersion: getambassador.io/v3alpha1
 kind: Listener
 metadata:
   name: "{{ .Values.node.name }}-client-listener"
-  namespace: {{ .Values.metadata.namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
   port: {{ .Values.client.ambassadorPort }}
   protocol: TCP
@@ -69,9 +69,9 @@ apiVersion: getambassador.io/v3alpha1
 kind: TCPMapping
 metadata:
   name: "{{ .Values.node.name }}-client-mapping"
-  namespace: {{ .Values.metadata.namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
   port: {{ .Values.client.ambassadorPort }}
-  service:  "{{ .Values.client.name }}.{{ .Values.metadata.namespace }}:{{ .Values.client.targetPort }}"
+  service:  "{{ .Values.node.name }}.{{ .Release.Namespace }}:{{ .Values.service.ports.clientTargetPort }}"
 {{- end }}
 
diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml
@@ -7,18 +7,18 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: "{{ $.Values.metadata.name }}"
-  namespace: "{{ $.Values.metadata.namespace }}"
+  name: "{{ $.Values.node.name }}"
+  namespace: {{ .Release.Namespace }}
 spec:
-  serviceName: "{{ $.Values.metadata.name }}"
+  serviceName: "{{ $.Values.node.name }}"
   replicas: 1
   selector:
     matchLabels:
-      app: "{{ $.Values.metadata.name }}"
+      app: "{{ $.Values.node.name }}"
   template:
     metadata:
       labels:
-        app: "{{ $.Values.metadata.name }}"
+        app: "{{ $.Values.node.name }}"
     spec:
       securityContext:
         fsGroup: 1000
@@ -233,7 +233,7 @@ spec:
               mountPath: /var/lib/indy/data
             - name: ebs-indy-node-keys
               mountPath: /var/lib/indy/keys
-            - name: {{ $.Values.metadata.name }}-config
+            - name: {{ $.Values.node.name }}-config
               mountPath: /etc/indy/indy_config.py
               subPath: indy_config.py
             - name: {{ $.Values.organization.name }}-domain-transactions-genesis
@@ -245,9 +245,9 @@ spec:
       imagePullSecrets:
         - name: "{{ $.Values.image.pullSecret }}"
       volumes:
-        - name: {{ $.Values.metadata.name }}-config
+        - name: {{ $.Values.node.name }}-config
           configMap:
-            name: {{ $.Values.metadata.name }}-config
+            name: {{ $.Values.node.name }}-config
         - name:  {{ $.Values.organization.name }}-domain-transactions-genesis
           configMap:
             name: {{ $.Values.organization.name }}-dtg

diff --git a/platforms/hyperledger-indy/charts/indy-node/values.yaml b/platforms/hyperledger-indy/charts/indy-node/values.yaml
@@ -13,10 +13,6 @@ metadata:
   #Eg. namespace: bevel
   namespace:
 
-  #Provide the name for indy-node release
-  #Eg. name: indy-node
-  name:
-
 #Provide the number of indy-node replicas
 #Eg. replicas: 1
 replicas:
@@ -130,22 +126,6 @@ configmap:
   #Provide the pool genesis
   poolGenesis:
 
-#Provide annotations for ambassador service configuration
-#Only use HTTPS as HTTP and HTTPS don't work together ( https://github.com/datawire/ambassador/issues/1000 )
-#Eg.
-#  annotations: |-
-#      apiVersion: ambassador/v2
-#      kind: TCPMapping
-#      name: indy-node-node-mapping
-#      port: 9711
-#      service: custodian-blockchain-indy:9712
-#      apiVersion: ambassador/v2
-#      kind: TCPMapping
-#      name: indy-node-client-mapping
-#      port: 9712
-#      service: custodian-blockchain-indy:9712
-ambassador:
-
 vault:
   #Provide the vault server address
   #Eg. address: http://54.226.163.39:8200

diff --git a/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml
@@ -27,7 +27,7 @@
     service_account: "{{ component_name }}"
     role: "ro"
   shell: |
-    secret="$(KUBECONFIG={{ kubernetes.config_file }} kubectl get serviceaccount {{ service_account }} -n {{ component_ns }} -o go-template={% raw %}'{{ (index .secrets 0).name }}'{% endraw %})"
+    secret="{{ service_account }}-token"
     kube_token="$(KUBECONFIG={{ kubernetes.config_file }} kubectl get secret ${secret} -n {{ component_ns }} -o go-template={% raw %}'{{ .data.token }}'{% endraw %} | base64 -d)"
     vault_token=$(curl --request POST --data '{"jwt": "'"$kube_token"'", "role": "{{ role }}"}' {{ vault.url }}/v1/auth/kubernetes-{{ organization }}-bevel-ac-auth/login | jq -j '.auth.client_token')
     echo ${vault_token}

diff --git a/...rms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl b/...rms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl
@@ -3,3 +3,12 @@ kind: ServiceAccount
 metadata:
   name: {{ component_name }}
   namespace: {{ component_namespace }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: {{ component_name }}-token
+  namespace: {{ component_namespace }}
+  annotations:
+    kubernetes.io/service-account.name: "{{ component_name }}"
diff --git a/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml b/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml
@@ -14,7 +14,7 @@ network:
   # Network level configuration specifies the attributes required for each organization
   # to join an existing network.
   type: indy
-  version: 1.11.0                         # Supported versions 1.11.0 and 1.12.1
+  version: 1.12.1                         # Supported versions 1.11.0 and 1.12.1
 
   #Environment section for Kubernetes setup
   env:
@@ -65,7 +65,8 @@ network:
         region: "region"                        # AWS region
 
       publicIps: ["1.1.1.1", "2.2.2.2"]          # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster
-
+      azure:
+        node_resource_group: "MC_myResourceGroup_myCluster_westeurope"
       # Kubernetes cluster deployment variables. The config file path has to be provided in case
       # the cluster has already been created.
       k8s:
@@ -118,7 +119,8 @@ network:
         region: "region"                        # AWS region
 
       publicIps: ["192.168.99.173"]             # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster
-
+      azure:
+        node_resource_group: "MC_myResourceGroup_myCluster_westeurope"
       # Kubernetes cluster deployment variables. The config file path has to be provided in case
       # the cluster has already been created.
       k8s:

diff --git a/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml b/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml
@@ -16,7 +16,7 @@ network:
   # Network level configuration specifies the attributes required for each organization
   # to join an existing network.
   type: indy
-  version: 1.11.0                         # Supported versions 1.11.0 and 1.12.1
+  version: 1.12.1                         # Supported versions 1.11.0 and 1.12.1
 
   #Environment section for Kubernetes setup
   env:
@@ -67,7 +67,8 @@ network:
         region: "region"                        # AWS region
 
       publicIps: ["1.1.1.1", "2.2.2.2"]        # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster
-
+      azure:
+        node_resource_group: "MC_myResourceGroup_myCluster_westeurope"
       # Kubernetes cluster deployment variables. The config file path has to be provided in case
       # the cluster has already been created.
       k8s:
@@ -120,7 +121,8 @@ network:
         region: "region"                        # AWS region
 
       publicIps: ["3.221.78.194"]               # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster
-
+      azure:
+        node_resource_group: "MC_myResourceGroup_myCluster_westeurope"
       # Kubernetes cluster deployment variables. The config file path has to be provided in case
       # the cluster has already been created.
       k8s:
@@ -209,7 +211,8 @@ network:
         region: "region"                        # AWS region
 
       publicIps: ["3.221.78.194"]             # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster
-
+      azure:
+        node_resource_group: "MC_myResourceGroup_myCluster_westeurope"
       # Kubernetes cluster deployment variables. The config file path has to be provided in case
       # the cluster has already been created.
       k8s:

diff --git a/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile b/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile
@@ -4,7 +4,7 @@ USER root
 
 ARG ROCKS_DB_VERSION=5.8.8
 ARG LIBINDY_CRYPTO_VERSION=0.4.5
-ARG INDY_NODE_VERSION=1.12.1
+ARG INDY_NODE_VERSION=1.12.6
 
 ENV VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3 \
     WORKON_HOME=$HOME/.virtualenvs \

diff --git a/platforms/hyperledger-indy/images/indy-key-mgmt/README.md b/platforms/hyperledger-indy/images/indy-key-mgmt/README.md
@@ -17,12 +17,12 @@ docker build -t <docker_url>/bevel-indy-key-mgmt:1.12.1 .
 When you would like to use older version, then override build arguments.<br>
 Example for use version 1.11.0:
 ```bash
-docker build --build-arg INDY_NODE_VERSION=v1.9.2 -t <docker_url>/bevel-indy-key-mgmt:1.9.2 .
+docker build --build-arg INDY_NODE_VERSION=1.12.6 -t <docker_url>/bevel-indy-key-mgmt:1.12.6 .
 ```
 #### Build arguments with default values
  - ROCKS_DB_VERSION=5.8.8
  - LIBINDY_CRYPTO_VERSION=0.4.5
- - INDY_NODE_VERSION=1.12.1
+ - INDY_NODE_VERSION=1.12.6
 
 ## How to use
 

diff --git a/platforms/hyperledger-indy/images/indy-node/Dockerfile b/platforms/hyperledger-indy/images/indy-node/Dockerfile
@@ -4,44 +4,22 @@ ARG uid=1000
 
 # Install environment
 RUN apt-get update -y && apt-get install -y \
-	git \
-	wget \
-	python3.5 \
-	python3-pip \
-	python-setuptools \
-	python3-nacl \
 	apt-transport-https \
 	ca-certificates \
 	supervisor
 
-RUN pip3 install -U \
-	pip==9.0.3 \
-	setuptools
-
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88
-ARG indy_stream=master
-RUN echo "deb https://repo.sovrin.org/deb xenial $indy_stream" >> /etc/apt/sources.list
+RUN echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list
 
 RUN useradd -ms /bin/bash -u $uid indy
 
-ARG indy_plenum_ver=1.12.1~dev993
-ARG indy_node_ver=1.12.1~dev1179
-ARG python3_indy_crypto_ver=0.4.5
-ARG indy_crypto_ver=0.4.5
-ARG python3_pyzmq_ver=18.1.0
-ARG python3_orderedset_ver=2.0
-ARG python3_psutil_ver=5.4.3
-ARG python3_pympler_ver=0.5
+ARG indy_plenum_ver=1.12.6
+ARG indy_node_ver=1.12.6
 
 RUN apt-get update -y && apt-get install -y \
-        indy-plenum=${indy_plenum_ver} \
-        indy-node=${indy_node_ver} \
-        python3-indy-crypto=${python3_indy_crypto_ver} \
-        libindy-crypto=${indy_crypto_ver} \
-        python3-pyzmq=${python3_pyzmq_ver} \
-		python3-orderedset=${python3_orderedset_ver} \
-		python3-psutil=${python3_psutil_ver} \
-		python3-pympler=${python3_pympler_ver}
+	indy-node=${indy_node_ver} \
+    indy-plenum=${indy_plenum_ver} \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY start-indy-node.sh /var/lib/indy
 RUN chmod +x /var/lib/indy/start-indy-node.sh

diff --git a/platforms/hyperledger-indy/images/indy-node/README.md b/platforms/hyperledger-indy/images/indy-node/README.md
@@ -10,21 +10,17 @@ Docker image of an Indy node (runs using a Steward identity)
 Ideally, the build of the image should be run from this directory.<br>
 For build run command below:
 ```bash
-docker build -t <docker_url>/bevel-indy-node:1.11.0 .
+docker build -t <docker_url>/bevel-indy-node:1.12.6 .
 ```
 *NOTE*: Version 1.11.0 is default version also for version of Hyperledger Indy in this Docker image.<br>
 When you would like to use older version, then override build arguments.<br>
 Example for use version 1.9.2:
 ```bash
-docker build --build-arg indy_plenum_ver=1.9.2~dev871 --build-arg indy_node_ver=1.9.2~dev1061 --build-arg python3_pyzmq_ver=17.0.0 -t <docker_url>/bevel-indy-node:1.9.2 .
+docker build --build-arg indy_plenum_ver=1.12.6 --build-arg indy_node_ver=1.12.6 -t <docker_url>/bevel-indy-node:1.12.6 .
 ```
 #### Build arguments with default values
- - indy_plenum_ver=1.11.0~dev945
- - indy_node_ver=1.11.0~dev1123
- - python3_indy_crypto_ver=0.4.5
- - indy_crypto_ver=0.4.5
- - python3_pyzmq_ver=18.1.0
-
+ - indy_plenum_ver=1.12.6
+ - indy_node_ver=1.12.6
 
 ### Using
 The Docker image is created specially for Helm Chart [indy-node](../../charts/indy-node).

diff --git a/platforms/network-schema.json b/platforms/network-schema.json
@@ -233,7 +233,8 @@
                 "type": "string",
                 "enum": [
                   "1.11.0",
-                  "1.12.1"
+                  "1.12.1",
+                  "1.12.6"
                 ]
               },
               "env": {
@@ -530,15 +531,6 @@
         "cluster_id": {
           "type": "string"
         },
-        "provider": {
-          "type": "string",
-          "enum": [
-            "aws",
-            "azure",
-            "gcp",
-            "minikube"
-          ]
-        },
         "region": {
           "type": "string"
         },

diff --git a/platforms/shared/configuration/delete-network.yaml b/platforms/shared/configuration/delete-network.yaml
@@ -108,4 +108,4 @@
       "corda": "ns",
       "besu": "bes",
       "substrate": "subs"
-    }]
+      }]