diff --git a/platforms/hyperledger-indy/charts/indy-node/Chart.yaml b/platforms/hyperledger-indy/charts/indy-node/Chart.yaml index b53afcfc482..6337aec9fcb 100644 --- a/platforms/hyperledger-indy/charts/indy-node/Chart.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/Chart.yaml @@ -8,4 +8,4 @@ apiVersion: v1 appVersion: "2.0" description: "hyperledger-indy: charts for indy-node StatefulSet" name: indy-node -version: 1.0.0 +version: 1.0.1 diff --git a/platforms/hyperledger-indy/charts/indy-node/README.md b/platforms/hyperledger-indy/charts/indy-node/README.md index bf245d80fe8..6496a4947e6 100644 --- a/platforms/hyperledger-indy/charts/indy-node/README.md +++ b/platforms/hyperledger-indy/charts/indy-node/README.md @@ -145,10 +145,6 @@ add_new_org: false | -------------------- | ---------------------------------------------| ------------- | | domainGenesis | Provide the domain genesis | "" | | poolGenesis | Provide the pool genesis | "" | - - - -### ambassador ### vault diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml index a307a43d542..b1ac7049794 100644 --- a/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/templates/configmap.yaml @@ -7,10 +7,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ $.Values.metadata.name }}-config - namespace: {{ $.Values.metadata.namespace }} + name: {{ $.Values.node.name }}-config + namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ $.Values.metadata.name }}-config + app.kubernetes.io/name: {{ $.Values.node.name }}-config helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml index c09aa104e61..100e47dbe0c 100644 --- a/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/templates/service.yaml @@ -7,8 +7,8 @@ apiVersion: v1 kind: Service metadata: - name: "{{ $.Values.metadata.name }}" - namespace: "{{ $.Values.metadata.namespace }}" + name: "{{ $.Values.node.name }}" + namespace: {{ .Release.Namespace }} spec: type: {{ $.Values.service.type }} ports: @@ -25,7 +25,7 @@ spec: nodePort: {{ $.Values.service.ports.clientTargetPort }} {{ end }} selector: - app: "{{ $.Values.metadata.name }}" + app: "{{ $.Values.node.name }}" {{- if eq $.Values.proxy.provider "ambassador" }} --- @@ -33,7 +33,7 @@ apiVersion: getambassador.io/v3alpha1 kind: Listener metadata: name: "{{ .Values.node.name }}-node-listener" - namespace: {{ .Values.metadata.namespace }} + namespace: {{ .Release.Namespace }} spec: port: {{ .Values.node.ambassadorPort }} protocol: TCP @@ -46,17 +46,17 @@ apiVersion: getambassador.io/v3alpha1 kind: TCPMapping metadata: name: "{{ .Values.node.name }}-node-mapping" - namespace: {{ .Values.metadata.namespace }} + namespace: {{ .Release.Namespace }} spec: port: {{ .Values.node.ambassadorPort }} - service: "{{ .Values.node.name }}.{{ .Values.metadata.namespace }}:{{ .Values.node.targetPort }}" + service: "{{ .Values.node.name }}.{{ .Release.Namespace }}:{{ .Values.service.ports.nodeTargetPort }}" --- apiVersion: getambassador.io/v3alpha1 kind: Listener metadata: name: "{{ .Values.node.name }}-client-listener" - namespace: {{ .Values.metadata.namespace }} + namespace: {{ .Release.Namespace }} spec: port: {{ .Values.client.ambassadorPort }} protocol: TCP @@ -69,9 +69,9 @@ apiVersion: getambassador.io/v3alpha1 kind: TCPMapping metadata: name: "{{ .Values.node.name }}-client-mapping" - namespace: {{ .Values.metadata.namespace }} + namespace: {{ .Release.Namespace }} spec: port: {{ .Values.client.ambassadorPort }} - service: "{{ .Values.client.name }}.{{ .Values.metadata.namespace }}:{{ .Values.client.targetPort }}" + service: "{{ .Values.node.name }}.{{ .Release.Namespace }}:{{ .Values.service.ports.clientTargetPort }}" {{- end }} diff --git a/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml b/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml index cf4c7ee931c..087a1eac3a2 100644 --- a/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/templates/statefulset.yaml @@ -7,18 +7,18 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: "{{ $.Values.metadata.name }}" - namespace: "{{ $.Values.metadata.namespace }}" + name: "{{ $.Values.node.name }}" + namespace: {{ .Release.Namespace }} spec: - serviceName: "{{ $.Values.metadata.name }}" + serviceName: "{{ $.Values.node.name }}" replicas: 1 selector: matchLabels: - app: "{{ $.Values.metadata.name }}" + app: "{{ $.Values.node.name }}" template: metadata: labels: - app: "{{ $.Values.metadata.name }}" + app: "{{ $.Values.node.name }}" spec: securityContext: fsGroup: 1000 @@ -233,7 +233,7 @@ spec: mountPath: /var/lib/indy/data - name: ebs-indy-node-keys mountPath: /var/lib/indy/keys - - name: {{ $.Values.metadata.name }}-config + - name: {{ $.Values.node.name }}-config mountPath: /etc/indy/indy_config.py subPath: indy_config.py - name: {{ $.Values.organization.name }}-domain-transactions-genesis @@ -245,9 +245,9 @@ spec: imagePullSecrets: - name: "{{ $.Values.image.pullSecret }}" volumes: - - name: {{ $.Values.metadata.name }}-config + - name: {{ $.Values.node.name }}-config configMap: - name: {{ $.Values.metadata.name }}-config + name: {{ $.Values.node.name }}-config - name: {{ $.Values.organization.name }}-domain-transactions-genesis configMap: name: {{ $.Values.organization.name }}-dtg diff --git a/platforms/hyperledger-indy/charts/indy-node/values.yaml b/platforms/hyperledger-indy/charts/indy-node/values.yaml index 52bced2a12d..8b6628d5059 100644 --- a/platforms/hyperledger-indy/charts/indy-node/values.yaml +++ b/platforms/hyperledger-indy/charts/indy-node/values.yaml @@ -13,10 +13,6 @@ metadata: #Eg. namespace: bevel namespace: - #Provide the name for indy-node release - #Eg. name: indy-node - name: - #Provide the number of indy-node replicas #Eg. replicas: 1 replicas: @@ -130,22 +126,6 @@ configmap: #Provide the pool genesis poolGenesis: -#Provide annotations for ambassador service configuration -#Only use HTTPS as HTTP and HTTPS don't work together ( https://github.com/datawire/ambassador/issues/1000 ) -#Eg. -# annotations: |- -# apiVersion: ambassador/v2 -# kind: TCPMapping -# name: indy-node-node-mapping -# port: 9711 -# service: custodian-blockchain-indy:9712 -# apiVersion: ambassador/v2 -# kind: TCPMapping -# name: indy-node-client-mapping -# port: 9712 -# service: custodian-blockchain-indy:9712 -ambassador: - vault: #Provide the vault server address #Eg. address: http://54.226.163.39:8200 diff --git a/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml index 2441a097580..0e6088a62a6 100644 --- a/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml @@ -27,7 +27,7 @@ service_account: "{{ component_name }}" role: "ro" shell: | - secret="$(KUBECONFIG={{ kubernetes.config_file }} kubectl get serviceaccount {{ service_account }} -n {{ component_ns }} -o go-template={% raw %}'{{ (index .secrets 0).name }}'{% endraw %})" + secret="{{ service_account }}-token" kube_token="$(KUBECONFIG={{ kubernetes.config_file }} kubectl get secret ${secret} -n {{ component_ns }} -o go-template={% raw %}'{{ .data.token }}'{% endraw %} | base64 -d)" vault_token=$(curl --request POST --data '{"jwt": "'"$kube_token"'", "role": "{{ role }}"}' {{ vault.url }}/v1/auth/kubernetes-{{ organization }}-bevel-ac-auth/login | jq -j '.auth.client_token') echo ${vault_token} diff --git a/platforms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl b/platforms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl index 13e76dd761e..b6d626a245b 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl +++ b/platforms/hyperledger-indy/configuration/roles/create/k8_component/templates/serviceaccount.tpl @@ -3,3 +3,12 @@ kind: ServiceAccount metadata: name: {{ component_name }} namespace: {{ component_namespace }} +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ component_name }}-token + namespace: {{ component_namespace }} + annotations: + kubernetes.io/service-account.name: "{{ component_name }}" diff --git a/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml b/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml index 2ce7c4bc49e..6f6b4cebbd4 100644 --- a/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml +++ b/platforms/hyperledger-indy/configuration/samples/network-indyv3-aries.yaml @@ -14,7 +14,7 @@ network: # Network level configuration specifies the attributes required for each organization # to join an existing network. type: indy - version: 1.11.0 # Supported versions 1.11.0 and 1.12.1 + version: 1.12.1 # Supported versions 1.11.0 and 1.12.1 #Environment section for Kubernetes setup env: @@ -65,7 +65,8 @@ network: region: "region" # AWS region publicIps: ["1.1.1.1", "2.2.2.2"] # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster - + azure: + node_resource_group: "MC_myResourceGroup_myCluster_westeurope" # Kubernetes cluster deployment variables. The config file path has to be provided in case # the cluster has already been created. k8s: @@ -118,7 +119,8 @@ network: region: "region" # AWS region publicIps: ["192.168.99.173"] # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster - + azure: + node_resource_group: "MC_myResourceGroup_myCluster_westeurope" # Kubernetes cluster deployment variables. The config file path has to be provided in case # the cluster has already been created. k8s: diff --git a/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml b/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml index f5eb362476b..ea514813973 100644 --- a/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml +++ b/platforms/hyperledger-indy/configuration/samples/network-indyv3.yaml @@ -16,7 +16,7 @@ network: # Network level configuration specifies the attributes required for each organization # to join an existing network. type: indy - version: 1.11.0 # Supported versions 1.11.0 and 1.12.1 + version: 1.12.1 # Supported versions 1.11.0 and 1.12.1 #Environment section for Kubernetes setup env: @@ -67,7 +67,8 @@ network: region: "region" # AWS region publicIps: ["1.1.1.1", "2.2.2.2"] # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster - + azure: + node_resource_group: "MC_myResourceGroup_myCluster_westeurope" # Kubernetes cluster deployment variables. The config file path has to be provided in case # the cluster has already been created. k8s: @@ -120,7 +121,8 @@ network: region: "region" # AWS region publicIps: ["3.221.78.194"] # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster - + azure: + node_resource_group: "MC_myResourceGroup_myCluster_westeurope" # Kubernetes cluster deployment variables. The config file path has to be provided in case # the cluster has already been created. k8s: @@ -209,7 +211,8 @@ network: region: "region" # AWS region publicIps: ["3.221.78.194"] # List of all public IP addresses of each availability zone from all organizations in the same k8s cluster - + azure: + node_resource_group: "MC_myResourceGroup_myCluster_westeurope" # Kubernetes cluster deployment variables. The config file path has to be provided in case # the cluster has already been created. k8s: diff --git a/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile b/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile index 28d620f33fd..66f3ef72d0d 100644 --- a/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile +++ b/platforms/hyperledger-indy/images/indy-key-mgmt/Dockerfile @@ -4,7 +4,7 @@ USER root ARG ROCKS_DB_VERSION=5.8.8 ARG LIBINDY_CRYPTO_VERSION=0.4.5 -ARG INDY_NODE_VERSION=1.12.1 +ARG INDY_NODE_VERSION=1.12.6 ENV VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3 \ WORKON_HOME=$HOME/.virtualenvs \ diff --git a/platforms/hyperledger-indy/images/indy-key-mgmt/README.md b/platforms/hyperledger-indy/images/indy-key-mgmt/README.md index 97be12c578d..2d24117a830 100644 --- a/platforms/hyperledger-indy/images/indy-key-mgmt/README.md +++ b/platforms/hyperledger-indy/images/indy-key-mgmt/README.md @@ -17,12 +17,12 @@ docker build -t /bevel-indy-key-mgmt:1.12.1 . When you would like to use older version, then override build arguments.
Example for use version 1.11.0: ```bash -docker build --build-arg INDY_NODE_VERSION=v1.9.2 -t /bevel-indy-key-mgmt:1.9.2 . +docker build --build-arg INDY_NODE_VERSION=1.12.6 -t /bevel-indy-key-mgmt:1.12.6 . ``` #### Build arguments with default values - ROCKS_DB_VERSION=5.8.8 - LIBINDY_CRYPTO_VERSION=0.4.5 - - INDY_NODE_VERSION=1.12.1 + - INDY_NODE_VERSION=1.12.6 ## How to use diff --git a/platforms/hyperledger-indy/images/indy-node/Dockerfile b/platforms/hyperledger-indy/images/indy-node/Dockerfile index 9216a38f2dc..316cb191a53 100644 --- a/platforms/hyperledger-indy/images/indy-node/Dockerfile +++ b/platforms/hyperledger-indy/images/indy-node/Dockerfile @@ -4,44 +4,22 @@ ARG uid=1000 # Install environment RUN apt-get update -y && apt-get install -y \ - git \ - wget \ - python3.5 \ - python3-pip \ - python-setuptools \ - python3-nacl \ apt-transport-https \ ca-certificates \ supervisor -RUN pip3 install -U \ - pip==9.0.3 \ - setuptools - RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 -ARG indy_stream=master -RUN echo "deb https://repo.sovrin.org/deb xenial $indy_stream" >> /etc/apt/sources.list +RUN echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list RUN useradd -ms /bin/bash -u $uid indy -ARG indy_plenum_ver=1.12.1~dev993 -ARG indy_node_ver=1.12.1~dev1179 -ARG python3_indy_crypto_ver=0.4.5 -ARG indy_crypto_ver=0.4.5 -ARG python3_pyzmq_ver=18.1.0 -ARG python3_orderedset_ver=2.0 -ARG python3_psutil_ver=5.4.3 -ARG python3_pympler_ver=0.5 +ARG indy_plenum_ver=1.12.6 +ARG indy_node_ver=1.12.6 RUN apt-get update -y && apt-get install -y \ - indy-plenum=${indy_plenum_ver} \ - indy-node=${indy_node_ver} \ - python3-indy-crypto=${python3_indy_crypto_ver} \ - libindy-crypto=${indy_crypto_ver} \ - python3-pyzmq=${python3_pyzmq_ver} \ - python3-orderedset=${python3_orderedset_ver} \ - python3-psutil=${python3_psutil_ver} \ - python3-pympler=${python3_pympler_ver} + indy-node=${indy_node_ver} \ + indy-plenum=${indy_plenum_ver} \ + && rm -rf /var/lib/apt/lists/* COPY start-indy-node.sh /var/lib/indy RUN chmod +x /var/lib/indy/start-indy-node.sh diff --git a/platforms/hyperledger-indy/images/indy-node/README.md b/platforms/hyperledger-indy/images/indy-node/README.md index c2143d3c6d2..ef2aeb9897e 100644 --- a/platforms/hyperledger-indy/images/indy-node/README.md +++ b/platforms/hyperledger-indy/images/indy-node/README.md @@ -10,21 +10,17 @@ Docker image of an Indy node (runs using a Steward identity) Ideally, the build of the image should be run from this directory.
For build run command below: ```bash -docker build -t /bevel-indy-node:1.11.0 . +docker build -t /bevel-indy-node:1.12.6 . ``` *NOTE*: Version 1.11.0 is default version also for version of Hyperledger Indy in this Docker image.
When you would like to use older version, then override build arguments.
Example for use version 1.9.2: ```bash -docker build --build-arg indy_plenum_ver=1.9.2~dev871 --build-arg indy_node_ver=1.9.2~dev1061 --build-arg python3_pyzmq_ver=17.0.0 -t /bevel-indy-node:1.9.2 . +docker build --build-arg indy_plenum_ver=1.12.6 --build-arg indy_node_ver=1.12.6 -t /bevel-indy-node:1.12.6 . ``` #### Build arguments with default values - - indy_plenum_ver=1.11.0~dev945 - - indy_node_ver=1.11.0~dev1123 - - python3_indy_crypto_ver=0.4.5 - - indy_crypto_ver=0.4.5 - - python3_pyzmq_ver=18.1.0 - + - indy_plenum_ver=1.12.6 + - indy_node_ver=1.12.6 ### Using The Docker image is created specially for Helm Chart [indy-node](../../charts/indy-node). diff --git a/platforms/network-schema.json b/platforms/network-schema.json index c1dd8f54eaa..2d808a28cbf 100755 --- a/platforms/network-schema.json +++ b/platforms/network-schema.json @@ -233,7 +233,8 @@ "type": "string", "enum": [ "1.11.0", - "1.12.1" + "1.12.1", + "1.12.6" ] }, "env": { @@ -530,15 +531,6 @@ "cluster_id": { "type": "string" }, - "provider": { - "type": "string", - "enum": [ - "aws", - "azure", - "gcp", - "minikube" - ] - }, "region": { "type": "string" }, diff --git a/platforms/shared/configuration/delete-network.yaml b/platforms/shared/configuration/delete-network.yaml index b02859b2dda..5d152ddd387 100644 --- a/platforms/shared/configuration/delete-network.yaml +++ b/platforms/shared/configuration/delete-network.yaml @@ -108,4 +108,4 @@ "corda": "ns", "besu": "bes", "substrate": "subs" - }] + }] diff --git a/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml b/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml index f7d2b15864a..2786af0a0c6 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml +++ b/platforms/shared/configuration/roles/setup/edge-stack/tasks/main.yaml @@ -47,7 +47,7 @@ - name: Create custom values for aes helm chart vars: ports: "{{ network.env.ambassadorPorts.ports | default([]) }}" - elastic_ip: "{{ allocation_ips_stdout | default('') }}" + elastic_ip: "{{ allocation_ips_stdout | default(item.publicIps[0]) }}" lbSourceRangeDefault: - 0.0.0.0/0 loadBalancerSourceRanges: "{{ network.env.loadBalancerSourceRanges | default(lbSourceRangeDefault) }}" diff --git a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl index 7f4c7bf0374..6e1b890005d 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl +++ b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-resources.tpl @@ -23,7 +23,7 @@ apiVersion: getambassador.io/v3alpha1 kind: Module metadata: name: ambassador-module - namespace: ambassador + namespace: {{ proxy_namespace }} spec: config: use_proxy_proto: true diff --git a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl index 233f79148d8..e58cbba2ae3 100644 --- a/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl +++ b/platforms/shared/configuration/roles/setup/edge-stack/templates/aes-custom-values.tpl @@ -14,11 +14,16 @@ namespaceOverride: '' # Emissary Chart Values. emissary-ingress: service: -{% if network.type == 'indy' %} +{% if network.type == 'indy' and item.cloud_provider in ['aws', 'aws-baremetal'] %} annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" service.beta.kubernetes.io/aws-load-balancer-eip-allocations: "{{ elastic_ip }}" +{% endif %} +{% if network.type == 'indy' and item.cloud_provider == 'azure' %} + annotations: + service.beta.kubernetes.io/azure-load-balancer-resource-group: "{{ item.azure.node_resource_group }}" + service.beta.kubernetes.io/azure-load-balancer-ipv4: "{{ elastic_ip }}" {% endif %} type: LoadBalancer @@ -31,7 +36,7 @@ emissary-ingress: - name: https port: 443 targetPort: 8443 -{% for port in ports or [] %} +{% for port in ports %} - name: tcp-{{ port }} port: {{ port | int }} targetPort: {{ port | int }} @@ -44,8 +49,6 @@ emissary-ingress: {% endfor %} {% endif %} adminService: - # IP address to assign (if cloud provider supports it) - loadBalancerIP: # Passed to cloud provider load balancer if created (e.g: AWS ELB) loadBalancerSourceRanges: {{ loadBalancerSourceRanges }} diff --git a/platforms/shared/configuration/setup-k8s-environment.yaml b/platforms/shared/configuration/setup-k8s-environment.yaml index 6a78682ed3f..d92faddc203 100644 --- a/platforms/shared/configuration/setup-k8s-environment.yaml +++ b/platforms/shared/configuration/setup-k8s-environment.yaml @@ -34,17 +34,6 @@ with_items: "{{ network.organizations }}" when: network.env.type != 'operator' - # Prepare ports for Indy - - name: Prepare nodes and clients ports for ambassador - vars: - name: "{{ organizationItem.name }}" - set_fact: - stewards: "{{ stewards | default([]) + organizationItem.services.stewards | list }}" - loop: "{{ network.organizations }}" - loop_control: - loop_var: organizationItem - when: organizationItem.services.stewards is defined and network['type'] == 'indy' - # Setup ambassador edge stack (enabled for besu and quorum) - include_role: name: setup/edge-stack