From 5a28f80342e65d83fd42d780470d5b7eedd7990c Mon Sep 17 00:00:00 2001 From: sailajakommineni Date: Thu, 13 Jul 2023 05:50:55 +0000 Subject: [PATCH] [ci-skip] Add README.md files Primary Changes -------------- Add readme files for all charts Update the values.yaml files Update the version in chart.yaml file Modifications in charts --------------------- platforms/r3-corda/charts/doorman-tls platforms/r3-corda/charts/doorman platforms/r3-corda/charts/generate-certs platforms/r3-corda/charts/h2 platforms/r3-corda/charts/mongodb-tls platforms/r3-corda/charts/mongodb platforms/r3-corda/charts/nms-tls platforms/r3-corda/charts/nms platforms/r3-corda/charts/node-initial-registration platforms/r3-corda/charts/node platforms/r3-corda/charts/notary-initial-registration platforms/r3-corda/charts/notary Fixes #2285 Signed-off-by: sailajakommineni --- .../r3-corda/charts/doorman-tls/Chart.yaml | 4 +- .../r3-corda/charts/doorman-tls/README.md | 173 +++++++++ .../r3-corda/charts/doorman-tls/values.yaml | 16 +- platforms/r3-corda/charts/doorman/Chart.yaml | 4 +- platforms/r3-corda/charts/doorman/README.md | 171 +++++++++ platforms/r3-corda/charts/doorman/values.yaml | 20 +- .../r3-corda/charts/generate-certs/Chart.yaml | 4 +- .../r3-corda/charts/generate-certs/README.md | 176 +++++++++- platforms/r3-corda/charts/h2/Chart.yaml | 4 +- platforms/r3-corda/charts/h2/README.md | 174 ++++++++++ platforms/r3-corda/charts/h2/values.yaml | 26 +- .../r3-corda/charts/mongodb-tls/Chart.yaml | 4 +- .../r3-corda/charts/mongodb-tls/README.md | 158 +++++++++ .../r3-corda/charts/mongodb-tls/values.yaml | 15 +- platforms/r3-corda/charts/mongodb/Chart.yaml | 4 +- platforms/r3-corda/charts/mongodb/README.md | 158 +++++++++ platforms/r3-corda/charts/mongodb/values.yaml | 14 +- platforms/r3-corda/charts/nms-tls/Chart.yaml | 4 +- platforms/r3-corda/charts/nms-tls/README.md | 178 ++++++++++ platforms/r3-corda/charts/nms-tls/values.yaml | 19 +- platforms/r3-corda/charts/nms/Chart.yaml | 4 +- platforms/r3-corda/charts/nms/README.md | 179 ++++++++++ platforms/r3-corda/charts/nms/values.yaml | 18 +- .../node-initial-registration/Chart.yaml | 4 +- .../node-initial-registration/README.md | 273 +++++++++++---- .../node-initial-registration/values.yaml | 78 ++--- platforms/r3-corda/charts/node/Chart.yaml | 4 +- platforms/r3-corda/charts/node/README.md | 327 ++++++++++++------ platforms/r3-corda/charts/node/values.yaml | 88 ++--- .../notary-initial-registration/Chart.yaml | 4 +- .../notary-initial-registration/README.md | 271 ++++++++++----- .../notary-initial-registration/values.yaml | 70 ++-- platforms/r3-corda/charts/notary/Chart.yaml | 4 +- platforms/r3-corda/charts/notary/README.md | 322 +++++++++++------ platforms/r3-corda/charts/notary/values.yaml | 86 ++--- 35 files changed, 2425 insertions(+), 633 deletions(-) create mode 100644 platforms/r3-corda/charts/doorman-tls/README.md create mode 100644 platforms/r3-corda/charts/doorman/README.md create mode 100644 platforms/r3-corda/charts/h2/README.md create mode 100644 platforms/r3-corda/charts/mongodb-tls/README.md create mode 100644 platforms/r3-corda/charts/mongodb/README.md create mode 100644 platforms/r3-corda/charts/nms-tls/README.md create mode 100644 platforms/r3-corda/charts/nms/README.md diff --git a/platforms/r3-corda/charts/doorman-tls/Chart.yaml b/platforms/r3-corda/charts/doorman-tls/Chart.yaml index ac3f16d54bb7..8dc6c6c920a3 100644 --- a/platforms/r3-corda/charts/doorman-tls/Chart.yaml +++ b/platforms/r3-corda/charts/doorman-tls/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for deploying doorman with TLS connection . +description: "R3-corda-os: Deploys the doorman with TLS connection enabled." name: doorman-tls -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/doorman-tls/README.md b/platforms/r3-corda/charts/doorman-tls/README.md new file mode 100644 index 000000000000..318940d31bc6 --- /dev/null +++ b/platforms/r3-corda/charts/doorman-tls/README.md @@ -0,0 +1,173 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Doorman Deployment + +- [Doorman-tls Deployment Helm Chart](#Doorman-tls-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## Doorman-tls Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/doorman-tls) deploys the doorman with TLS connection enabled, which helps establish trust and secure communication within the network by acting as a gatekeeper for network participants. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Mongodb for doorman-tls database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── doorman-tls + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── pvc.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment.Including volume mounts, environment variables, and initialization tasks using init containers. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the metadata, image, service, Vault, etc. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/doorman-tls/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | network-map | + +### Metadata + +| Name | Description | Default Value | +| ----------------| --------------------------------------------------------------------| ------------- | +| namespace | Provide the namespace for the doorman-tls Generator | default | +| labels | Provide any additional labels for the doorman-tls Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| mountPath | Provide enviroment variable for container image | /opt/doorman | +| env | These env are used by the Doorman application to connect to the MongoDB database | "" | + + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordanms | +| secretprefix | Provide the kubernetes auth backed configured in vault | "" | +| imagesecretname | specify the name of the Kubernetes secret | "" | +| serviceaccountname | To authenticate with the Vault server and retrieve the secrets |vault-auth-issuer| + + +### Healthcheck + + Tasks performed in this container is used for database health check. + If db is up and running, starts the corda doorman-tls main container. + + + +## Deployment +--- + +To deploy the Doorman-tls Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/doorman-tls/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade,verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./doorman-tls +``` + +To upgrade the chart: +```bash +helm upgrade ./doorman-tls +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Doorman-tls Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/doorman-tls), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/doorman-tls/values.yaml b/platforms/r3-corda/charts/doorman-tls/values.yaml index 790b8a2628e7..c1594f04c1bb 100644 --- a/platforms/r3-corda/charts/doorman-tls/values.yaml +++ b/platforms/r3-corda/charts/doorman-tls/values.yaml @@ -10,23 +10,23 @@ #Provide the Name for node to be deployed #Eg. nodeName: network-map -nodeName: +nodeName: network-map metadata: #Provide the namespace for organization's peer #Eg. namespace: default - namespace: + namespace: default image: #Provide the name of image for init container #Eg. initContainerName: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the containerName of image #Eg. containerName: hyperledgerlabs/nms:0.3.6-nms - containerName: + containerName: hyperledgerlabs/nms:0.3.6-nms #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide enviroment variable for container image mountPath: #Provide the path for base dir @@ -61,7 +61,7 @@ image: service: #Provide the type of service #Eg. type: NodePort - type: + type: NodePort #Provide the node port for node service to be accessible outside #Eg. nodePort: 30050 nodePort: @@ -93,9 +93,9 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Eg. authpath: cordanms - authpath: + authpath: cordanms #Provide the kubernetes auth backed configured in vault #Eg. secretprefix: secretprefix: diff --git a/platforms/r3-corda/charts/doorman/Chart.yaml b/platforms/r3-corda/charts/doorman/Chart.yaml index bf53afd48f43..ee2ccb097521 100644 --- a/platforms/r3-corda/charts/doorman/Chart.yaml +++ b/platforms/r3-corda/charts/doorman/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys the doorman service for r3corda node." name: doorman -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/doorman/README.md b/platforms/r3-corda/charts/doorman/README.md new file mode 100644 index 000000000000..11b69ac2c061 --- /dev/null +++ b/platforms/r3-corda/charts/doorman/README.md @@ -0,0 +1,171 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Doorman Deployment + +- [Doorman Deployment Helm Chart](#Doorman-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## Doorman Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/doorman) deploys the doorman service, which helps establish trust and secure communication within the network by acting as a gatekeeper for network participants. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Mongodb for doorman up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── doorman + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── pvc.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : A Deployment controller provides declarative updates for Pods and ReplicaSets. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the metadata, image, service, Vault, etc. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/doorman/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | network-map | + +### Metadata + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------------------------| ------------- | +| namespace | Provide the namespace for the doorman Generator | default | +| labels | Provide any additional labels for the doorman Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| mountPath | Provide enviroment variable for container image | /opt/doorman | +| env |These env are used by the Doorman application to connect to the MongoDB database | "" | + + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordanms | +| secretprefix | Provide the kubernetes auth backed configured in vault | "" | +| imagesecretname | specify the name of the Kubernetes secret | "" | +| serviceaccountname | To authenticate with the Vault server and retrieve the secrets |vault-auth-issuer| + +### Healthcheck + + Tasks performed in this container is used for database health check. + If db is up and running, starts the corda doorman main container. + + + +## Deployment +--- + +To deploy the Doorman Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/doorman/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./doorman +``` + +To upgrade the chart: +```bash +helm upgrade ./doorman +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Doorman Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/doorman), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/doorman/values.yaml b/platforms/r3-corda/charts/doorman/values.yaml index 790b8a2628e7..c15e0a9f5259 100644 --- a/platforms/r3-corda/charts/doorman/values.yaml +++ b/platforms/r3-corda/charts/doorman/values.yaml @@ -10,23 +10,23 @@ #Provide the Name for node to be deployed #Eg. nodeName: network-map -nodeName: +nodeName: network-map metadata: #Provide the namespace for organization's peer #Eg. namespace: default - namespace: + namespace: default image: #Provide the name of image for init container #Eg. initContainerName: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the containerName of image #Eg. containerName: hyperledgerlabs/nms:0.3.6-nms - containerName: + containerName: hyperledgerlabs/nms:0.3.6-nms #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide enviroment variable for container image mountPath: #Provide the path for base dir @@ -61,7 +61,7 @@ image: service: #Provide the type of service #Eg. type: NodePort - type: + type: NodePort #Provide the node port for node service to be accessible outside #Eg. nodePort: 30050 nodePort: @@ -93,21 +93,21 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Eg. authpath: cordanms - authpath: + authpath: cordanms #Provide the kubernetes auth backed configured in vault #Eg. secretprefix: secretprefix: #Eg. imagesecretname: imagesecretname: #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer mountPath: #Provide the path for base dir #Eg. basePath: /opt/workdir - basePath: + basePath: healthcheck: dburl: diff --git a/platforms/r3-corda/charts/generate-certs/Chart.yaml b/platforms/r3-corda/charts/generate-certs/Chart.yaml index a34f9805e72c..bd8403a10588 100644 --- a/platforms/r3-corda/charts/generate-certs/Chart.yaml +++ b/platforms/r3-corda/charts/generate-certs/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for generating the certificates for Corda Opensource +description: "R3-corda-os: Generates the ca-certificates." name: generate-certs -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/generate-certs/README.md b/platforms/r3-corda/charts/generate-certs/README.md index d607f82971e7..9c9f2cace3e8 100644 --- a/platforms/r3-corda/charts/generate-certs/README.md +++ b/platforms/r3-corda/charts/generate-certs/README.md @@ -3,4 +3,178 @@ [//]: # (SPDX-License-Identifier: Apache-2.0) [//]: # (##############################################################################################) -chart for creating initial certificates \ No newline at end of file + +# Generate-certs Deployment + +- [Generate-certs Deployment Helm Chart](#Generate-certs-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## Generate-certs Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/generate-certs) generates the certificates. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Doorman network is setup and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── generate-certs + │ ├── Chart.yaml + │ ├── templates + │ │ ├── job.yaml + │ │ ├── configmap.yaml + │ │ └── _helpers.tpl + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `job.yaml` : This Job is responsible for generating the root CA certificate, Doorman CA certificate, and MongoDB CA certificate for doorman. +- `configmap.yaml` : ConfigMap resource in Kubernetes with a specific name and namespace, along with labels for identification.And holds the openssl configuration file. +- `_helpers.tpl` : A template file used for defining custom labels in the Helm chart. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the metadata, image, service, Vault, etc. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/generate-certs/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | doorman | + +### Metadata + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------------------------------| ------------- | +| namespace | Provide the namespace for the Generate Certs Generator | notary-ns | +| labels | Provide any additional labels for the Generate Certs Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| certsContainerName | Provide the image for the certs container | "" | +| imagePullSecret | Provide the docker-registry secret created and stored in kubernetes cluster as a secret | "" | +| pullPolicy | Pull policy to be used for the Docker image | IfNotPresent | + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordadoorman | +| serviceAccountName | Provide the already created service account name autheticated to vault | vault-auth | +| certSecretPrefix | Provide the vault path where the certificates are stored | doorman/data | +| retries | Number of retries to check contents from vault | 10 | +| sleepTimeAfterError | Sleep time in seconds when error while registration | 15 | + +### Subjects + +| Name | Description | Default Value | +| ------------------------- | ---------------------------------- | ------------- | +| root_subject | Mention the subject for rootca | "" | +| mongorootca | Mention the subject for mongorootca| "" | +| doormanca | Mention the subject for doormanca | "" | +| networkmap | Mention the subject for networkmap | "" | + +### Volume + +| Name | Description | Default Value | +| -----------------| -----------------------| ------------- | +| baseDir | Base directory | /home/bevel | + + + +## Deployment +--- + +To deploy the Generate-certs Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/generate-certs/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./generate-certs +``` + +To upgrade the chart: +```bash +helm upgrade ./generate-certs +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Generate-certs Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/generate-certs), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/h2/Chart.yaml b/platforms/r3-corda/charts/h2/Chart.yaml index bb9a37428cd2..e6bcec124b7e 100644 --- a/platforms/r3-corda/charts/h2/Chart.yaml +++ b/platforms/r3-corda/charts/h2/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys H2 DB." name: h2 -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/h2/README.md b/platforms/r3-corda/charts/h2/README.md new file mode 100644 index 000000000000..1a839ca6771a --- /dev/null +++ b/platforms/r3-corda/charts/h2/README.md @@ -0,0 +1,174 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# H2 Deployment + +- [h2 Deployment Helm Chart](#h2-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## h2 Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/h2) deploys Kubernetes deployment resource for h2 database. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── h2 + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── pvc.yaml + │ │ └── service.yaml + │ └── values.yaml +``` +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment.Including volume mounts, environment variables, and ports for the container. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, resources, storage, service, etc. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/h2/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | + +### Resources + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------ | --------------- | +| limits | Provide the limit memory for node | "1Gi" | +| requests | Provide the requests memory for node | "1Gi" | + +### storage + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| Memory | Provide the memory for node | "4Gi" | +| MountPath | The path where the volume will be mounted | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | NodePort | +| tcp port | Provide the tcp port for node | 9101 | +| nodePort | Provide the tcp node port for node | 32001 | +| targetPort | Provide the tcp targetPort for node | 1521 | + +## WEB + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| nodePort | Provide the web node port for node | 32080 | +| targetPort | Provide the tcp targetPort for node | 81 | +| port | Provide the tcp node port for node | 8080 | + + + + +## Deployment +--- + +To deploy the h2 Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/h2/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./h2 +``` + +To upgrade the chart: +```bash +helm upgrade ./h2 +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [h2 Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/h2), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/h2/values.yaml b/platforms/r3-corda/charts/h2/values.yaml index 489ee8dee66e..0099b332e411 100644 --- a/platforms/r3-corda/charts/h2/values.yaml +++ b/platforms/r3-corda/charts/h2/values.yaml @@ -15,49 +15,49 @@ nodeName: image: #Provide the name of image for container #Eg. containerName: hyperledgerlabs/h2:2018 - containerName: + containerName: hyperledgerlabs/h2:2018 #Provide the name of image for init container #Eg. name: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred resources: #Provide the limit memory for node #Eg. limits: "1Gi" - limits: + limits: "1Gi" #Provide the requests memory for node #Eg. requests: "1Gi" - requests: + requests: "1Gi" storage: #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi mountPath: service: #Provide the type of service #Eg. type: NodePort - type: + type: NodePort tcp: #Provide the tcp port for node #Eg. port: 9101 - port: + port: 9101 #Provide the tcp node port for node #Eg. port: 32001 - nodePort: + nodePort: 32001 #Provide the tcp targetPort for node #Eg. targetPort: 1521 - targetPort: + targetPort: 1521 web: #Provide the web node port for node #Eg. port: 32080 - nodePort: + nodePort: 32080 #Provide the tcp targetPort for node #Eg. targetPort: 81 - targetPort: + targetPort: 81 #Provide the tcp node port for node #Eg. port: 8080 - port: \ No newline at end of file + port: 8080 diff --git a/platforms/r3-corda/charts/mongodb-tls/Chart.yaml b/platforms/r3-corda/charts/mongodb-tls/Chart.yaml index d3344d985904..200d6f105ddc 100644 --- a/platforms/r3-corda/charts/mongodb-tls/Chart.yaml +++ b/platforms/r3-corda/charts/mongodb-tls/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for deploying mongodb with tls enabled +description: "R3-corda-os: Deploys mongodb with tls enabled, used for doorman and networkmap." name: mongodb-tls -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/mongodb-tls/README.md b/platforms/r3-corda/charts/mongodb-tls/README.md new file mode 100644 index 000000000000..15d3fd4d7d9e --- /dev/null +++ b/platforms/r3-corda/charts/mongodb-tls/README.md @@ -0,0 +1,158 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Mongodb-tls Deployment + +- [Mongodb-tls Deployment Helm Chart](#Mongodb-tls-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## Mongodb-tls Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/mongodb-tls) deploys a MongoDB to enable tls for doorman and networkmap services. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Mongodb database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── mongodb-tls + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── pvc.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : This deployment file can deploy a MongoDB database in a Kubernetes cluster, manages a MongoDB replica set and it configures environment variables for the MongoDB root username and password. And also its includes ports, volume mounts and initialization tasks using init containers. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, storage and service. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/mongodb-tls/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | mongodb-doorman | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| containerName | Provide the containerName of image | "" | + +### storage + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| Memory | Provide the memory for node | "4Gi" | +| MountPath | The path where the volume will be mounted | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | "NodePort" | +| tcp port | Provide the tcp port for node | "9101" | +| nodePort | Provide the tcp node port for node | "32001" | +| targetPort | Provide the tcp targetPort for node | "27017" | + + + +## Deployment +--- + +To deploy the Mongodb-tls Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/mongodb-tls/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./mongodb-tls +``` + +To upgrade the chart: +```bash +helm upgrade ./mongodb-tls +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Mongodb-tls Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/mongodb-tls), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/mongodb-tls/values.yaml b/platforms/r3-corda/charts/mongodb-tls/values.yaml index 9fc5bbbea0d5..ad0a17e8e271 100644 --- a/platforms/r3-corda/charts/mongodb-tls/values.yaml +++ b/platforms/r3-corda/charts/mongodb-tls/values.yaml @@ -10,30 +10,29 @@ #Provide the Name for node to be deployed #Eg. nodeName: mongodb-doorman -nodeName: +nodeName: mongodb-doorman replicas: image: #Provide the name of image for container #Eg. containerName: hyperledgerlabs/h2:2018 - containerName: + containerName: hyperledgerlabs/h2:2018 storage: #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi name: mountPath: service: #Provide the type of service #Eg. type: NodePort - type: + type: NodePort tcp: #Provide the tcp port for node #Eg. port: 9101 - port: + port: 9101 #Provide the tcp node port for node #Eg. port: 32001 - nodePort: + nodePort: 32001 #Provide the tcp node port for node #Eg. targetPort: 27017 - targetPort: - \ No newline at end of file + targetPort: 27017 diff --git a/platforms/r3-corda/charts/mongodb/Chart.yaml b/platforms/r3-corda/charts/mongodb/Chart.yaml index a95685be117c..9b87362d0dcd 100644 --- a/platforms/r3-corda/charts/mongodb/Chart.yaml +++ b/platforms/r3-corda/charts/mongodb/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys MongoDB, used for doorman and networkmap." name: mongodb -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/mongodb/README.md b/platforms/r3-corda/charts/mongodb/README.md new file mode 100644 index 000000000000..5ac9ca642eba --- /dev/null +++ b/platforms/r3-corda/charts/mongodb/README.md @@ -0,0 +1,158 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Mongodb Deployment + +- [Mongodb Deployment Helm Chart](#Mongodb-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## Mongodb Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/mongodb) depolys Mongodb. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Mongodb database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── mongodb + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── pvc.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : This Deployment manages a MongoDB replica set of a Pod template, including volume mounts, environment variables, and ports for the container. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, storage and service. + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/mongodb/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | mongodb | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| containerName | Provide the containerName of image | "" | + +### storage + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| Memory | Provide the memory for node | "4Gi" | +| MountPath | The path where the volume will be mounted | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | "NodePort" | +| tcp port | Provide the tcp port for node | "9101" | +| nodePort | Provide the tcp node port for node | "32001" | +| targetPort | Provide the tcp targetPort for node | "27017" | + + + +## Deployment +--- + +To deploy the Mongodb Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/mongodb/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./mongodb +``` + +To upgrade the chart: +```bash +helm upgrade ./mongodb +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Mongodb Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/mongodb), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/mongodb/values.yaml b/platforms/r3-corda/charts/mongodb/values.yaml index 1fedbe9aa7d1..e2d09a18a22f 100644 --- a/platforms/r3-corda/charts/mongodb/values.yaml +++ b/platforms/r3-corda/charts/mongodb/values.yaml @@ -10,29 +10,29 @@ #Provide the Name for node to be deployed #Eg. nodeName: mongodb-doorman -nodeName: +nodeName: mongodb replicas: image: #Provide the name of image for container #Eg. containerName: hyperledgerlabs/h2:2018 - containerName: + containerName: hyperledgerlabs/h2:2018 storage: #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi name: mountPath: service: #Provide the type of service #Eg. type: NodePort - type: + type: NodePort tcp: #Provide the tcp port for node #Eg. port: 9101 - port: + port: 9101 #Provide the tcp node port for node #Eg. port: 32001 - nodePort: + nodePort: 32001 #Provide the tcp node port for node #Eg. targetPort: 27017 - targetPort: \ No newline at end of file + targetPort: 27017 diff --git a/platforms/r3-corda/charts/nms-tls/Chart.yaml b/platforms/r3-corda/charts/nms-tls/Chart.yaml index 2b14c8e4dbb8..20693817c006 100644 --- a/platforms/r3-corda/charts/nms-tls/Chart.yaml +++ b/platforms/r3-corda/charts/nms-tls/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for deploying nms when tls is on +description: "R3-corda-os: Deploys networkmap sevice with TLS." name: nms-tls -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/nms-tls/README.md b/platforms/r3-corda/charts/nms-tls/README.md new file mode 100644 index 000000000000..ae6e4d07f5f7 --- /dev/null +++ b/platforms/r3-corda/charts/nms-tls/README.md @@ -0,0 +1,178 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Nms Deployment + +- [Nms-tls Deployment Helm Chart](#Nms-tls-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## nms-tls Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/nms-tls) deploys the Kubernetes deployment file for a networkmapservice with tls certificate. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- NetworkMap and Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── nms-tls + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── Volume.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : This file sets up a deployment with multiple containers, mounts volumes, retrieves secrets from Vault, and performs some initialization tasks before starting the main containers. +- `volume.yaml` : These PVCs can be used to provide persistent storage for the network map service deployment. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, storage, service, vault and ambassador. + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/nms-tls/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | network-map | + +### Metadata + +| Name | Description | Default Value | +| ----------------| -------------------------------------------------------- | ------------- | +| namespace | Provide the namespace for the nms Generator | default | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| env | Provide enviroment variable for container image | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------ | ------------- | +| type | Provide the type of service | "NodePort" | +| port | Provide the NMS service port | "30007" | +| nodePort | Provide the node port for node service to be accessible outside| "30050" | + + +### storage + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| Memory | Provide the memory for node | "4Gi" | + + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordanms | +| secretprefix | Provide the kubernetes auth backed configured in vault | "" | +| imagesecretname | specify the name of the Kubernetes secret | "" | +| serviceaccountname | To authenticate with the Vault server and retrieve the secrets |vault-auth-issuer| +| ambassador | Provides the suffix to be used in external URL |"" | + + + +## Deployment +--- + +To deploy the nms-tls Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/nms-tls/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./nms-tls +``` + +To upgrade the chart: +```bash +helm upgrade ./nms-tls +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Nms-tls Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/nms-tls), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/nms-tls/values.yaml b/platforms/r3-corda/charts/nms-tls/values.yaml index 01880387e18b..e66e28b10b07 100644 --- a/platforms/r3-corda/charts/nms-tls/values.yaml +++ b/platforms/r3-corda/charts/nms-tls/values.yaml @@ -10,12 +10,12 @@ #Provide the Name for node to be deployed #Eg. nodeName: network-map -nodeName: +nodeName: network-map metadata: #Provide the namespace #Eg. namespace: default - namespace: + namespace: default image: #Provide the name of image for init container @@ -52,18 +52,18 @@ image: service: #Provide the NMS service port #Eg. port: 30007 - port: + port: 30007 #Provide the type of service #Eg. type: NodePort - type: + type: NodePort #Provide the node port for node service to be accessible outside #Eg. nodePort: 30050 - nodePort: + nodePort: 30050 storage: #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi vault: #Provide the vault server address @@ -71,16 +71,16 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Eg. authpath: cordanms - authpath: + authpath: cordanms #Provide the kubernetes auth backed configured in vault #Eg. secretprefix: secretprefix: #Eg. imagesecretname: imagesecretname: #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer #Path in vault where tls certificates are present tlscertsecretprefix: @@ -88,4 +88,3 @@ ambassador: #Provides the suffix to be used in external URL #Eg. external_url_suffix: org1.blockchaincloudpoc.com external_url_suffix: - \ No newline at end of file diff --git a/platforms/r3-corda/charts/nms/Chart.yaml b/platforms/r3-corda/charts/nms/Chart.yaml index b7977c0939f0..11e825286327 100644 --- a/platforms/r3-corda/charts/nms/Chart.yaml +++ b/platforms/r3-corda/charts/nms/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys networkmap service without TLS." name: nms -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/nms/README.md b/platforms/r3-corda/charts/nms/README.md new file mode 100644 index 000000000000..59c554e86c46 --- /dev/null +++ b/platforms/r3-corda/charts/nms/README.md @@ -0,0 +1,179 @@ +[//]: # (##############################################################################################) +[//]: # (Copyright Accenture. All Rights Reserved.) +[//]: # (SPDX-License-Identifier: Apache-2.0) +[//]: # (##############################################################################################) + + +# Nms Deployment + +- [Nms Deployment Helm Chart](#Nms-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## nms Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/nms) deploys the Kubernetes deployment file for a networkmapservice. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- NetworkMap and Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + + +## Chart Structure +--- +This chart has following structue: + +``` + + ├── nms + │ ├── Chart.yaml + │ ├── templates + │ │ ├── deployment.yaml + │ │ ├── Volume.yaml + │ │ └── service.yaml + │ └── values.yaml +``` + +Type of files used: + +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml` : A Deployment controller provides declarative updates for Pods and ReplicaSets. +- `volume.yaml` : These PVCs can be used to provide persistent storage for the network map service deployment, allowing data to be stored and accessed across the lifecycle of the deployment. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, storage, service and vault. + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/nms/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | network-map | + +### Metadata + +| Name | Description | Default Value | +| ----------------| ---------------------------------------------------------------------------- | ------------- | +| namespace | Provide the namespace for the nms Generator | default | + +### Image + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| env | Provide enviroment variable for container image | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------ | ------------- | +| type | Provide the type of service | "NodePort" | +| port | Provide the NMS service port | "30007" | +| nodePort | Provide the node port for node service to be accessible outside| "32001" | + + +### storage + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| Memory | Provide the memory for node | "4Gi" | + + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordanms | +| secretprefix | Provide the kubernetes auth backed configured in vault | "" | +| imagesecretname | specify the name of the Kubernetes secret | "" | +| serviceaccountname | To authenticate with the Vault server and retrieve the secrets |vault-auth-issuer| +| ambassador | Provides the suffix to be used in external URL |"" | + + + + +## Deployment +--- + +To deploy the nms Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/nms/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade, verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./nms +``` + +To upgrade the chart: +```bash +helm upgrade ./nms +``` + +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. + + +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. + + + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [Nms Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/nms), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). + + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/nms/values.yaml b/platforms/r3-corda/charts/nms/values.yaml index 940065759621..460ce7ef0f4b 100644 --- a/platforms/r3-corda/charts/nms/values.yaml +++ b/platforms/r3-corda/charts/nms/values.yaml @@ -10,12 +10,12 @@ #Provide the Name for node to be deployed #Eg. nodeName: network-map -nodeName: +nodeName: network-map metadata: #Provide the namespace #Eg. namespace: default - namespace: + namespace: default image: #Provide the name of image for init container @@ -52,18 +52,18 @@ image: service: #Provide the NMS service port #Eg. port: 30007 - port: + port: 30007 #Provide the type of service #Eg. type: NodePort - type: + type: NodePort #Provide the node port for node service to be accessible outside #Eg. nodePort: 30050 - nodePort: + nodePort: 30050 storage: #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi vault: #Provide the vault server address @@ -71,16 +71,16 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Eg. authpath: cordanms - authpath: + authpath: cordanms #Provide the kubernetes auth backed configured in vault #Eg. secretprefix: secretprefix: #Eg. imagesecretname: imagesecretname: #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer ambassador: #Provides the suffix to be used in external URL #Eg. external_url_suffix: org1.blockchaincloudpoc.com diff --git a/platforms/r3-corda/charts/node-initial-registration/Chart.yaml b/platforms/r3-corda/charts/node-initial-registration/Chart.yaml index 09fcbc5690a9..8a9af7b3e29c 100644 --- a/platforms/r3-corda/charts/node-initial-registration/Chart.yaml +++ b/platforms/r3-corda/charts/node-initial-registration/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Job for initial node registration." name: node-initial-registration -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/node-initial-registration/README.md b/platforms/r3-corda/charts/node-initial-registration/README.md index de29b7b55273..63b3ed22dcc4 100644 --- a/platforms/r3-corda/charts/node-initial-registration/README.md +++ b/platforms/r3-corda/charts/node-initial-registration/README.md @@ -3,13 +3,34 @@ [//]: # (SPDX-License-Identifier: Apache-2.0) [//]: # (##############################################################################################) -# NODE INITIAL REGISTRATION + +# Node Deployment -Following chart contains Kubernetes job which is used for performing initial-registration for the node from doorman. +- [Node-initial-registration Deployment Helm Chart](#Node-initial-registration-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) -For more information read [corda node](https://docs.corda.net/releases/release-V3.3/key-concepts-node.html) -To find more details on initial registration [here](https://docs.corda.net/releases/release-V3.3/permissioning.html) + +## node-initial-registration Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/node-initial-registration) helps to delpoy the job for registering the r3corda node. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. + This chart has following structue: ``` @@ -24,87 +45,187 @@ This chart has following structue: Type of files used: +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `job.yaml` : This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment. Including volume mounts, environment variables, and ports for the container. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, nodeconfig, credenatials, storage, service , vault, etc. +- `_helpers.tpl` : A template file used for defining custom labels and ports for the metrics in the Helm chart. + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/node-initial-registration/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | bank1 | + +### Metadata + +| Name | Description | Default Value | +| ----------------| ---------------------------------------------------------------------------- | ------------- | +| namespace | Provide the namespace for the Node-initial-registration Generator | default | +| labels | Provide any additional labels for the Node-initial-registration Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| privateCertificate | Provide true or false if private certificate to be added | "true" | +| doormanCertAlias | Provide true or false if private certificate to be added | "" | +| networkmapCertAlias | Provide true or false if private certificate to be added | "" | + +### NodeConf + +| Name | Description | Default Value | +| ------------------------ | -------------------------------------------------------------------------------------- | --------------- | +| p2p | The host and port on which the node is available for protocol operations over ArtemisMQ | "" | +| ambassadorAddress | Specify ambassador host:port which will be advertised in addition to p2paddress | "" | +| legalName | Provide the legalName for node | "" | +| dbUrl | Provide the h2Url for node | "bank1h2" | +| dbPort | Provide the h2Port for node | "9101" | +| networkMapURL | Provide the nms for node | "" | +| doormanURL | Provide the doorman for node | "" | +| jarVersion | Provide the jar Version for corda jar and finanace jar | "3.3-corda" | +| devMode | Provide the devMode for corda node | "true" | +| env | Provide the enviroment variables to be set | "" | + +### credentials + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------| ------------- | +| dataSourceUser | Provide the dataSourceUser for corda node | "" | +| rpcUser | Provide the rpcUser for corda node | bank1operations| + +### Volume + +| Name | Description | Default Value | +| -----------------| -----------------------| ------------- | +| baseDir | Base directory | /home/bevel | + +### Resources + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| limits | Provide the limit memory for node | "1Gi" | +| requests | Provide the requests memory for node | "1Gi" | + +### storage + +| Name | Description | Default Value | +| --------------------- | -------------------------------------------------------- | ------------- | +| provisioner | Provide the provisioner for node | "" | +| name | Provide the name for node | bank1nodesc | +| memory | Provide the memory for node | "4Gi" | +| type | Provide the type for node | "gp2" | +| encrypted | Provide whether the EBS volume should be encrypted or not | "true" | +| annotations | Provide the annotation of the node | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | NodePort | +| p2p port | Provide the tcp port for node | 10007 | +| p2p nodePort | Provide the p2p nodeport for node | 30007 | +| p2p targetPort | Provide the p2p targetPort for node | 30007 | +| rpc port | Provide the tpc port for node | 10008 | +| rpc targetPort | Provide the rpc targetport for node | 10003 | +| rpc nodePort | Provide the rpc nodePort for node | 30007 | +| rpcadmin port | Provide the rpcadmin port for node | 10108 | +| rpcadmin targetPort | Provide the rpcadmin targetport for node | 10005 | +| rpcadmin nodePort | Provide the rpcadmin nodePort for node | 30007 | + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------------------- | +| address | Address/URL of the Vault server. | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordabank1 | +| serviceAccountName | Provide the already created service account name autheticated to vault | vault-auth-issuer | +| certSecretPrefix | Provide the vault path where the certificates are stored | bank1/certs | +| dbsecretprefix | Provide the secretprefix | bank1/credentials/database | +| rpcusersecretprefix | Provide the secretprefix | bank1/credentials/rpcusers | +| keystoresecretprefix | Provide the secretprefix | bank1/credentials/keystore | +| retires | Provide the no of retires | "" | + +### Healthcheck + +| Name | Description | Default Value | +| ----------------------------| ------------------------------------------------------------------------------| ------------- | +| readinesscheckinterval | Provide the interval in seconds you want to iterate till db to be ready | 5 | +| readinessthreshold | Provide the threshold till you want to check if specified db up and running | 2 | + + + +## Deployment +--- + +To deploy the node-initial-registration Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/node-initial-registration/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade,verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./node-initial-registration ``` -charts.yaml : A YAML file containing information about the chart -_helpers.tpl : A place to put template helpers that you can re-use throughout the chart -values.yaml : This file contains the default values for a chart -job.yaml : A Job creates one or more Pods and ensures that a specified number of them successfully terminate. + +To upgrade the chart: +```bash +helm upgrade ./node-initial-registration ``` +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. -## Running the chart +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. -Pre-Requisite: Before deploying the chart please ensure you have Doorman and Node's database up and running. -- Deploy Doorman & Node's Database by following steps from documentation -- Create secrets for the node by following steps from documentation -- Create a values-node.yaml for the chart with a minimum set of keys, for template references use values.yaml present in the respective chart -- Create aws cli script to transfer artmis folder (which gets created by corda node) to and from AWS s3 + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [node-initial-registration Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/node-initial-registration), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). -Install the chart with: -``` -helm install --values=${PATH_TO_VALUES}//values-node.yaml ${PATH_TO_HELMCHARTS}/node-initial-registration --name --kube-context= --namespace= -``` + +## License -If you need to delete the chart use: +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: ``` -helm uninstall -n --kube-context= -``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 -# Chart Functionalities - -## job.yaml - -Contains following containers: - -### Main Containers: - -1. corda-node: This container is used for running corda jar. - Tasks performed in this container: -- Setting up enviroment variables required for corda jar -- Import self signed tls certificate (if used) of doorman and networkmap, since java only trusts certificate signed by well known CA -- Import self signed tls certificate of H2, since java only trusts certificate signed by well known CA -- Change password of nodekeystore.jks,sslkeystore.jks ,truststore.jks -- Command to run corda jar with --initial-registration to perform initial registration with doorman, we are setting javax.net.ssl.keyStore as ${BASE_DIR}/certificates/sslkeystore.jks since keystore gets reset when using h2 ssl - -2. store-certs: This container is is used for putting certificate into the vault - Tasks performed in this container -- Loop to check if certificate and check file is generated -- Put certificates obtained after perfoming initial-registration is added in vault - -### Init-containers: - -1. init-nodeconf: This container is used for creating node.conf which is used by corda node. - For more details on how to make node.conf read [node configuration](https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html) - Tasks performed in this container - -- Delete previously created node.conf, and create a new node.conf -- Set env to get secrets from vault -- Save keyStorePassword & trustStorePassword from vault -- Save dataSourceUserPassword from vault -- Create node.conf according to values specified by users using values.yaml - -2. init-certificates: This container is used for downloading certficate from vault - For more details on read [Network permissioning](https://docs.corda.net/releases/release-V3.3/permissioning.html) - Tasks performed in this container - -- Setting up env to get secrets from vault -- To perform check if certificate are already present in vault, if yes then exit -- Get custom nodekeystore.jks from vault, if provided -- Get network-map-truststore.jks from vault -- When using h2-ssl with private certificate, download the certificate (To import in ca cert in main corda container) -- When using doorman and networkmap in TLS: true, and using private certificate then download certificate(To import in ca cert in main corda container) -- When using custom sslKeystore while setting in node.conf -- To download jars from git repo, download private key (corresponding public key to be added in git repo) -- Get aws access key id and secret access key, it is used for accessing AWS s3 for artmis folder - -3. init-credential: This container is used for getting passwords of keystore from vault - Tasks performed in this container -- Setting up env to get secrets from vault -- Get keystore passwords from vault - -4. db-healthcheck: This container is used for performing health check - Tasks performed in this container -- perform health check if db is up and running before starting corda node +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/node-initial-registration/values.yaml b/platforms/r3-corda/charts/node-initial-registration/values.yaml index 3f7e39e2e0df..9a3c9e648702 100644 --- a/platforms/r3-corda/charts/node-initial-registration/values.yaml +++ b/platforms/r3-corda/charts/node-initial-registration/values.yaml @@ -6,16 +6,16 @@ #Provide the nodeName for node #Eg. nodeName: bank1 -nodeName: +nodeName: bank1 #Provide the replica set for node deployed #Eg. replicas: 1 -replicas: +replicas: 1 metadata: #Provide the namespace #Eg. namespace: default - namespace: + namespace: default #Provide the custom labels #NOTE: Provide labels other than name, release name , release service, chart version , chart name , app. #Eg. labels: @@ -27,22 +27,22 @@ image: #Eg. containerName: hyperledgerlabs/h2:2018 #Note: For public certificate use: hyperledgerlabs/corda:3.3.0-corda-corda-20190502 # For private certificate use: hyperledgerlabs/corda:3.3.0-corda-root-20190502 - containerName: + containerName: hyperledgerlabs/h2:2018 #Provide the name of image for init container #Eg. name: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide true or false if private certificate to be added #Eg. privateCertificate: true - privateCertificate: + privateCertificate: true #Provide true or false if private certificate to be added #Eg. doormanCertAlias: doorman.fracordakubetest7.com - doormanCertAlias: + doormanCertAlias: doorman.fracordakubetest7.com #Provide true or false if private certificate to be added #Eg. networkmapCertAlias: networkmap.fracordakubetest7.com - networkmapCertAlias: + networkmapCertAlias: networkmap.fracordakubetest7.com #For more information for node.Conf fields please refer to: https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html @@ -80,10 +80,10 @@ nodeConf: exportHibernateJMXStatistics: #Provide the h2Url for node #Eg. h2Url: bank1h2 - dbUrl: + dbUrl: bank1h2 #Provide the h2Port for node #Eg. h2Port: 9101 - dbPort: + dbPort: 9101 dataSourceClassName: dataSourceUrl: jarPath: @@ -95,10 +95,10 @@ nodeConf: webAddress: #Provide the jar Version for corda jar and finanace jar #Eg. jarVersion: 3.3-corda - jarVersion: + jarVersion: 3.3-corda #Provide the devMode for corda node #Eg. devMode: true - devMode: + devMode: true #Provide the enviroment variables to be set env: - name: JAVA_OPTIONS @@ -114,7 +114,7 @@ credentials: dataSourceUser: #Provide the rpcUser for corda node #Eg. rpcUser: bank1operations - rpcUser: + rpcUser: bank1operations - name: permissions: - name: @@ -130,10 +130,10 @@ volume: resources: #Provide the limit memory for node #Eg. limits: "1Gi" - limits: + limits: "1Gi" #Provide the requests memory for node #Eg. requests: "1Gi" - requests: + requests: "1Gi" storage: #Provide the provisioner for node @@ -141,17 +141,17 @@ storage: provisioner: #Provide the name for node #Eg. name: bank1nodesc - name: + name: bank1nodesc #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi parameters: #Provide the type for node #Eg. type: gp2 - type: + type: gp2 # Provide whether the EBS volume should be encrypted or not #Eg. encrypted: "true" - encrypted: + encrypted: "true" # annotations: # key: "value" annotations: @@ -162,37 +162,37 @@ service: # nodePort should be kept empty while using service type as ClusterIP ( Values.service.type ) #Provide the type of service #Eg. type: NodePort or LoadBalancer etc - type: + type: NodePort p2p: #Provide the p2p port for node #Eg. port: 10007 - port: + port: 10007 #Provide the p2p node port for node #Eg. port: 30007 - nodePort: + nodePort: 30007 #Provide the p2p targetPort for node #Eg. targetPort: 30007 - targetPort: + targetPort: 30007 rpc: #Provide the rpc port for node #Eg. port: 10008 - port: + port: 10008 #Provide the rpc targetPort for node #Eg. targetPort: 10003 - targetPort: + targetPort: 10003 #Provide the rpc node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 rpcadmin: #Provide the rpcadmin port for node #Eg. port: 10108 - port: + port: 10108 #Provide the rpcadmin targetPort for node #Eg. targetPort: 10005 - targetPort: + targetPort: 10005 #Provide the rpcadmin node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 # annotations: # key: "value" annotations: @@ -208,32 +208,32 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Provide the authpath #Eg. authpath: cordabank1 - authpath: + authpath: cordabank1 #Provide the serviceaccountname #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer #Provide the secretprefix #Eg. dbsecretprefix: bank1/credentials/database - dbsecretprefix: + dbsecretprefix: bank1/credentials/database #Provide the secretprefix #Eg. rpcusersecretprefix: bank1/credentials/rpcusers - rpcusersecretprefix: + rpcusersecretprefix: bank1/credentials/rpcusers #Provide the secretprefix #Eg. keystoresecretprefix: bank1/credentials/keystore - keystoresecretprefix: + keystoresecretprefix: bank1/credentials/keystore #Provide the secretprefix #Eg. certsecretprefix: bank1/certs - certsecretprefix: + certsecretprefix: bank1/certs # Number of retries to check contents from vault   retries: healthcheck: #Provide the interval in seconds you want to iterate till db to be ready #Eg. readinesscheckinterval: 5 - readinesscheckinterval: + readinesscheckinterval: 5 #Provide the threshold till you want to check if specified db up and running #Eg. readinessthreshold: 2 - readinessthreshold: \ No newline at end of file + readinessthreshold: 2 diff --git a/platforms/r3-corda/charts/node/Chart.yaml b/platforms/r3-corda/charts/node/Chart.yaml index 08d4f011eb36..975b96e04a4a 100644 --- a/platforms/r3-corda/charts/node/Chart.yaml +++ b/platforms/r3-corda/charts/node/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys the r3corda node." name: node -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/node/README.md b/platforms/r3-corda/charts/node/README.md index c8a108f59338..d54e9f7514fa 100644 --- a/platforms/r3-corda/charts/node/README.md +++ b/platforms/r3-corda/charts/node/README.md @@ -3,12 +3,32 @@ [//]: # (SPDX-License-Identifier: Apache-2.0) [//]: # (##############################################################################################) -# NODE - -Following chart contains Kubernetes deployment, service, pvc for deploying corda node. -A node is JVM run-time with a unique network identity running the Corda software. - -For more information read [corda node](https://docs.corda.net/releases/release-V3.3/key-concepts-node.html) + +# Node Deployment + +- [Node Deployment Helm Chart](#Node-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## node Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/node) helps to delpoy the r3corda node. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. This chart has following structue: @@ -26,121 +46,208 @@ This chart has following structue: Type of files used: +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml`: This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment.It includes an init container for initializing the retrieves secrets from Vault and checks if node registration is complete, and a main container for running the r3corda node.It also specifies volume mounts for storing certificates and data. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, nodeconfig, credenatials, storage, service , vault, etc. +- `_helpers.tpl` : A template file used for defining custom labels and ports for the metrics in the Helm chart. + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/node/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | bank1 | + +### Metadata + +| Name | Description | Default Value | +| ----------------| -----------------------------------------------------------------| ------------- | +| namespace | Provide the namespace for the Node Generator | default | +| labels | Provide any additional labels for the Node Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| gitContainerName | Provide the name of image for git clone container | "" | +| privateCertificate | Provide true or false if private certificate to be added | "true" | +| doormanCertAlias | Provide true or false if private certificate to be added | "" | +| networkmapCertAlias | Provide true or false if private certificate to be added | "" | + +### NodeConf + +| Name | Description | Default Value | +| ------------------------ | -------------------------------------------------------------------------------------- | --------------- | +| p2p | The host and port on which the node is available for protocol operations over ArtemisMQ | "" | +| ambassadorAddress | Specify ambassador host:port which will be advertised in addition to p2paddress | "" | +| legalName | Provide the legalName for node | "" | +| dbUrl | Provide the h2Url for node | "bank1h2" | +| dbPort | Provide the h2Port for node | "9101" | +| networkMapURL | Provide the nms for node | "" | +| doormanURL | Provide the doorman for node | "" | +| jarVersion | Provide the jar Version for corda jar and finanace jar | "3.3-corda" | +| devMode | Provide the devMode for corda node | "true" | +| useHTTPS | Provide the useHTTPS for corda node | "false" | +| env | Provide the enviroment variables to be set | "" | + +### credentials + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------| ------------- | +| dataSourceUser | Provide the dataSourceUser for corda node | "" | +| rpcUser | Provide the rpcUser for corda node | bank1operations| + +### Volume + +| Name | Description | Default Value | +| -----------------| -----------------------| ------------- | +| baseDir | Base directory | /home/bevel | + +### Resources + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| limits | Provide the limit memory for node | "1Gi" | +| requests | Provide the requests memory for node | "1Gi" | + +### storage + +| Name | Description | Default Value | +| --------------------- | -------------------------------------------------------- | ------------- | +| provisioner | Provide the provisioner for node | "" | +| name | Provide the name for node | bank1nodesc | +| memory | Provide the memory for node | "4Gi" | +| type | Provide the type for node | "gp2" | +| encrypted | Provide whether the EBS volume should be encrypted or not | "true" | +| annotations | Provide the annotation of the node | "" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | NodePort | +| p2p port | Provide the tcp port for node | 10007 | +| p2p nodePort | Provide the p2p nodeport for node | 30007 | +| p2p targetPort | Provide the p2p targetPort for node | 30007 | +| rpc port | Provide the tpc port for node | 10008 | +| rpc targetPort | Provide the rpc targetport for node | 10003 | +| rpc nodePort | Provide the rpc nodePort for node | 30007 | +| rpcadmin port | Provide the rpcadmin port for node | 10108 | +| rpcadmin targetPort | Provide the rpcadmin targetport for node | 10005 | +| rpcadmin nodePort | Provide the rpcadmin nodePort for node | 30007 | + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------------------- | +| address | Address/URL of the Vault server. | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordabank1 | +| serviceAccountName | Provide the already created service account name autheticated to vault | vault-auth-issuer | +| certSecretPrefix | Provide the vault path where the certificates are stored | bank1/certs | +| dbsecretprefix | Provide the secretprefix | bank1/credentials/database | +| rpcusersecretprefix | Provide the secretprefix | bank1/credentials/rpcusers | +| keystoresecretprefix | Provide the secretprefix | bank1/credentials/keystore | +| cordappsreposecretprefix | Provide the secretprefix | bank1/credentials/cordapps | + +### cordapps + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| getcordapps | Provide if you want to provide jars in cordapps | "" | +| repository | Provide the repository of cordapps | "" | +| jars url | Provide url to download the jar using wget cmd | "" | + +### Healthcheck + +| Name | Description | Default Value | +| ----------------------------| ------------------------------------------------------------------------------| ------------- | +| readinesscheckinterval | Provide the interval in seconds you want to iterate till db to be ready | 5 | +| readinessthreshold | Provide the threshold till you want to check if specified db up and running | 2 | + +### ambassador + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | -------------------------- | +| component_name | Provides component name | node | +| external_url_suffix | Provides the suffix to be used in external URL | org1.blockchaincloudpoc.com | +| p2p_ambassador | Provide the p2p port for ambassador | 10007 | + + + + +## Deployment +--- + +To deploy the node Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/node/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade,verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./node ``` -chart.yaml : A YAML file containing information about the chart -deployment.yaml : A Deployment controller provides declarative updates for Pods and ReplicaSets. -_helpers.tpl : A place to put template helpers that you can re-use throughout the chart -pvc.yaml : A PersistentVolumeClaim (PVC) is a request for storage by a user. -service.yaml : An abstract way to expose an application running on a set of Pods as a network service. -values.yaml : This file contains the default values for a chart + +To upgrade the chart: +```bash +helm upgrade ./node ``` +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. -## Running the chart +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. -Pre-Requisite: Before deploying the chart please ensure you have Networkmap and Node's database up and running. -- Deploy Networkmap & Node's Database by following steps from documentation -- Create secrets for the node by following steps from documentation -- Create a values-node.yaml for the chart with a minimum set of keys, for template references use values.yaml present in the respective chart -- Create aws cli script to transfer artmis folder (which gets created by corda node) to and from AWS s3 + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [node Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/node), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). -Install the chart with: -``` -helm install --set-file "awscliscript=" -f ${PATH_TO_VALUES}//values-node.yaml --set metadata.namespace= ${PATH_TO_HELMCHARTS}/node --name --kube-context= --namespace= + +## License -``` +This chart is licensed under the Apache v2.0 license. -If you need to delete the chart use: +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: ``` -helm uninstall -n --kube-context= -``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 -# Chart Functionalities - -## deployment.yaml - -Contains following containers: - -### Main Containers: - -1. corda-node: This container is used for running corda jar. - Tasks performed in this container -- Setting up enviroment variables required for corda jar -- condition to check if artmis folder is recovered from s3 -- condtion to check if artmis folder retrieved from s3 is empty or contains data -- command to run corda jar, we are setting javax.net.ssl.keyStore as ${BASE_DIR}/certificates/sslkeystore.jks since keystore gets reset when using h2 ssl -- Delete empty artmis folder because it causes problem in starting corda node -- Import self signed tls certificate (if used) of doorman and networkmap, since java only trusts certificate signed by well known CA -- clean network-arameters on every restart -- import self signed tls certificate of H2, since java only trusts certificate signed by well known CA - -2. corda-logs: This container is is used for printing corda logs - Tasks performed in this container -- Loop to check if log file is generated by corda and keep on printing log file if it is generated by corda - -### Init-containers: - -1. init-nodeconf: This container is used for creating node.conf which is used by corda node. - For more details on how to make node.conf read [node configuration](https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html) - Tasks performed in this container -- delete previously created node.conf, and create a new node.conf -- set env to get secrets from vault -- save keyStorePassword & trustStorePassword from vault -- save dataSourceUserPassword from vault -- create node.conf according to values given by users using values.yaml - -2. init-certificates: This container is used for downloading certficate from vault - For more details on read [Network permissioning](https://docs.corda.net/releases/release-V3.3/permissioning.html) - Tasks performed in this container -- setting up env to get secrets from vault -- get nodekeystore.jks from vault -- get sslkeystore.jks from vault -- get truststore.jks from vault -- get network-map-truststore.jks from vault -- when using h2-ssl with private certificate, download the certificate (To import in ca cert in main corda container) -- when using doorman and networkmap in TLS: true, and using private certificate then download certificate(To import in ca cert in main corda container) -- when using custom sslKeystore while setting in node.conf -- To download jars from git repo, download private key (corresponding public key to be added in git repo) -- get aws access key id and secret access key, it is used for accessing AWS s3 for artmis folder - -3. init-healthcheck: This container is used for performing health check - Tasks performed in this container -- perform health check if db is up and running before starting corda node - -4. init-cordapps: This container is used for downloading corda jar from git repo or any links provided in values.yaml - For more details on read [cordapp](https://docs.corda.r3.com/releases/3.3/cordapp-build-systems.html) - Tasks performed in this container -- creating cordapps dir in volume to keep jars -- Deleting cordapps dir to get rid of old jars -- removing /tmp/corda-jars and /tmp/downloaded-jars to start fresh -- Setting up env for git clone -- Git repository clone for cordapps -- copy the jars from repository to node volume -- Download official corda provided jars using wget -- copy the jars from repository to web volume -- remove private key & tmp dir dir created -- Print total jars present in node dir -NOTE:- Update git repository url and branch were jars are present in values. - -## service.yaml - -Contains port specifications for: - -1. p2p communication among corda node -2. rpc communication between corda node and webserver -3. rpc admin communication -4. communication with springboot web (added only if webserver is enabled and number is based on values specified by user in values.yaml) - -## pvc.yaml - -Contains specifications for: - -1. To create pvc used by node -2. To create pvc used for each webserver deployed (added only if webserver is enabled and number is based on values specified by user in values.yaml) -NOTE:- On helm deletion of node chart data stored in volume will get lost due to deletion of persistence volume claim. +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. ``` -helm upgrade --install --set-file "awscliscript=" -f ${PATH_TO_VALUES}//values-node.yaml --set metadata.namespace= ${PATH_TO_HELMCHARTS}/node --name --kube-context= --namespace= -``` \ No newline at end of file diff --git a/platforms/r3-corda/charts/node/values.yaml b/platforms/r3-corda/charts/node/values.yaml index 5ae9f9501222..341f005bd1e9 100644 --- a/platforms/r3-corda/charts/node/values.yaml +++ b/platforms/r3-corda/charts/node/values.yaml @@ -6,11 +6,11 @@ #Provide the nodeName for node #Eg. nodeName: bank1 -nodeName: +nodeName: bank1 #Provide the replica set for node deployed #Eg. replicas: 1 -replicas: +replicas: 1 metadata: #Provide the namespace @@ -30,22 +30,22 @@ image: containerName: #Provide the name of image for init container #Eg. name: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the name of image for git clone container #Eg. gitContainerName: hyperledgerlabs/corda-git:0.0.2-corda-git-jar - gitContainerName: + gitContainerName: hyperledgerlabs/corda-git:0.0.2-corda-git-jar #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide true or false if private certificate to be added #Eg. privateCertificate: true - privateCertificate: + privateCertificate: true #Provide true or false if private certificate to be added #Eg. doormanCertAlias: doorman.fracordakubetest7.com - doormanCertAlias: + doormanCertAlias: doorman.fracordakubetest7.com #Provide true or false if private certificate to be added #Eg. networkmapCertAlias: networkmap.fracordakubetest7.com - networkmapCertAlias: + networkmapCertAlias: networkmap.fracordakubetest7.com #For more information for node.Conf fields please refer to: https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html @@ -83,10 +83,10 @@ nodeConf: exportHibernateJMXStatistics: #Provide the h2Url for node #Eg. h2Url: bank1h2 - dbUrl: + dbUrl: bank1h2 #Provide the h2Port for node #Eg. h2Port: 9101 - dbPort: + dbPort: 9101 dataSourceClassName: dataSourceUrl: jarPath: @@ -98,13 +98,13 @@ nodeConf: webAddress: #Provide the jar Version for corda jar and finanace jar #Eg. jarVersion: 3.3-corda - jarVersion: + jarVersion: 3.3-corda #Provide the devMode for corda node #Eg. devMode: true - devMode: + devMode: true #Provide the useHTTPS for corda node #Eg. useHTTPS: false - useHTTPS: + useHTTPS: false #Provide the enviroment variables to be set env: - name: JAVA_OPTIONS @@ -120,7 +120,7 @@ credentials: dataSourceUser: #Provide the rpcUser for corda node #Eg. rpcUser: bank1operations - rpcUser: + rpcUser: bank1operations - name: permissions: - name: @@ -136,28 +136,28 @@ volume: resources: #Provide the limit memory for node #Eg. limits: "1Gi" - limits: + limits: "1Gi" #Provide the requests memory for node #Eg. requests: "1Gi" - requests: + requests: "1Gi" storage: #Provide the provisioner for node #Eg. provisioner: kubernetes.io/aws-ebs - provisioner: + provisioner: kubernetes.io/aws-ebs #Provide the name for node #Eg. name: bank1nodesc - name: + name: bank1nodesc #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi parameters: #Provide the type for node #Eg. type: gp2 - type: + type: gp2 # Provide whether the EBS volume should be encrypted or not #Eg. encrypted: "true" - encrypted: + encrypted: "true" # annotations: # key: "value" annotations: @@ -168,37 +168,37 @@ service: # nodePort should be kept empty while using service type as ClusterIP ( Values.service.type ) #Provide the type of service #Eg. type: NodePort or LoadBalancer etc - type: + type: NodePort p2p: #Provide the p2p port for node #Eg. port: 10007 - port: + port: 10007 #Provide the p2p node port for node #Eg. port: 30007 - nodePort: + nodePort: 30007 #Provide the p2p targetPort for node #Eg. targetPort: 30007 - targetPort: + targetPort: 30007 rpc: #Provide the rpc port for node #Eg. port: 10008 - port: + port: 10008 #Provide the rpc targetPort for node #Eg. targetPort: 10003 - targetPort: + targetPort: 10003 #Provide the rpc node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 rpcadmin: #Provide the rpcadmin port for node #Eg. port: 10108 - port: + port: 10108 #Provide the rpcadmin targetPort for node #Eg. targetPort: 10005 - targetPort: + targetPort: 10005 #Provide the rpcadmin node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 # annotations: # key: "value" annotations: @@ -219,28 +219,28 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Provide the authpath #Eg. authpath: cordabank1 - authpath: + authpath: cordabank1 #Provide the serviceaccountname #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer #Provide the secretprefix #Eg. dbsecretprefix: bank1/credentials/database - dbsecretprefix: + dbsecretprefix: bank1/credentials/database #Provide the secretprefix #Eg. rpcusersecretprefix: bank1/credentials/rpcusers - rpcusersecretprefix: + rpcusersecretprefix: bank1/credentials/rpcusers #Provide the secretprefix #Eg. keystoresecretprefix: bank1/credentials/keystore - keystoresecretprefix: + keystoresecretprefix: bank1/credentials/keystore #Provide the secretprefix #Eg. certsecretprefix: bank1/certs - certsecretprefix: + certsecretprefix: bank1/certs #Provide the secretprefix #Eg. cordappsreposecretprefix: bank1/credentials/cordapps - cordappsreposecretprefix: + cordappsreposecretprefix: bank1/credentials/cordapps cordapps: #Provide if you want to provide jars in cordapps @@ -256,19 +256,19 @@ cordapps: healthcheck: #Provide the interval in seconds you want to iterate till db to be ready #Eg. readinesscheckinterval: 5 - readinesscheckinterval: + readinesscheckinterval: 5 #Provide the threshold till you want to check if specified db up and running #Eg. readinessthreshold: 2 - readinessthreshold: + readinessthreshold: 2 ambassador: #Provides component name #Eg. component_name: node - component_name: + component_name: node #Provides the suffix to be used in external URL #Eg. external_url_suffix: org1.blockchaincloudpoc.com - external_url_suffix: + external_url_suffix: org1.blockchaincloudpoc.com #Provide the p2p port for ambassador #Eg. p2p_ambassador: 10007 - p2p_ambassador: + p2p_ambassador: 10007 diff --git a/platforms/r3-corda/charts/notary-initial-registration/Chart.yaml b/platforms/r3-corda/charts/notary-initial-registration/Chart.yaml index 95337b79fbab..a38f0a9d794d 100644 --- a/platforms/r3-corda/charts/notary-initial-registration/Chart.yaml +++ b/platforms/r3-corda/charts/notary-initial-registration/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Job for initial notary node registration." name: notary-initial-registration -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/notary-initial-registration/README.md b/platforms/r3-corda/charts/notary-initial-registration/README.md index 37ceaed9cce6..c586a2658763 100644 --- a/platforms/r3-corda/charts/notary-initial-registration/README.md +++ b/platforms/r3-corda/charts/notary-initial-registration/README.md @@ -3,13 +3,33 @@ [//]: # (SPDX-License-Identifier: Apache-2.0) [//]: # (##############################################################################################) -# NODE + +# Node Deployment + +- [Notary-initial-registration Deployment Helm Chart](#Notary-initial-registration-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) + + +## notary-initial-registration Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/notary-initial-registration) helps to deploy the job for initial notory node registration. + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- networkmap and Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. -Following chart contains Kubernetes job which is used for performing initial-registration for the node from doorman. - -For more information read [corda node](https://docs.corda.net/releases/release-V3.3/key-concepts-node.html) - -To find more details on initial registration [here](https://docs.corda.net/releases/release-V3.3/permissioning.html) This chart has following structue: ``` @@ -24,92 +44,177 @@ This chart has following structue: Type of files used: +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `job.yaml` : This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment, Init container is responsible for intial node registration process is completed successfully before the main containers start.It also specifies volume mounts for storing certificates and data. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, nodeconfig, credenatials, storage, service , vault, etc. +- `_helpers.tpl` : A template file used for defining custom labels and ports for the metrics in the Helm chart. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/notary-initial-registration/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | bank1 | + +### Metadata + +| Name | Description | Default Value | +| ----------------| ---------------------------------------------------------------------------- | ------------- | +| namespace | Provide the namespace for the Notary-initial-registration Generator | default | +| labels | Provide any additional labels for the Notary-initial-registration Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| privateCertificate | Provide true or false if private certificate to be added | "true" | +| doormanCertAlias | Provide true or false if private certificate to be added | "" | +| networkmapCertAlias | Provide true or false if private certificate to be added | "" | + +### NodeConf + +| Name | Description | Default Value | +| ------------------------ | -------------------------------------------------------------------------------------- | --------------- | +| p2p | The host and port on which the node is available for protocol operations over ArtemisMQ | "" | +| ambassadorAddress | Specify ambassador host:port which will be advertised in addition to p2paddress | "" | +| legalName | Provide the legalName for node | "" | +| dbUrl | Provide the h2Url for node | "bank1h2" | +| dbPort | Provide the h2Port for node | "9101" | +| networkMapURL | Provide the nms for node | "" | +| doormanURL | Provide the doorman for node | "" | +| jarVersion | Provide the jar Version for corda jar and finanace jar | "3.3-corda" | +| devMode | Provide the devMode for corda node | "true" | +| env | Provide the enviroment variables to be set | "" | + +### credentials + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------| ------------- | +| dataSourceUser | Provide the dataSourceUser for corda node | "" | +| rpcUser | Provide the rpcUser for corda node | bank1operations| + +### Volume + +| Name | Description | Default Value | +| -----------------| -----------------------| ------------- | +| baseDir | Base directory | /home/bevel | + +### Resources + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| limits | Provide the limit memory for node | "1Gi" | +| requests | Provide the requests memory for node | "1Gi" | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| type | Provide the type of service | NodePort | +| p2p port | Provide the tcp port for node | 10007 | +| p2p nodePort | Provide the p2p nodeport for node | 30007 | +| p2p targetPort | Provide the p2p targetPort for node | 30007 | +| rpc port | Provide the tpc port for node | 10008 | +| rpc targetPort | Provide the rpc targetport for node | 10003 | +| rpc nodePort | Provide the rpc nodePort for node | 30007 | +| rpcadmin port | Provide the rpcadmin port for node | 10108 | +| rpcadmin targetPort | Provide the rpcadmin targetport for node | 10005 | +| rpcadmin nodePort | Provide the rpcadmin nodePort for node | 30007 | + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordabank1 | +| serviceAccountName | Provide the already created service account name autheticated to vault | vault-auth-issuer | +| certSecretPrefix | Provide the vault path where the certificates are stored | bank1/certs | +| dbsecretprefix | Provide the secretprefix | bank1/credentials/database | +| rpcusersecretprefix | Provide the secretprefix | bank1/credentials/rpcusers | +| keystoresecretprefix | Provide the secretprefix | bank1/credentials/keystore | +| retires | Provide the no of retires | "" | + +### Healthcheck + +| Name | Description | Default Value | +| ----------------------------| ------------------------------------------------------------------------------| ------------- | +| readinesscheckinterval | Provide the interval in seconds you want to iterate till db to be ready | 5 | +| readinessthreshold | Provide the threshold till you want to check if specified db up and running | 2 | + + + +## Deployment +--- + +To deploy the notary-initial-registration Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/notary-initial-registration/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade,verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./notary-initial-registration ``` -charts.yaml : A YAML file containing information about the chart -_helpers.tpl : A place to put template helpers that you can re-use throughout the chart -values.yaml : This file contains the default values for a chart -job.yaml : A Job creates one or more Pods and ensures that a specified number of them successfully terminate. + +To upgrade the chart: +```bash +helm upgrade ./notary-initial-registration ``` +To verify the deployment: +```bash +kubectl get jobs -n +``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. -## Running the chart +To delete the chart: +```bash +helm uninstall +``` +Note : Replace `` with the desired name for the release. -Pre-Requisite: Before deploying the chart please ensure you have Doorman and Node's database up and running. -- Deploy Doorman & Node's Database by following steps from documentation -- Create secrets for the node by following steps from documentation -- Create a values-node.yaml for the chart with a minimum set of keys, for template references use values.yaml present in the respective chart -- Create aws cli script to transfer artmis folder (which gets created by corda node) to and from AWS s3 + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [notary-initial-registration Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/notary-initial-registration), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). -Install the chart with: -``` -helm install --values=${PATH_TO_VALUES}//values-node.yaml ${PATH_TO_HELMCHARTS}/node-initial-registration --name --kube-context= --namespace= -``` + +## License -If you need to delete the chart use: +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Accenture + +### Attribution + +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: ``` -helm uninstall -n --kube-context= -``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 -# Chart Functionalities - -## job.yaml - -Contains following containers: - -### Main Containers: - -1. notary-initial-registration: This container is used for notary-initial-registration - Tasks performed in this container: - -- Setting up enviroment variables required for corda jar -- Setting up enviroment variables -- Import self signed tls certificate (if used) of doorman and networkmap, since java only trusts certificate signed by well known CA -- Import self signed tls certificate of H2, since java only trusts certificate signed by well known CA -- Command to run corda jar with --initial-registration to perform initial registration with doorman, we are setting javax.net.ssl.keyStore as ${BASE_DIR}/certificates/sslkeystore.jks since keystore gets reset when using h2 ssl -- Change password of nodekeystore.jks,sslkeystore.jks ,truststore.jks -- create dummy file to perform check if last line of the container is executed or not - -2. store-certs-in-vault: This container is is used for putting certiicate into the vault - Tasks performed in this container - -- Loop to check if certificate and check file is generated -- Put certificates obtained after perfoming initial-registration is added in vault - -### Init-containers: - -1. init-nodeconf: This container is used for creating node.conf which is used by corda node. - For more details on how to make node.conf read [node configuration](https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html) - Tasks performed in this container - -- Delete previously created node.conf, and create a new node.conf -- Set env to get secrets from vault -- Save keyStorePassword & trustStorePassword from vault -- Save dataSourceUserPassword from vault -- Create node.conf according to values specified by users using values.yaml - -2. init-certificates: This container is used for downloading certficate from vault - For more details on read [Network permissioning](https://docs.corda.net/releases/release-V3.3/permissioning.html) - Tasks performed in this container - -- Setting up env to get secrets from vault -- To perform check if certificate are already present in vault, if yes then exit -- Get custom nodekeystore.jks from vault, if provided -- Get network-map-truststore.jks from vault -- When using h2-ssl with private certificate, download the certificate (To import in ca cert in main corda container) -- When using doorman and networkmap in TLS: true, and using private certificate then download certificate(To import in ca cert in main corda container) -- When using custom sslKeystore while setting in node.conf -- To download jars from git repo, download private key (corresponding public key to be added in git repo) -- Get aws access key id and secret access key, it is used for accessing AWS s3 for artmis folder - -3. init-credential: This container is used for getting passwords of keystore from vault - Tasks performed in this container -- Setting up env to get secrets from vault -- Get keystore passwords from vault - -4. db-healthcheck: This container is used for performing health check - Tasks performed in this container -- perform health check if db is up and running before starting corda node - \ No newline at end of file +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/platforms/r3-corda/charts/notary-initial-registration/values.yaml b/platforms/r3-corda/charts/notary-initial-registration/values.yaml index 561c191424b2..6d3edde77918 100644 --- a/platforms/r3-corda/charts/notary-initial-registration/values.yaml +++ b/platforms/r3-corda/charts/notary-initial-registration/values.yaml @@ -6,7 +6,7 @@ #Provide the nodeName for node #Eg. nodeName: bank1 -nodeName: +nodeName: bank1 #Provide the replica set for node deployed #Eg. replicas: 1 @@ -15,7 +15,7 @@ replicas: metadata: #Provide the namespace #Eg. namespace: default - namespace: + namespace: default #Provide the custom labels #NOTE: Provide labels other than name, release name , release service, chart version , chart name , app. #Eg. labels: @@ -27,23 +27,23 @@ image: #Eg. containerName: hyperledgerlabs/h2:2018 #Note: For public certificate use: hyperledgerlabs/corda:3.3.0-corda-corda-20190502 # For private certificate use: hyperledgerlabs/corda:3.3.0-corda-root-20190502 - containerName: + containerName: hyperledgerlabs/h2:2018 #Provide the name of image for init container #Eg. name: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide true or false if private certificate to be added #Eg. privateCertificate: true - privateCertificate: + privateCertificate: true #Provide doorman domain alias #Eg. doormanCertAlias: doorman.fracordakubetest7.com - doormanCertAlias: + doormanCertAlias: doorman.fracordakubetest7.com #Provide networkmap domain alias #Eg. networkmapCertAlias: networkmap.fracordakubetest7.com - networkmapCertAlias: + networkmapCertAlias: networkmap.fracordakubetest7.com #For more information for node.Conf fields please refer to: https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html @@ -82,10 +82,10 @@ nodeConf: exportHibernateJMXStatistics: #Provide the h2Url for node #Eg. h2Url: bank1h2 - dbUrl: + dbUrl: bank1h2 #Provide the h2Port for node #Eg. h2Port: 9101 - dbPort: + dbPort: 9101 dataSourceClassName: dataSourceUrl: jarPath: @@ -97,10 +97,10 @@ nodeConf: compatibilityZoneURL: #Provide the jar Version for corda jar and finanace jar #Eg. jarVersion: 3.3-corda - jarVersion: + jarVersion: 3.3-corda #Provide the devMode for corda node #Eg. devMode: true - devMode: + devMode: true #Provide the enviroment variables to be set env: - name: JAVA_OPTIONS @@ -116,7 +116,7 @@ credentials: dataSourceUser: #Provide the rpcUser for corda node #Eg. rpcUser: bank1operations - rpcUser: + rpcUser: bank1operations - name: permissions: - name: @@ -132,47 +132,47 @@ volume: resources: #Provide the limit memory for node #Eg. limits: "1Gi" - limits: + limits: "1Gi" #Provide the requests memory for node #Eg. requests: "1Gi" - requests: + requests: "1Gi" service: # Note: Target ports are dependent on image being used. Please change them accordingly # nodePort should be kept empty while using service type as ClusterIP ( Values.service.type ) #Provide the type of service #Eg. type: NodePort or LoadBalancer etc - type: + type: NodePort p2p: #Provide the p2p port for node #Eg. port: 10007 - port: + port: 10007 #Provide the p2p node port for node #Eg. port: 30007 - nodePort: + nodePort: 30007 #Provide the p2p targetPort for node #Eg. targetPort: 30007 - targetPort: + targetPort: 30007 rpc: #Provide the rpc port for node #Eg. port: 10008 - port: + port: 10008 #Provide the rpc targetPort for node #Eg. targetPort: 10003 - targetPort: + targetPort: 10003 #Provide the rpc node port for node - #Eg. nodePort: 30007 - nodePort: + #Eg. nodePort: 10003 + nodePort: 10003 rpcadmin: #Provide the rpcadmin port for node #Eg. port: 10108 - port: + port: 10108 #Provide the rpcadmin targetPort for node #Eg. targetPort: 10005 - targetPort: + targetPort: 10005 #Provide the rpcadmin node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 vault: #Provide the vault server address @@ -180,32 +180,32 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Provide the authpath #Eg. authpath: cordabank1 - authpath: + authpath: cordabank1 #Provide the serviceaccountname #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer #Provide the secretprefix #Eg. dbsecretprefix: bank1/credentials/database - dbsecretprefix: + dbsecretprefix: bank1/credentials/database #Provide the secretprefix #Eg. rpcusersecretprefix: bank1/credentials/rpcusers - rpcusersecretprefix: + rpcusersecretprefix: bank1/credentials/rpcusers #Provide the secretprefix #Eg. keystoresecretprefix: bank1/credentials/keystore - keystoresecretprefix: + keystoresecretprefix: bank1/credentials/keystore #Provide the secretprefix #Eg. certsecretprefix: bank1/certs - certsecretprefix: + certsecretprefix: bank1/certs # Number of retries to check contents from vault   retries: healthcheck: #Provide the interval in seconds you want to iterate till db to be ready #Eg. readinesscheckinterval: 5 - readinesscheckinterval: + readinesscheckinterval: 5 #Provide the threshold till you want to check if specified db up and running #Eg. readinessthreshold: 2 - readinessthreshold: \ No newline at end of file + readinessthreshold: 2 diff --git a/platforms/r3-corda/charts/notary/Chart.yaml b/platforms/r3-corda/charts/notary/Chart.yaml index f763262d5af4..344e5dc73e12 100644 --- a/platforms/r3-corda/charts/notary/Chart.yaml +++ b/platforms/r3-corda/charts/notary/Chart.yaml @@ -6,6 +6,6 @@ apiVersion: v1 appVersion: "2.0" -description: A Helm chart for Kubernetes +description: "R3-corda-os: Deploys the notary node." name: notary -version: '0.14.0' +version: '0.14.1' diff --git a/platforms/r3-corda/charts/notary/README.md b/platforms/r3-corda/charts/notary/README.md index c01cec87316c..ad9b6eeeaa4b 100644 --- a/platforms/r3-corda/charts/notary/README.md +++ b/platforms/r3-corda/charts/notary/README.md @@ -3,16 +3,38 @@ [//]: # (SPDX-License-Identifier: Apache-2.0) [//]: # (##############################################################################################) -# NOTARY + +# Notary Deployment -Following chart contains Kubernetes deployment, service, pvc ,configmap for deploying corda node. -A node is JVM run-time with a unique network identity running the Corda software. +- [Notary Deployment Helm Chart](#Notary-deployment-helm-chart) +- [Prerequisites](#prerequisites) +- [Chart Structure](#chart-structure) +- [Configuration](#configuration) +- [Deployment](#deployment) +- [Contributing](#contributing) +- [License](#license) -For more information read [corda notary](https://docs.corda.net/releases/release-V3.3/key-concepts-notaries.html) + + +## Notary Deployment Helm Chart +--- +This [Helm chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/notary) helps to deploy the r3corda notory node. + + + +## Prerequisites +--- +Before deploying the chart please ensure you have the following prerequisites: + +- NetworkMap and Node's database up and running. +- Kubernetes cluster up and running. +- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication. +- The Vault is unsealed and initialized. +- Helm is installed. This chart has following structure: ``` - . + ├── notary │   ├── Chart.yaml │   ├── templates @@ -25,129 +47,203 @@ This chart has following structure: Type of files used: +- `templates` : This directory contains the Kubernetes manifest templates that define the resources to be deployed. +- `deployment.yaml`: This file is a configuration file for deployement in Kubernetes.It creates a deployment file with a specified number of replicas and defines various settings for the deployment, Init container is responsible for node registration process is completed successfully before the main containers start.It also specifies volume mounts for storing certificates and data. +- `pvc.yaml` : A PersistentVolumeClaim (PVC) is a request for storage by a user. +- `service.yaml` : This file defines a Kubernetes Service with multiple ports for protocols and targets, and supports Ambassador proxy annotations for specific configurations when using the "ambassador" proxy provider. +- `chart.yaml` : Provides metadata about the chart, such as its name, version, and description. +- `values.yaml` : Contains the default configuration values for the chart. It includes configuration for the image, nodeconfig, credenatials, storage, service , vault, etc. +- `_helpers.tpl` : A template file used for defining custom labels and ports for the metrics in the Helm chart. + + + +## Configuration +--- +The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/notary/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options: + +## Parameters +--- + +### Name + +| Name | Description | Default Value | +| -----------| -------------------------------------------------- | ------------- | +| name | Provide the name of the node | bank1 | + +### Metadata + +| Name | Description | Default Value | +| ----------------| -------------------------------------------------------------| ------------- | +| namespace | Provide the namespace for the Notary Generator | default | +| labels | Provide any additional labels for the Notary Generator | "" | + +### Image + +| Name | Description | Default Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| initContainerName | Provide the alpine utils image, which is used for all init-containers of deployments/jobs | "" | +| containerName | Provide the containerName of image | "" | +| imagePullSecret | Provide the image pull secret of image | regcred | +| privateCertificate | Provide true or false if private certificate to be added | "true" | +| doormanCertAlias | Provide true or false if private certificate to be added | "" | +| networkmapCertAlias | Provide true or false if private certificate to be added | "" | + +### NodeConf + +| Name | Description | Default Value | +| ------------------------ | -------------------------------------------------------------------------------------- | --------------- | +| p2p | The host and port on which the node is available for protocol operations over ArtemisMQ | "" | +| ambassadorAddress | Specify ambassador host:port which will be advertised in addition to p2paddress | "" | +| legalName | Provide the legalName for node | "" | +| dbUrl | Provide the h2Url for node | "bank1h2" | +| dbPort | Provide the h2Port for node | "9101" | +| networkMapURL | Provide the nms for node | "" | +| doormanURL | Provide the doorman for node | "" | +| jarVersion | Provide the jar Version for corda jar and finanace jar | "3.3-corda" | +| devMode | Provide the devMode for corda node | "true" | +| env | Provide the enviroment variables to be set | "" | + +### credentials + +| Name | Description | Default Value | +| ----------------| ----------------------------------------------| ------------- | +| dataSourceUser | Provide the dataSourceUser for corda node | "" | +| rpcUser | Provide the rpcUser for corda node | bank1operations| + +### cordapps + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| getcordapps | Provide if you want to provide jars in cordapps | "" | +| repository | Provide the repository of cordapps | "" | +| jars url | Provide url to download the jar using wget cmd | "" | + +### Volume + +| Name | Description | Default Value | +| -----------------| -----------------------| ------------- | +| baseDir | Base directory | /home/bevel | + +### Resources + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| limits | Provide the limit memory for node | "1Gi" | +| requests | Provide the requests memory for node | "1Gi" | + +### PVC + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | --------------- | +| name | Provide the name for pvc | bank1-pvc | +| memory | Provide the memory for node | "4Gi" | +| storageClassName | Provide the name for the storageclass | bank1nodesc | + +### Service + +| Name | Description | Default Value | +| --------------------- | ------------------------------------------| ------------- | +| service Name | Provide the service | bank1 | +| type | Provide the type of service | NodePort | +| p2p port | Provide the tcp port for node | 10007 | +| p2p nodePort | Provide the p2p nodeport for node | 30007 | +| p2p targetPort | Provide the p2p targetPort for node | 30007 | +| rpc port | Provide the tpc port for node | 10008 | +| rpc targetPort | Provide the rpc targetport for node | 10003 | +| rpc nodePort | Provide the rpc nodePort for node | 30007 | +| rpcadmin port | Provide the rpcadmin port for node | 10108 | +| rpcadmin targetPort | Provide the rpcadmin targetport for node | 10005 | +| rpcadmin nodePort | Provide the rpcadmin nodePort for node | 30007 | + +### Vault + +| Name | Description | Default Value | +| ------------------------- | --------------------------------------------------------------------------| ------------------------- | +| address | Address/URL of the Vault server | "" | +| role | Role used for authentication with Vault | vault-role | +| authpath | Authentication path for Vault | cordabank1 | +| serviceAccountName | Provide the already created service account name autheticated to vault | vault-auth-issuer | +| certSecretPrefix | Provide the vault path where the certificates are stored | bank1/certs | +| dbsecretprefix | Provide the secretprefix | bank1/credentials/database | +| rpcusersecretprefix | Provide the secretprefix | bank1/credentials/rpcusers | +| keystoresecretprefix | Provide the secretprefix | bank1/credentials/keystore | +| cordappsreposecretprefix | Provide the secretprefix | bank1/credentials/cordapps | + +### Healthcheck + +| Name | Description | Default Value | +| ----------------------------| ------------------------------------------------------------------------------| ------------- | +| readinesscheckinterval | Provide the interval in seconds you want to iterate till db to be ready | 5 | +| readinessthreshold | Provide the threshold till you want to check if specified db up and running | 2 | + +### ambassador + +| Name | Description | Default Value | +| ------------------------ | ------------------------------------------------------- | -------------------------- | +| component_name | Provides component name | node | +| external_url_suffix | Provides the suffix to be used in external URL | org1.blockchaincloudpoc.com | +| p2p_ambassador | Provide the p2p port for ambassador | 10007 | + + + +## Deployment +--- + +To deploy the notary Helm chart, follow these steps: + +1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/r3-corda/charts/notary/values.yaml) file to set the desired configuration values. +2. Run the following Helm command to install, upgrade,verify, delete the chart: + +To install the chart: +```bash +helm repo add bevel https://hyperledger.github.io/bevel/ +helm install ./notary ``` -charts.yaml : A YAML file containing information about the chart -deployment.yaml : A Deployment controller provides declarative updates for Pods and ReplicaSets. -_helpers.tpl : A place to put template helpers that you can re-use throughout the chart -pvc.yaml : A PersistentVolumeClaim (PVC) is a request for storage by a user. -service.yaml : An abstract way to expose an application running on a set of Pods as a network service. -values.yaml : This file contains the default values for a chart -``` - - -## Running the chart - -Pre-Requisite: Before deploying the chart please ensure you have Networkmap and Node's database up and running. - -- Deploy Networkmap & Node's Database by following steps from documentation -- Create secrets for the node by following steps from documentation -- Create a values-node.yaml for the chart with a minimum set of keys, for template references use values.yaml present in the respective chart -- Create aws cli script to transfer artmis folder (which gets created by corda node) to and from AWS s3 - -Install the chart with: +To upgrade the chart: +```bash +helm upgrade ./notary ``` -helm install --set-file "awscliscript=" -f ${PATH_TO_VALUES}//values-node.yaml --set metadata.namespace= ${PATH_TO_HELMCHARTS}/notary --name --kube-context= --namespace= +To verify the deployment: +```bash +kubectl get jobs -n ``` +Note : Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods. -If you need to delete the chart use: - +To delete the chart: +```bash +helm uninstall ``` -helm uninstall -n --kube-context= -``` - -# Chart Functionalities - -## deployment.yaml - -Contains following containers: +Note : Replace `` with the desired name for the release. -### Main Containers: -1. notary: Tasks performed in this container + +## Contributing +--- +If you encounter any bugs, have suggestions, or would like to contribute to the [notary Deployment Helm Chart](https://github.com/hyperledger/bevel/tree/develop/platforms/r3-corda/charts/notary), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel). -- Setting up enviroment variables required for corda jar -- import self signed tls certificate of doorman and networkmap, since java only trusts certificate signed by well known CA -- to clean network-parameters on every restart -- command to run corda jar, we are setting javax.net.ssl.keyStore as ${BASE_DIR}/certificates/sslkeystore.jks since keystore gets reset when using h2 ssl + +## License -2. corda-logs: Tasks performed in this container - -- Loop to check if log file is generated by corda and keep on printing log file if it is generated by corda -- setting up env to get secrets from vault -- save networkmap password from vault for authentication of networkmap -- get node-info file name and get url for registration from values,check if notary type is validating or non validating from values.yaml, and form url accordingly. -- get one time login token from networkmap. -- curl command to register notary, if response is okay then registration is successful. +This chart is licensed under the Apache v2.0 license. -### Init-containers: +Copyright © 2023 Accenture -1. init-checkregistration: This container is used for init-checkregistration - Tasks performed in this container -- set env to get secrets from vault -- get truststore from vault to see if registration is done or not -- printing number of trial done before giving up +### Attribution -2. init-nodeconf: This container is used for creating node.conf which is used by corda node. - For more details on how to make node.conf read [node configuration](https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html) - Tasks performed in this container +This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here: -- Delete previously created node.conf, and create a new node.conf -- Set env to get secrets from vault -- Save keyStorePassword & trustStorePassword from vault -- Save dataSourceUserPassword from vault -- Create node.conf according to values specifi - -3. init-certificates: This container is used for downloading certficate from vault - For more details on read [Network permissioning](https://docs.corda.net/releases/release-V3.3/permissioning.html) - Tasks performed in this container -- setting up env to get secrets from vault -- get nodekeystore.jks from vault -- get sslkeystore.jks from vault -- get truststore.jks from vault -- get network-map-truststore.jks from vault -- when using h2-ssl with private certificate, download the certificate (To import in ca cert in main corda container) -- when using doorman and networkmap in TLS: true, and using private certificate then download certificate(To import in ca cert in main corda container) -- when using custom sslKeystore while setting in node.conf -- To download jars from git repo, download private key (corresponding public key to be added in git repo) -- get aws access key id and secret access key, it is used for accessing AWS s3 for artmis folder - -4. db-healthcheck: This container is used for performing health check - Tasks performed in this container -- perform health check if db is up and running before starting corda node - -5. init-cordapps: This container is used for creating cordapps dir in volume to keep jars -Tasks performed in this container -- creating cordapps dir in volume to keep jars -- save cordapps repository login password from vault -- Downloading official corda provided jars using curl - -## service.yaml - -Contains port specifications for: - -1. p2p communication among corda node -2. rpc communication between corda node and webserver -3. rpc admin communication -4. communication with springboot web (added only if webserver is enabled and number is based on values specified by user in values.yaml) - -## pvc.yaml - -Contains specifications for: - -1. To create pvc used by node -2. To create pvc used for each webserver deployed (added only if webserver is enabled and number is based on values specified by user in values.yaml) - - -## Updating configuration - -Updates to configuration are handled dynamically by the service +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at - Modify the values.yaml you're using and simply run: + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. ``` -helm upgrade --install --set-file "awscliscript=" -f ${PATH_TO_VALUES}//values-node.yaml --set metadata.namespace= ${PATH_TO_HELMCHARTS}/notary --name --kube-context= --namespace= --recreate-pods -``` - -Using the '--recreate-pods' is not required to get updates of config to the running controller. diff --git a/platforms/r3-corda/charts/notary/values.yaml b/platforms/r3-corda/charts/notary/values.yaml index f17332a53f01..5229b9a416e9 100644 --- a/platforms/r3-corda/charts/notary/values.yaml +++ b/platforms/r3-corda/charts/notary/values.yaml @@ -6,16 +6,16 @@ #Provide the nodeName for node #Eg. nodeName: bank1 -nodeName: +nodeName: bank1 #Provide the replica set for node deployed #Eg. replicas: 1 -replicas: +replicas: 1 metadata: #Provide the namespace #Eg. namespace: default - namespace: + namespace: default #Provide the custom labels #NOTE: Provide labels other than name, release name , release service, chart version , chart name , app. #Eg. labels: @@ -27,22 +27,22 @@ image: #Eg. containerName: hyperledgerlabs/h2:2018 #Note: For public certificate use: hyperledgerlabs/corda:3.3.0-corda-corda-20190502 # For private certificate use: hyperledgerlabs/corda:3.3.0-corda-root-20190502 - containerName: + containerName: hyperledgerlabs/h2:2018 #Provide the name of image for init container #Eg. name: hyperledgerlabs/alpine-utils:1.0 - initContainerName: + initContainerName: hyperledgerlabs/alpine-utils:1.0 #Provide the image pull secret of image #Eg. pullSecret: regcred - imagePullSecret: + imagePullSecret: regcred #Provide true or false if private certificate to be added #Eg. privateCertificate: true - privateCertificate: + privateCertificate: true #Provide doorman domain alias #Eg. doormanCertAlias: doorman.fracordakubetest7.com - doormanCertAlias: + doormanCertAlias: doorman.fracordakubetest7.com #Provide netwrokmap domain alias #Eg. networkmapCertAlias: networkmap.fracordakubetest7.com - networkmapCertAlias: + networkmapCertAlias: networkmap.fracordakubetest7.com #For more information for node.Conf fields please refer to: https://docs.corda.net/releases/release-V3.3/corda-configuration-file.html @@ -81,10 +81,10 @@ nodeConf: exportHibernateJMXStatistics: #Provide the h2Url for node #Eg. h2Url: bank1h2 - dbUrl: + dbUrl: bank1h2 #Provide the h2Port for node #Eg. h2Port: 9101 - dbPort: + dbPort: 9101 dataSourceClassName: dataSourceUrl: jarPath: @@ -95,10 +95,10 @@ nodeConf: compatibilityZoneURL: #Provide the jar Version for corda jar and finanace jar #Eg. jarVersion: 3.3-corda - jarVersion: + jarVersion: 3.3-corda #Provide the devMode for corda node #Eg. devMode: true - devMode: + devMode: true #Provide the enviroment variables to be set env: - name: JAVA_OPTIONS @@ -114,7 +114,7 @@ credentials: dataSourceUser: #Provide the rpcUser for corda node #Eg. rpcUser: bank1operations - rpcUser: + rpcUser: bank1operations - name: permissions: - name: @@ -140,10 +140,10 @@ volume: resources: #Provide the limit memory for node #Eg. limits: "1Gi" - limits: + limits: "1Gi" #Provide the requests memory for node #Eg. requests: "1Gi" - requests: + requests: "1Gi" pvc: # annotations: @@ -151,54 +151,54 @@ pvc: annotations: #Provide the name for pvc #Eg. name: bank1-pvc - name: + name: bank1-pvc #Provide the memory for node #Eg. memory: 4Gi - memory: + memory: 4Gi #Provide the name for the storageclass #Eg. name: bank1nodesc - storageClassName: + storageClassName: bank1nodesc service: #Provide the service #Eg. name: bank1 - name: + name: bank1 # Note: Target ports are dependent on image being used. Please change them accordingly # nodePort should be kept empty while using service type as ClusterIP ( Values.service.type ) #Provide the type of service #Eg. type: NodePort or LoadBalancer etc - type: + type: NodePort p2p: #Provide the p2p port for node #Eg. port: 10007 - port: + port: 10007 #Provide the p2p node port for node #Eg. port: 30007 - nodePort: + nodePort: 30007 #Provide the p2p targetPort for node #Eg. targetPort: 30007 - targetPort: + targetPort: 30007 rpc: #Provide the rpc port for node #Eg. port: 10008 - port: + port: 10008 #Provide the rpc targetPort for node #Eg. targetPort: 10003 - targetPort: + targetPort: 10003 #Provide the rpc node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 rpcadmin: #Provide the rpcadmin port for node #Eg. port: 10108 - port: + port: 10108 #Provide the rpcadmin targetPort for node #Eg. targetPort: 10005 - targetPort: + targetPort: 10005 #Provide the rpcadmin node port for node #Eg. nodePort: 30007 - nodePort: + nodePort: 30007 deployment: annotations: @@ -211,44 +211,44 @@ vault: address: #Provide the vaultrole #Eg. role: vault-role - role: + role: vault-role #Provide the authpath #Eg. authpath: cordabank1 - authpath: + authpath: cordabank1 #Provide the serviceaccountname #Eg. serviceaccountname: vault-auth-issuer - serviceaccountname: + serviceaccountname: vault-auth-issuer #Provide the secretprefix #Eg. dbsecretprefix: bank1/credentials/database - dbsecretprefix: + dbsecretprefix: bank1/credentials/database #Provide the secretprefix #Eg. rpcusersecretprefix: bank1/credentials/rpcusers - rpcusersecretprefix: + rpcusersecretprefix: bank1/credentials/rpcusers #Provide the secretprefix #Eg. keystoresecretprefix: bank1/credentials/keystore - keystoresecretprefix: + keystoresecretprefix: bank1/credentials/keystore #Provide the secretprefix #Eg. certsecretprefix: bank1/certs - certsecretprefix: + certsecretprefix: bank1/certs #Provide the secretprefix #Eg. cordappsreposecretprefix: bank1/credentials/cordapps - cordappsreposecretprefix: + cordappsreposecretprefix: bank1/credentials/cordapps healthcheck: #Provide the interval in seconds you want to iterate till db to be ready #Eg. readinesscheckinterval: 5 - readinesscheckinterval: + readinesscheckinterval: 5 #Provide the threshold till you want to check if specified db up and running #Eg. readinessthreshold: 2 - readinessthreshold: + readinessthreshold: 2 ambassador: #Provides component name #Eg. component_name: node - component_name: + component_name: node #Provides the suffix to be used in external URL #Eg. external_url_suffix: org1.blockchaincloudpoc.com - external_url_suffix: + external_url_suffix: org1.blockchaincloudpoc.com #Provide the p2p port for ambassador #Eg. p2p_ambassador: 10007 - p2p_ambassador: + p2p_ambassador: 10007