Merge pull request #2555 from sownak/develop

[indy] Use only helm to deploy Indy network

platforms/hyperledger-besu/charts/README.md

@@ -6,7 +6,7 @@
 # Charts for Hyperledger Besu components
 
 ## About
-This folder contains the helm charts which are used for the deployment of the Hyperledger Besu components. Each helm that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS is fully supported.
+This folder contains the helm charts which are used for the deployment of the Hyperledger Besu components. Each helm chart that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features to be enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS is fully supported.
 
 ```yaml
 global:

platforms/hyperledger-besu/charts/besu-genesis/templates/_helpers.tpl

@@ -27,4 +27,3 @@ Create chart name and version as used by the chart label.
 {{- define "besu-genesis.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-

platforms/hyperledger-besu/charts/besu-node/README.md

@@ -14,7 +14,7 @@ helm repo add bevel https://hyperledger.github.io/bevel
 helm install validator-1 bevel/besu-node
 ```
 
-## Prerequisitess
+## Prerequisites
 
 - Kubernetes 1.19+
 - Helm 3.2.0+

platforms/hyperledger-indy/charts/README.md

@@ -3,40 +3,151 @@
 [//]: # (SPDX-License-Identifier: Apache-2.0)
 [//]: # (##############################################################################################)
 
-# Charts for Indy components
+# Charts for Hyperledger Indy components
 
 ## About
-This folder contains helm charts which are used by the ansible playbooks for the deployment of the component. Each chart folder contain a folder for templates, chart file and the corresponding value file. 
+This folder contains the helm charts which are used for the deployment of the Hyperledger Indy components. Each helm chart that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features to be enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS ans Azure is fully supported.
 
-## Example Folder Structure ###
+```yaml
+global:
+  serviceAccountName: vault-auth
+  cluster:
+    provider: aws   # choose from: minikube | aws | azure | gcp
+    cloudNativeServices: false  # future: set to true to use Cloud Native Services 
+    kubernetesUrl: "https://kubernetes.url" # Provide the k8s URL, ignore if not using Hashicorp Vault
+  vault:
+    type: hashicorp # choose from hashicorp | kubernetes
+    network: indy   # must be indy for these charts
+    # Following are necessary only when hashicorp vault is used.
+    address: "http://vault.url:8200"
+    authPath: authority
+    secretEngine: secretsv2
+    secretPrefix: "data/authority"
+    role: vault-role
 ```
-/indy-node
-|-- templates
-|   |--_helpers.tpl
-|   |-- volumes.yaml
-|   |-- deployment.yaml
-|   |-- service.yaml
-|-- Chart.yaml
-|-- values.yaml
+
+## Usage
+
+### Pre-requisites
+
+- Kubernetes Cluster (either Managed cloud option like EKS or local like minikube)
+- Accessible and unsealed Hahsicorp Vault (if using Vault)
+- Configured Ambassador AES (if using Ambassador as proxy)
+- Update the dependencies
+  ```
+  helm dependency update indy-key-mgmt
+  helm dependency update indy-node
+  ```
+
+### _Without Proxy or Vault_
+
+> **Important:** As Indy nodes need IP Address, the no-proxy option works only with minikube or cluster with 1 node in nodepool.
+
+Replace the `publicIp` in all the files in `./values/noproxy-and-novault/` folder with the IP address of your Minikube or the single node in your Cloud Cluster.
+
+For Indy, the keys need to be created first for each organisation
+```bash
+# Create keys for first trustee
+helm install authority-keys ./indy-key-mgmt --namespace authority-ns --create-namespace --values ./values/noproxy-and-novault/authority-keys.yaml
+# Create keys for endorser and stewards from another org namespace
+helm install university-keys ./indy-key-mgmt --namespace university-ns --create-namespace --values ./values/noproxy-and-novault/university-keys.yaml
+
+# Get the public keys from Kubernetes for genesis
+cd ../scripts/genesis
+chmod +x get_keys.sh
+./get_keys.sh
+
+cd ../../charts
+# Update the IP address and Ports in ./values/noproxy-and-novault/genesis.yaml
+helm install genesis ./indy-genesis --namespace authority-ns --values ./values/noproxy-and-novault/genesis.yaml
+
+# Get the genesis files from existing authority and place in indy-genesis/files
+cd ./indy-genesis/files/
+kubectl --namespace authority-ns get configmap dtg -o jsonpath='{.data.domain_transactions_genesis}' > domain_transactions_genesis.json
+kubectl --namespace authority-ns get configmap ptg  -o jsonpath='{.data.pool_transactions_genesis}' > pool_transactions_genesis.json
+
+# Run secondary genesis
+cd ../..
+helm install genesis ./indy-genesis --namespace university-ns --values ./values/noproxy-and-novault/genesis-sec.yaml
+
+# Then deploy the stewards
+helm install university-steward-1 ./indy-node --namespace university-ns --values ./values/noproxy-and-novault/steward.yaml
+helm install university-steward-2 ./indy-node --namespace university-ns --values ./values/noproxy-and-novault/steward.yaml --set settings.node.externalPort=30021 --set settings.client.externalPort=30022 --set settings.node.port=30021 --set settings.client.port=30022
+helm install university-steward-3 ./indy-node --namespace university-ns --values ./values/noproxy-and-novault/steward.yaml --set settings.node.externalPort=30031 --set settings.client.externalPort=30032 --set settings.node.port=30031 --set settings.client.port=30032
+
+# Get endorser public keys
+cd ./indy-register-identity/files
+kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
+kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
+# Register endorser identity from admin
+cd ../..
+helm install university-endorser-id ./indy-register-identity --namespace authority-ns
+```
+
+### _With Ambassador proxy and Vault_
+Replace the `global.vault.address`, `global.cluster.kubernetesUrl` and `publicIp` of your Ambassador Loadbalancer in all the files in `./values/proxy-and-vault/` folder.
+
+For Indy, the keys need to be created first for each organisation
+```bash
+kubectl create namespace authority-ns # if the namespace does not exist already
+# Create the roottoken secret
+kubectl -n authority-ns create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+kubectl create namespace university-ns # if the namespace does not exist already
+# Create the roottoken secret
+kubectl -n university-ns create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+# Create keys for first trustee
+helm install authority-keys ./indy-key-mgmt --namespace authority-ns --values ./values/proxy-and-vault/authority-keys.yaml
+# Create keys for endorser and stewards from another org namespace
+helm install university-keys ./indy-key-mgmt --namespace university-ns --values ./values/proxy-and-vault/university-keys.yaml
+
+# Get the public keys from Kubernetes for genesis
+cd ../scripts/genesis
+chmod +x get_keys.sh
+./get_keys.sh
+
+cd ../../charts
+# Update the IP address and Ports in ./values/proxy-and-vault/genesis.yaml
+helm install genesis ./indy-genesis --namespace authority-ns --values ./values/proxy-and-vault/genesis.yaml
+
+# Get the genesis files from existing authority and place in indy-genesis/files
+cd ./indy-genesis/files/
+kubectl --namespace authority-ns get configmap dtg -o jsonpath='{.data.domain_transactions_genesis}' > domain_transactions_genesis.json
+kubectl --namespace authority-ns get configmap ptg  -o jsonpath='{.data.pool_transactions_genesis}' > pool_transactions_genesis.json
+
+# Run secondary genesis
+cd ../..
+helm install genesis ./indy-genesis --namespace university-ns --values ./values/proxy-and-vault/genesis-sec.yaml
+
+# Then deploy the stewards
+helm install university-steward-1 ./indy-node --namespace university-ns --values ./values/proxy-and-vault/steward.yaml
+helm install university-steward-2 ./indy-node --namespace university-ns --values ./values/proxy-and-vault/steward.yaml --set settings.node.externalPort=15021 --set settings.client.externalPort=15022
+helm install university-steward-3 ./indy-node --namespace university-ns --values ./values/proxy-and-vault/steward.yaml --set settings.node.externalPort=15031 --set settings.client.externalPort=15032
+helm install university-steward-4 ./indy-node --namespace university-ns --values ./values/proxy-and-vault/steward.yaml --set settings.node.externalPort=15041 --set settings.client.externalPort=15042
+
+# Get endorser public keys
+cd ./indy-register-identity/files
+kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
+kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
+# Register endorser identity from admin
+cd ../..
+helm install university-endorser-id ./indy-register-identity --namespace authority-ns
 ```
 
-## Pre-requisites
-
- Helm to be installed and configured 
-
-## Charts description ##
-
-### 1. indy-auth-job ###
-- This folder contains chart templates and default values for creation of indy authotization job.
-### 2. indy-cli ###
-- This folder contains chart templates and default values for creation of indy cli.
-### 4. indy-domain-genesis ###
-- This folder contains chart templates and default values for creation of indy domain genesis. 
-### 5. indy-key-mgmt ###
-- This folder contains chart templates and default values for creation of indy key management.
-### 6. indy-ledger-txn ###
-- This folder contains chart templates and default values for creation of indy ledger txn.
-### 7. indy-node ###
-- This folder contains chart templates and default values for creation of indy node.
-### 8. indy-pool-genesis ###
-- This folder contains chart templates and default values for creation of indy pool genesis.
+### Clean-up
+
+To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
+
+```bash
+helm uninstall --namespace university-ns university-steward-1
+helm uninstall --namespace university-ns university-steward-2
+helm uninstall --namespace university-ns university-steward-3
+helm uninstall --namespace university-ns university-steward-4
+helm uninstall --namespace university-ns genesis
+helm uninstall --namespace university-ns university-keys
+
+helm uninstall --namespace authority-ns university-endorser-id
+helm uninstall --namespace authority-ns genesis
+helm uninstall --namespace authority-ns authority-keys
+```