Merge pull request #76

Update firefly-helm-charts to FireFly 1.3 and KiND deployment

.gitignore

@@ -210,4 +210,6 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
-# End of https://www.toptal.com/developers/gitignore/api/helm,macos,linux,windows,visualstudiocode,intellij
+# End of https://www.toptal.com/developers/gitignore/api/helm,macos,linux,windows,visualstudiocode,intellij
+
+besu

Makefile

@@ -3,7 +3,8 @@
 all: lint e2e
 
 kind:
-	kind create cluster || true
+	kind create cluster --name firefly --config kind-config.yml
+	kind export kubeconfig -n firefly
 
 clean:
 	kind delete cluster
@@ -14,10 +15,20 @@ lint:
 	ct lint \
 		--target-branch=main \
 		--exclude-deprecated \
+		--excluded-charts besu-node,besu-genesis\
 		--check-version-increment=false \
 		--lint-conf=./charts/lintconf.yaml
 	./hack/enforce-chart-conventions.sh
 
+besu:
+	kubectl --namespace default apply -f  ./values/monitoring/
+	mkdir -p besu
+	git clone --depth 1 https://github.com/Consensys/quorum-kubernetes besu
+	helm upgrade --install genesis ./besu/helm/charts/besu-genesis --namespace default --create-namespace --values ./values/genesis-besu.yml
+	kubectl --namespace default wait --for=condition=complete job/besu-genesis-init --timeout=600s
+	helm upgrade --install validator-1 ./besu/helm/charts/besu-node --namespace default --values ./values/validator.yml
+	kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=besu-statefulset --timeout=600s
+
 deps:
 	kubectl create ns cert-manager || true
 	kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.crds.yaml
@@ -27,9 +38,10 @@ deps:
 	helm repo add prometheus-community https://prometheus-community.github.io/helm-charts || true
 	helm upgrade --install --set kubeStateMetrics.enabled=false --set nodeExporter.enabled=false --set grafana.enabled=false kube-prometheus prometheus-community/kube-prometheus-stack
 	helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami || true
-	helm upgrade --install --set postgresqlPassword=firef1y --set extraEnv[0].name=POSTGRES_DATABASE --set extraEnv[0].value=firefly postgresql bitnami/postgresql --version 10.16.2
+	helm upgrade --install --set global.postgresql.auth.postgresPassword=firef1y --set extraEnv[0].name=POSTGRES_DATABASE --set extraEnv[0].value=firefly postgresql bitnami/postgresql --version 14.3.0
 	kubectl create secret generic custom-psql-config --dry-run --from-literal="url=postgres://postgres:[email protected]:5432/postgres?sslmode=disable" -o json | kubectl apply -f -
 	kubectl apply -n default -f manifests/mtls-cert.yaml
+	helm upgrade --install ipfs ./charts/ipfs -f ./charts/ipfs/values.yaml
 
 starter: charts/firefly/local-values.yaml
 
@@ -43,3 +55,12 @@ test:
 	ct install --namespace default --helm-extra-args="--timeout 120s" --charts charts/firefly
 
 e2e: kind deps test
+
+stack: kind deps besu
+	helm upgrade -i firefly-signer ./charts/firefly-signer -f ./charts/firefly/values.yaml
+	helm upgrade -i firefly ./charts/firefly -f ./charts/firefly/local-kind-values.yaml
+
+clean-stack:
+	kind delete cluster --name firefly
+	yq -i '.config.fireflyContracts = []' ./hack/multiparty-values.yaml
+	rm -rf besu/

README.md

@@ -6,6 +6,51 @@ The official [Helm chart](https://helm.sh/) for [Hypeledger Firefly](https://hyp
 related connector microservices. See the [chart `README`](charts/firefly/README.md) for installation and
 configuration instructions.
 
+## Quick Start
+
+If you want to run these charts locally on your own machine, you can run a single command to get a fully working stack, end-to-end:
+
+```
+make stack
+```
+
+This will create a pre-set environment with the following configuration:
+
+- Runs all containers in [kind](https://kind.sigs.k8s.io/)
+- Sets up a PostgreSQL DB in the K8s cluster
+- Creates a basic single node Besu blockchain also running in the K8s cluster
+- Sets up FireFly and all of its dependencies to use these services
+- Sets up an ERC-20 / ERC-721 Token Connector in this stack
+- Provides an optional script to enable multiparty mode after initial set up
+
+If you wish to make changes to your stack you can modify `./charts/firefly/local-kind-values.yaml` and run:
+
+```
+helm upgrade --install firefly ./charts/firefly -f ./charts/firefly/local-kind-values.yaml
+```
+
+### Enabling multiparty mode
+
+After you run the quickstart command above, you can also (optionally) enable Multiparty mode. This will enabled FireFly's advanced Messaging features. To enable that, you can run the shell script:
+
+```
+./hack/multiparty.sh
+```
+
+This will deploy the multiparty contract, update the config file, and register the org/node for you automatically. If you need to upgrade the multiparty in the future, you can run this script again and it will deploy and configure a new contract. It will not re-run registration if the org/node are already registered.
+
+> NOTE: If you have enabled multiparty mode and you wish to make changes by customizing your values file, be sure to include the multiparty values as well, otherwise they will be removed and your multiparty network will not work.
+>
+> ```
+> helm upgrade --install firefly ./charts/firefly -f ./charts/firefly/local-kind-values.yaml -f ./hack/multiparty-values.yaml
+> ```
+
+### Modifying configuration
+
+Configuration of the stack for non-default options is possible using these charts, broadly there are 2 places to make changes. For Besu charts, the appropriate `values.yaml` files in the `values` directory allows for configuration of values such as the genesis block, and Besu-specific options. For FireFly related components the `values.yaml` file within the sub-directory for the chart (stored in `charts/`) contains the configuration for options.
+
+Viewing the appropriate README for each microservice, will give information around the values and structure of the configuration in the `values.yaml` files. 
+
 ## Accessing the Helm Repo
 
 Helm's [experimental OCI registry support](https://helm.sh/docs/topics/registries/) is used for publishing and retrieving
@@ -25,9 +70,9 @@ helm registry login ghcr.io
 
 ### Prerequisites
 
-* [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installing-with-a-package-manager) 0.11+
-* [helm](https://helm.sh/docs/intro/install/) 3.7+
-* [ct](https://github.com/helm/chart-testing#installation) 3.4+
+- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installing-with-a-package-manager) 0.11+
+- [helm](https://helm.sh/docs/intro/install/) 3.7+
+- [ct](https://github.com/helm/chart-testing#installation) 3.4+
 
 ### Linting
 

charts/firefly-evmconnect/Chart.yaml

@@ -6,10 +6,10 @@ description: |
   transaction state.
 type: application
 version: 0.7.0
-appVersion: "0.1.3"
+appVersion: "v1.3.14"
 
 maintainers:
-  - name: hfuss
+  - name: onelapahead
     email: [email protected]
   - name: drewmarshburn
     email: [email protected]

charts/firefly-evmconnect/values.yaml

@@ -8,7 +8,8 @@ podAnnotations: {}
 
 imagePullSecrets: []
 
-podSecurityContext: {}
+podSecurityContext:
+  fsGroup: 1001
 
 securityContext: {}
 
@@ -36,7 +37,7 @@ persistentVolume:
 image:
   repository: ghcr.io/hyperledger/firefly-evmconnect
   pullPolicy: IfNotPresent
-  # tag: ""
+  tag: "v1.3.14"
 
 # see https://github.com/hyperledger/firefly-evmconnect/blob/main/config.md for more info
 config:

charts/firefly-signer/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: firefly-signer
+description: |
+  A Helm chart for deploying the FireFly Signer microservice to Kubernetes
+type: application
+version: 0.7.0
+appVersion: "1.1.13"
+
+maintainers:
+  - name: EnriqueL8
+    email: [email protected]
+  - name: onelapahead
+    email: [email protected]

charts/firefly-signer/templates/_helpers.tpl

@@ -0,0 +1,52 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "firefly-signer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "firefly-signer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "firefly-signer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "firefly-signer.labels" -}}
+helm.sh/chart: {{ include "firefly-signer.chart" . }}
+{{ include "firefly-signer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "firefly-signer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "firefly-signer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/component: evmconnect
+{{- end }}

charts/firefly-signer/templates/ethsigner.yaml

@@ -0,0 +1,44 @@
+{{/*
+  Copyright © 2024 Kaleido, Inc.
+
+  SPDX-License-Identifier: Apache-2.0
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+  http://swww.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if .Values.signer.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "firefly-signer.fullname" . }}-config
+  labels:
+    {{- include "firefly-signer.labels" . | nindent 4 }}
+stringData:
+  config.yaml: |-
+    server:
+      port: 8545
+      address: 0.0.0.0
+    backend:
+      chainId: {{ .Values.backend.chainId }}
+      url: {{ .Values.backend.url }}
+    fileWallet:
+      path: /data/keystore
+      filenames:
+        primaryExt: .toml
+      metadata:
+        format: toml
+        keyFileProperty: '{{ "{{" }} index .signing "key-file"  {{ "}}" }}'
+        passwordFileProperty:  '{{ "{{" }} index .signing "password-file"  {{ "}}" }}'
+    log:
+      level: debug
+{{- end }}

charts/firefly-signer/templates/keystore.yaml

@@ -0,0 +1,41 @@
+{{/*
+  Copyright © 2024 Kaleido, Inc.
+
+  SPDX-License-Identifier: Apache-2.0
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+  http://swww.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+{{- if .Values.signer.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "firefly-signer.fullname" . }}-keystore
+  labels:
+    {{- include "firefly-signer.labels" . | nindent 4 }}
+stringData:
+  75a99473917701038e854ef6999c76cd947c9f9e: |-
+    {"address":"75a99473917701038e854ef6999c76cd947c9f9e","id":"8cfd0d87-b5ac-45a4-acb9-55f5b2b9bb2e","version":3,"crypto":{"cipher":"aes-128-ctr","ciphertext":"72c8d1f61787f7b1455d7e081edd72d7e1f41f503f363cb7afe08634c10bcd09","cipherparams":{"iv":"8731e724016127b91cf013bc0b4f7f82"},"kdf":"scrypt","mac":"af4de886e6a7e22beefbeaea213e621f00ebca859528c7d474635850800a8de6","kdfparams":{"dklen":32,"n":1024,"p":1,"r":8,"salt":"b1e3901cfe16ed73c538e1adaef5c584ea3b0a405ec1dd1c8776e55c3385c27b"}}}
+  75a99473917701038e854ef6999c76cd947c9f9e.toml: |-
+    [metadata]
+    createdAt = 2019-11-05T08:15:30-05:00
+    description = "File based configuration"
+
+    [signing]
+    type = "file-based-signer"
+    key-file = "/data/keystore/75a99473917701038e854ef6999c76cd947c9f9e"
+    password-file = "/data/password"
+  password: correcthorsebatterystaple
+
+
+{{- end }}

charts/firefly-signer/templates/service.yaml

@@ -0,0 +1,33 @@
+{{/*
+  Copyright © 2024 Kaleido, Inc.
+
+  SPDX-License-Identifier: Apache-2.0
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+  http://swww.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "firefly-signer.fullname" . }}
+  labels:
+    {{- include "firefly-signer.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "firefly-signer.selectorLabels" . | nindent 4 }}