[corda] New charts as per release 1.0.0

Signed-off-by: Roy,Sownak <[email protected]>

.gitignore

@@ -40,4 +40,5 @@
 *_custom.tpl
 **/charts/*.tgz
 **/files/*.json
+**/files/*.crt
 requirements.lock

Dockerfile

@@ -50,6 +50,10 @@ RUN rm /etc/apt/apt.conf.d/docker-clean
 RUN mkdir /etc/ansible/
 RUN /bin/echo -e "[ansible_provisioners:children]\nlocal\n[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
 
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.27.0/bin/linux/amd64/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin
+
 # Install krew for bevel-operator-fabric
 RUN (set -x; cd "$(mktemp -d)" && \
     OS="$(uname | tr '[:upper:]' '[:lower:]')" && \

Dockerfile.jdk8

@@ -3,13 +3,11 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
-
 # USAGE: 
 # docker build . -t bevel-build
 # docker run -v $(pwd):/home/bevel/ bevel-build
 
 FROM ubuntu:20.04
-
 # Create working directory
 WORKDIR /home/
 ENV OPENSHIFT_VERSION='0.13.1'
@@ -37,13 +35,17 @@ RUN apt-get update && apt-get install -y \
     apt-get clean && \
     ln -s /usr/bin/python3 /usr/bin/python && \
     rm -rf /var/lib/apt/lists/*
-RUN npm install -g ajv-cli    
+RUN npm install -g ajv-cli
 RUN apt-get update && apt-get install -y python3-venv
 
 RUN rm /etc/apt/apt.conf.d/docker-clean
 RUN mkdir /etc/ansible/
 RUN /bin/echo -e "[ansible_provisioners:children]\nlocal\n[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
 
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.27.0/bin/linux/amd64/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin
+
 # Copy the provisional script to build container
 COPY ./run.sh /home
 COPY ./reset.sh /home
@@ -58,6 +60,4 @@ ENV PATH=/root/bin:/root/.local/bin/:$PATH
 
 #path to mount the repo
 VOLUME /home/bevel/
-
-
 CMD ["/home/run.sh"]

platforms/hyperledger-besu/charts/besu-genesis/README.md

@@ -74,7 +74,7 @@ These parameters are refered to as same in each parent or child chart
 | `image.pullSecret`    | Provide the docker secret name in the namespace  | `""`            |
 | `image.pullPolicy`  | Pull policy to be used for the Docker images    | `IfNotPresent`    |
 
-### TLS
+### Settings
 
 | Name   | Description  | Default Value |
 |--------|---------|-------------|

platforms/hyperledger-besu/charts/besu-genesis/values.yaml

@@ -11,10 +11,10 @@ global:
   #Provide the service account name which will be created.
   serviceAccountName: vault-auth
   cluster:
-    provider: aws  # choose from: minikube | aws
-    cloudNativeServices: false # 'false' is implemented
+    provider: aws  # choose from: minikube | aws | azure | gcp
+    cloudNativeServices: false # only 'false' is implemented
     #Provide the kubernetes host url
-    #Eg. kubernetesUrl: https://10.3.8.5:6443
+    #Eg. kubernetesUrl: https://10.3.8.5:8443
     kubernetesUrl: 
   vault:
     #Provide the type of vault

platforms/quorum/configuration/deploy-network.yaml

@@ -79,7 +79,7 @@
       name: create/certificates/ambassador
     vars:
       gitops: "{{ org.gitops }}"
-      component_auth: "quorum{{ org.name | lower }}"
+      component_auth: "{{ network.env.type }}{{ org.name | lower }}"
       component_ns: "{{ org.name | lower }}-quo"
       charts_dir: "{{ org.gitops.chart_source }}"
       component_name: "{{ org.name | lower }}-ambassador-certs"

platforms/quorum/configuration/roles/delete/vault_secrets/tasks/main.yaml

@@ -42,6 +42,7 @@
     vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/{{ peer.name }}/quorum
     vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/{{ peer.name }}/certs
     vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/genesis
+    vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/smartContracts/General
   loop: "{{ services.peers }}"
   environment:
     VAULT_ADDR: "{{ item.vault.url }}"

platforms/r3-corda/charts/README.md

@@ -6,51 +6,105 @@
 # Charts for R3 Corda components
 
 ## About
-This folder contains helm charts which are used by the ansible playbooks for the deployment of the R3-Corda components. Each chart folder contain a folder for templates, chart file and the corresponding value file. 
+This folder contains the helm charts which are used for the deployment of the R3 Corda components. Each helm chart that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS is fully supported.
 
-## Example Folder Structure ###
+```yaml
+global:
+  serviceAccountName: vault-auth
+  cluster:
+    provider: aws   # choose from: minikube | aws
+    cloudNativeServices: false  # future: set to true to use Cloud Native Services 
+    kubernetesUrl: "https://yourkubernetes.com" # Provide the k8s URL, ignore if not using Hashicorp Vault
+  vault:
+    type: hashicorp # choose from hashicorp | kubernetes
+    network: corda   # must be corda for these charts
+    # Following are necessary only when hashicorp vault is used.
+    address: http://vault.url:8200
+    authPath: supplychain
+    secretEngine: secretsv2
+    secretPrefix: "data/supplychain"
+    role: vault-role
 ```
-/corda-doorman
-|-- templates
-|   |--_helpers.tpl
-|   |-- volumes.yaml
-|   |-- deployment.yaml
-|   |-- service.yaml
-|-- Chart.yaml
-|-- values.yaml
+
+## Usage
+
+### Pre-requisites
+
+- Kubernetes Cluster (either Managed cloud option like EKS or local like minikube)
+- Accessible and unsealed Hahsicorp Vault (if using Vault)
+- Configured Ambassador AES (if using Ambassador as proxy)
+- Update the dependencies
+  ```
+  helm dependency update corda-init
+  helm dependency update corda-network-service
+  helm dependency update corda-node
+  ```
+
+### _Without Proxy or Vault_
+
+```bash
+helm install init ./corda-init --namespace supplychain-ns --create-namespace --values ./values/noproxy-and-novault/init.yaml
+
+# Install doorman and network-map services
+helm install supplychain ./corda-network-service --namespace supplychain-ns --values ./values/noproxy-and-novault/network-service.yaml
+# Install a notary service
+helm install notary ./corda-node --namespace supplychain-ns --values ./values/noproxy-and-novault/notary.yaml
+
+```
+### To setup another node in a different namespace
+
+```bash
+# Run init for new namespace
+helm install init ./corda-init --namespace manufacturer-ns --create-namespace --values ./values/noproxy-and-novault/init.yaml
+# Install a Corda node
+helm install manufacturer ./corda-node --namespace manufacturer-ns --values ./values/noproxy-and-novault/node.yaml
 ```
 
-## Pre-requisites
-
- Helm to be installed and configured 
-
-## Charts description ##
-
-### 1. doorman ###
-- This folder contains chart templates and default values for doorman servers.
-### 2. doorman-tls ###
-- This folder contains chart templates and default values for doorman-tls servers.
-### 3. h2 ###
-- This folder contains chart templates and default values for creation of h2 database.
-### 4. h2-adduser ###
-- This folder contains chart templates and default values for adding new user into h2 database.
-### 5. h2-password-change ###
-- This folder contains chart templates and default values for changing the password for h2 database user. 
-### 6. mongodb ###
-- This folder contains chart templates and default values for mongodb node
-### 7. mongodb-tls ###
-- This folder contains chart templates and default values for mongodb node with tls=on.
-### 8. nms ###
-- This folder contains chart templates and default values for nms
-### 9. nms-tls ###
-- This folder contains chart templates and default values for nms with tls=on.
-### 10. node ###
-- This folder contains chart templates and default values for node
-### 11. node-initial-registration ###
-- This folder contains chart templates and default values for registering node with notary
-### 12. notary ###
-- This folder contains chart templates and default values for notary.
-### 13. notary-initial-registration ###
-- This folder contains chart templates and default values for registering notary with nms.
-### 14. storage ###
-- This folder contains chart templates and default values for StorageClass
+### _With Ambassador proxy and Vault_
+Replace the `global.vault.address`, `global.cluster.kubernetesUrl` and `global.proxy.externalUrlSuffix` in all the files in `./values/proxy-and-vault/` folder. Also update the `nodeConf.networkMapURL` and `nodeConf.doormanURL` as per your `global.proxy.externalUrlSuffix` of corda-network-service.
+
+```bash
+kubectl create namespace supplychain-ns # if the namespace does not exist already
+# Create the roottoken secret
+kubectl -n supplychain-ns create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+helm install init ./corda-init --namespace supplychain-ns --values ./values/proxy-and-vault/init.yaml
+
+# Install doorman and network-map services
+helm install supplychain ./corda-network-service --namespace supplychain-ns --values ./values/proxy-and-vault/network-service.yaml
+# Install a notary service
+helm install notary ./corda-node --namespace supplychain-ns --values ./values/proxy-and-vault/notary.yaml
+
+```
+### To setup another node in a different namespace
+
+Update the `global.proxy.externalUrlSuffix` and `nodeConf.legalName` in file `./values/proxy-and-vault/node.yaml` or pass via helm command line.
+```bash
+# Get the init and static nodes from existing member and place in corda-init/files
+cd ./corda-init/files/
+kubectl --namespace supplychain-ns get secret nms-tls-certs -o jsonpath='{.data.tls\.crt}' > nms.crt
+kubectl --namespace supplychain-ns get secret doorman-tls-certs  -o jsonpath='{.data.tls\.crt}' > doorman.crt
+
+# Run secondary init
+cd ../..
+kubectl create namespace manufacturer-ns # if the namespace does not exist already
+# Create the roottoken secret
+kubectl -n manufacturer-ns create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+helm install init ./corda-init --namespace manufacturer-ns --values ./values/proxy-and-vault/init-sec.yaml
+
+helm install manufacturer ./corda-node --namespace manufacturer-ns --values ./values/proxy-and-vault/node.yaml --set nodeConf.legalName="O=Manufacturer\,OU=Manufacturer\,L=47.38/8.54/Zurich\,C=CH"
+```
+
+### Clean-up
+
+To clean up, just uninstall the helm releases.
+```bash
+helm uninstall --namespace supplychain-ns notary
+helm uninstall --namespace supplychain-ns supplychain
+helm uninstall --namespace supplychain-ns init
+
+helm uninstall --namespace manufacturer-ns manufacturer
+helm uninstall --namespace manufacturer-ns init
+
+```

platforms/r3-corda/charts/corda-certs-gen/Chart.yaml

@@ -5,7 +5,21 @@
 ##############################################################################################
 
 apiVersion: v1
-appVersion: "2.0"
-description: "R3-corda-os: Generates the ca-certificates."
 name: corda-certs-gen
-version: 1.0.0
+description: "R3 Corda: Generates and stores TLS certificates for nodes and network services"
+version: 1.0.1
+appVersion: latest
+keywords:
+  - bevel
+  - hyperledger
+  - corda
+  - enterprise
+  - blockchain
+  - deployment
+  - accenture
+home: https://hyperledger-bevel.readthedocs.io/en/latest/
+sources:
+  - https://github.com/hyperledger/bevel
+maintainers:
+  - name: Hyperledger Bevel maintainers
+    email: [email protected]