diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml deleted file mode 100644 index 0db8e68e11..0000000000 --- a/.github/workflows/helm.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: Helm - -on: - push: - tags: - - "helm-v*" - branches: - - main - paths: - - "deploy/charts/**/*" - - ".github/workflows/helm.yml" - pull_request: - branches: - - main - paths: - - "deploy/charts/**/*" - - ".github/workflows/helm.yml" -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: setup helm - uses: azure/setup-helm@v1 - with: - version: 3.7.2 - - - name: setup chart-testing tool - uses: helm/chart-testing-action@v2.0.1 - - - name: lint chart - run: ct lint --charts deploy/charts/firefly - - - name: setup kind - uses: engineerd/setup-kind@v0.5.0 - with: - version: v0.11.1 - - - name: install cert-manager - run: | - kubectl create ns cert-manager || true - kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.crds.yaml - helm repo add jetstack https://charts.jetstack.io || true - helm install --skip-crds -n cert-manager cert-manager jetstack/cert-manager --wait - kubectl apply -n cert-manager -f deploy/manifests/tls-issuers.yaml - - - name: install prom-operator - run: | - helm repo add prometheus-community https://prometheus-community.github.io/helm-charts || true - helm install --set kubeStateMetrics.enabled=false --set nodeExporter.enabled=false --set grafana.enabled=false kube-prometheus prometheus-community/kube-prometheus-stack - - - name: install postgres - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami || true - helm install --set postgresqlPassword=firef1y --set extraEnv[0].name=POSTGRES_DATABASE --set extraEnv[0].value=firefly postgresql bitnami/postgresql - - - name: run chart integration test - run: ct install --charts deploy/charts/firefly - - - name: debug k8s - if: ${{ failure() }} - run: | - kubectl get pod -A - release: - needs: test - if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/helm-v') || github.ref == 'refs/heads/main') - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: chart-version - run: | - CHART_VERSION=$(helm show chart deploy/charts/firefly | grep '^version:' | awk '{ printf("%s", $2) }') - echo "CHART_VERSION=${CHART_VERSION}" >> $GITHUB_ENV - - - name: head-version - if: github.ref == 'refs/heads/main' - run: | - BUILD_TAG=${{ env.CHART_VERSION }}-$(date +"%Y%m%d")-$GITHUB_RUN_NUMBER - echo "PUBLISH_VERSION=${BUILD_TAG}" >> $GITHUB_ENV - - - name: release-version - if: startsWith(github.ref, 'refs/tags/helm-v') - run: | - TAG_VERSION=$(echo -n "${GITHUB_REF##*/}" | sed 's/helm-v//g') - if [[ "$TAG_VERSION" != "${{ env.CHART_VERSION }}" ]]; then - echo "Release tag version [$TAG_VERSION] does not match the chart's version [${{ env.CHART_VERSION }}]" - exit 1 - fi - echo "PUBLISH_VERSION=${{ env.CHART_VERSION }}" >> $GITHUB_ENV - - - name: setup helm - uses: azure/setup-helm@v1 - with: - version: 3.7.2 - - - name: helm publish - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io -u $GITHUB_ACTOR --password-stdin - - helm package --version ${{ env.PUBLISH_VERSION }} ./deploy/charts/firefly - helm push firefly-${{ env.PUBLISH_VERSION }}.tgz oci://ghcr.io/hyperledger/helm - env: - HELM_EXPERIMENTAL_OCI: "1" diff --git a/deploy/charts/firefly/.helmignore b/deploy/charts/firefly/.helmignore deleted file mode 100644 index 542e35e186..0000000000 --- a/deploy/charts/firefly/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -ci/ \ No newline at end of file diff --git a/deploy/charts/firefly/Chart.yaml b/deploy/charts/firefly/Chart.yaml deleted file mode 100644 index e77c2ec974..0000000000 --- a/deploy/charts/firefly/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v2 -name: firefly -description: A Helm chart for deploying FireFly and FireFly HTTPS Dataexchange onto Kubernetes. -type: application -appVersion: "0.11.4" -version: "0.0.1" - -maintainers: - - name: hfuss - email: hayden.fuss@kaleido.io - - name: drewmarshburn - email: drew.marshburn@kaleido.io - - name: peterbroadhurst - email: peter.broadhurst@kaleido.io diff --git a/deploy/charts/firefly/README.md b/deploy/charts/firefly/README.md deleted file mode 100644 index 14e8285de8..0000000000 --- a/deploy/charts/firefly/README.md +++ /dev/null @@ -1,529 +0,0 @@ -# FireFly - -[Hyperledger FireFly](https://hyperledger.github.io/firefly/) is an implementation of a [multi-party system](https://github.com/hyperledger/firefly#multi-party-systems) -that simplifies data orchestration on top of blockchain and other peer-to-peer technologies. - -This chart bootstraps a FireFly deployment on a [Kubernetes](https://kubernetes.io/) cluster using the [Helm](https://helm.sh/) -package manager. It can be used to deploy a FireFly node for a single organization within a multi-party system. - -### Table of Contents - -* [Prerequisites](#prerequisites) -* [Get Repo Info](#get-repo-info) -* [Install Chart](#install-chart) -* [Uninstall Chart](#uninstall-chart) -* [Upgrading Chart](#upgrading-chart) -* [Using as a Dependency](#using-as-a-dependency) -* [Deployment Architecture](#deployment-architecture) -* [Configuration](#configuration) - * [Configuration File Templating](#configuration-file-templating) - * [Additional Environment Variables](#additional-environment-variables) - * [Ethereum](#ethereum) - * [Smart Contract Deployment](#smart-contract-deployment) - * [Fabric](#fabric) - * [Chaincode](#chaincode) - * [Identity Management](#identity-management) - * [Ingress Example](#ingress-example) - * [Database Migrations](#database-migrations) - * [Auto-Registration](#auto-registration) - * [DataExchange HTTPS and cert-manager](#dataexchange-https-and-cert-manager) - * [Tokens via ERC1155 Connector](#tokens-via-erc1155-connector) - * [Prometheus Support](#prometheus-support) -* [Automated Deployments](#automated-deployments) - * [GitOps](#gitops) - * [Flux V2](#flux-v2) - * [ArgoCD](#argocd) - * [Terraform](#terraform) - - - -## Prerequisites - -* Kubernetes 1.18+ -* Helm 3.7+ -* PV provisioner support in the underlying infrastructure -* _Recommended:_ cert-manager 1.4+ - -## Get Repo Info - -Helm's [experimental OCI registry support](https://helm.sh/docs/topics/registries/) is used for publishing and retrieving -the FireFly chart, as a result one must log into [GHCR](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry) -to download the chart: - -```shell -export HELM_EXPERIMENTAL_OCI=1 - -helm registry login ghcr.io -``` - -> **NOTE**: it is recommended to use a [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) -> when authenticating to the GHCR registry as opposed to using your GitHub password. - -## Install Chart - -```shell -helm install [RELEASE_NAME] --version 0.0.1 oci://ghcr.io/hyperledger/helm/firefly -``` - -_See [configuration](#Configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```shell -helm uninstall [RELEASE_NAME] -``` - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```shell -helm upgrade [RELEASE_NAME] --install --version 0.0.2 oci://ghcr.io/hyperledger/helm/firefly -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -## Using as a Dependency - -You can also use the FireFly chart within your own parent chart's `Chart.yaml`: - -```yaml -dependencies: - # ... - - name: firefly - repository: "oci://ghcr.io/hyperledger/helm/" - version: 0.0.1 -``` - -Then download the chart dependency into your parent chart: - -```shell -helm dep up path/to/parent-chart -``` - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - - -## Deployment Architecture - -FireFly provides a REST API with an event-driven paradigm that makes building multi-party interactions via -decentralized applications simpler. In order to do so, FireFly leverages extensible [connector plugins](https://hyperledger.github.io/firefly/architecture/plugin_architecture.html) that enable -swapping out the underlying blockchain and off-chain infrastructure easily. - -As a result, a [FireFly node](https://hyperledger.github.io/firefly/architecture/node_component_architecture.html) -has several infrastructural dependencies: - -* Blockchain connector (either Fabconnect -> Fabric, or Ethconnect -> Ethereum) for a [_private_ blockchain](https://hyperledger.github.io/firefly/keyconcepts/blockchain_protocols.html) -* A Fabric chaincode or Ethereum smart contract deployed to the underlying blockchain -* [Private data exchange](https://hyperledger.github.io/firefly/keyconcepts/data_exchange.html) (HTTPS + mTLS) -* Database (PostgreSQL) -* [Shared storage](https://hyperledger.github.io/firefly/keyconcepts/broadcast.html#shared-data) (IPFS) -* Optional tokens connector (ERC1155) - -

- -

- -As depicted above, the chart only aims to provide a means for deploying FireFly core, and then optionally [FireFly Ethconnect](ttps://github.com/hyperledger/firefly-ethconnect), [FireFly Fabconnect](ttps://github.com/hyperledger/firefly-fabconnect), -[FireFly DataExchange HTTPS](https://github.com/hyperledger/firefly-dataexchange-https) and the [FireFly Tokens ERC1155](https://github.com/hyperledger/firefly-tokens-erc1155) microservices. - -> **NOTE**: support for deploying Ethconnect, Fabconnect, and Tokens ERC1155 is under development and will be included -> as part of the chart for its `0.1.0` release. - -All other infrastructural dependencies such as the blockchain, PostgreSQL, and IPFS are considered out of scope for the chart, -and must be pre-provisioned in order for FireFly to be fully functioning. - -## Configuration - -The following describes how to use the chart's values to configure various aspects of the FireFly deployment. - -### Configuration File Templating - -FireFly itself has a robust YAML configuration file (usually named `firefly.core`) powered by [Viper](https://github.com/spf13/viper) -that allows one to define all the necessary configuration for the FireFly server, and the underlying -connectors it will use. - -The chart provides a top-level `config` value which then contains sub-values such as `postgresUrl`, `ipfsApiUrl`, -`organizationName`, `adminEnabled`, etc. These sub-values are meant to provide an opinionated, safe way of templating -the `firefly.core` file. Based on which values are set, it will correctly configure the various connector plugins as well -as determine if additional ports will be exposed such as the admin, debug, and metrics ports. - -The following values are required in order for FireFly to startup correctly: -* `config.organizationName` -* `config.organizationKey` -* `config.postgresUrl` -* `config.ipfsApiUrl` and `config.ipfsGatewayUrl` -* either: - * `config.ethconnectUrl` and `config.fireflyContractAddress` - * or, `config.fabconnectUrl` and `config.fabconnectSigner` - -You can find documentation regarding each of these values, as well as all the other `config` values, -in the comments of the default [`values.yaml`](values.yaml). You can see how the values are used for -templating the `firefly.core` file by looking at the `firefly.coreConfig` helper function in [`_helpers.tpl`](templates/_helpers.tpl). - -> **NOTE**: although `config.dataexchangeUrl` is available, by default `dataexchange.enabled` is `true` which will -> deploy a DataExchange HTTPS and automatically configure FireFly to use it. - -If you would rather customize the templating of the `firefly.core` with your own values, you can use `config.templateOverride`: - -```yaml -config: - templateOverride: | - org: - name: {{ .Values.global.myOrgNameValue }} - # etc. ... -``` - -See [`config.go`](../../../internal/config/config.go) for all available FireFly configuration options. - -### Additional Environment Variables - -If there are configurations you want to set via your own `ConfigMaps` or `Secrets`, it is recommended to do so -via environment variables which can be provided with the `core.extraEnv` list value. FireFly will automatically override -its config via environment variables prefixed with `FIREFLY_`. For example, if you want to set to the config value -`log.level` you would set the env var `FIREFLY_LOG_LEVEL`. - -For a more detailed example using `core.extraEnv`, one could provide basic auth credentials for IPFS from a `Secret` -like so: - -```yaml -core: - extraEnv: - - name: FIREFLY_PUBLICSTORAGE_IPFS_API_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: my-ipfs-basic-auth - key: username - - name: FIREFLY_PUBLICSTORAGE_IPFS_API_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: my-ipfs-basic-auth - key: password -``` - -### Ethereum - -Configuring FireFly to use an [Ethereum](https://ethereum.org/en/) blockchain such as [Geth](https://geth.ethereum.org/), -[Quorum](https://github.com/ConsenSys/quorum), or [Hyperledger Besu](https://www.hyperledger.org/use/besu) requires first -having an instance of [FireFly Ethconnect](https://github.com/hyperledger/firefly-ethconnect) deployed and connected to -the JSONRPC port of an Ethereum node in the underlying network. - -As was noted in [Deployment Architecture](#deployment-architecture), the chart will include support for deploying Ethconnect -as part of its `0.1.0` release. See [#272](https://github.com/hyperledger/firefly/issues/272) to track its progress. For now, -you can either deploy Ethconnect yourself or use a cloud provider like [Kaleido](https://www.kaleido.io) which provides -Ethconnect alongside its Ethereum nodes. - -Once you have an Ethconnect instance ready, FireFly then needs three pieces of configuration: - -* `config.organizationKey`: the Ethereum address of the organization's wallet / key which will be used for signing transactions -* `config.ethconnectUrl`: the HTTP/S URL of the Ethconnect instance FireFly will use -* `config.fireflyContractAddress`: the Ethconnect URI representing the deployed FireFly smart contract i.e. - `/instances/0x965b92929108df1c77c156ba73d00ca851dcd2e1`. See [Smart Contract Deployment](#smart-contract-deployment) - for how to you can deploy the contract yourself. - -These will enable the FireFly deployment to connect to the Ethereum blockchain and submit batch pin transactions via -its smart contract on behalf of the organization it's representing. - -#### Smart Contract Deployment - -Currently, the chart offers no way for one to manage the [FireFly smart contract](../../../smart_contracts/ethereum/solidity_firefly/contracts/Firefly.sol). -Instead, the chart assumes it is already pre-provisioned via Ethconnect by one of the organizations. - -If you have the contract available as gateway contract on Ethconnect, you can then deploy it via the API: - -```shell -curl -v \ - -X POST \ - -H 'Content-Type: application/json' \ - -d '{}' \ - "${ETHCONNECT_URL/gateways/${FF_CONTRACT_GATEWAY}?ff-from=${ORG_WALLET_ADDRESS}&ff-sync=true" -``` - -The JSON returned by the API will have the Ethereum address of the smart contract in the `address` field. - -> **NOTE**: the FireFly smart contract only needs to be deployed by one organization within the blockchain -> network. All organizations within a FireFly network must use the same smart contract instance in order for -> transactions to work properly. - -If the contract is not available as a gateway contract on your Ethconnect instance, see the -Ethconnect docs for [deploying a contract](https://github.com/hyperledger/firefly-ethconnect#yaml-to-deploy-a-contract). - -### Fabric - -Configuring FireFly to use a [Hyperledger Fabric](https://www.hyperledger.org/use/fabric) blockchain requires first -having an instance of [FireFly Fabconnect](https://github.com/hyperledger/firefly-fabconnect) deployed and connected to -the gRPC port of a Fabric peer in the underlying network. - -As was noted in [Deployment Architecture](#deployment-architecture), the chart will include support for deploying Fabconnect -as part of its `0.1.0` release. See [#272](https://github.com/hyperledger/firefly/issues/272) to track its progress. For now, -you can either deploy Fabconnect yourself or use a cloud provider like [Kaleido](https://www.kaleido.io) which provides -Fabconnect alongside its Fabric peer nodes. - -Once you have a Fabconnect instance ready, FireFly then needs three pieces of configuration: - -* `config.organizationKey`: the name of the organization's Fabric identity which will be used for signing transactions -* `config.fabconnectUrl`: the HTTP/S URL of the Fabconnect instance FireFly will use -* `config.fabconnectSigner`: the name of the organization's Fabric identity which will be used for signing transactions. - See [Identity Management](#identity-management) for how to you can create and enroll the identity using Fabconnect. - -These will enable the FireFly deployment to connect to the Fabric blockchain and submit batch pin transactions via -its chaincode on behalf of the organization it's representing. - -#### Chaincode - -By default, the chart assumes the [FireFly chaincode](../../../smart_contracts/fabric/firefly-go/) is deployed to the -`default-channel` with the name `firefly_go`. If the chaincode was deployed to a different channel or with a different -name you can set `config.fabconnectChannel` and `config.fireflyChaincode` accordingly. - -For deploying the chaincode yourself, consult the [Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/deploy_chaincode.html). - -#### Identity Management - -The Fabric identity FireFly will use for signing transactions on behalf of the organization must be pre-enrolled with -the Fabric CA before deploying FireFly and registration its organization. Fabconnect provides an `/identities` REST API -which makes creating an identity and enrolling it easy. For example, the following Bash script performs the necessary -API calls to create and enroll an identity named `${ORG_NAME}`: - -```shell -identityRegistrationResponse=$(curl --fail -s \ - -X POST \ - -H 'Content-Type: application/json' \ - -d "{ \"name\": \"${ORG_NAME}\", \"type\": \"client\" }" \ - "${FABCONNECT_URL}/identities") - -enrollmentSecret=$(echo -n $identityRegistrationResponse | jq -r .secret) -curl --fail -s \ - -X POST \ - -H 'Content-Type: application/json' \ - -d "{ \"secret\": \"${enrollmentSecret}\" }" \ - "${FABCONNECT_URL}/identities/${ORG_NAME}/enroll" | jq -r -``` - -You can use Bash or whatever scripting / programming language you prefer to enroll the identity. If you wish to enroll -the identity without having to first deploying Fabconnect, please consult the [Fabric CA documentation](https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/use_CA.html). - -### Ingress Example - -If you have an [`Ingress` controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) deployed -to your cluster, and the chart supports deploying an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/) -for the FireFly REST API and websocket subscriptions. For example, if you are using the [`ingress-nginx` controller](https://kubernetes.github.io/ingress-nginx/) -alongside [`cert-manager`](https://cert-manager.io/) you can secure FireFly with TLS and the necessary settings: - -```yaml -core: - ingress: - enabled: true - className: nginx # assuming you are using the default ingressClassName for nginx-ingress - annotations: - # recommended for handling blob data transfers and broadcasts - nginx.ingress.kubernetes.io/proxy-body-size: 128m - # example cert-manager ClusterIssuer for Let's Encrypt - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: firefly.acme.org - tls: - - secretName: firefly-tls - hosts: - - firefly.acme.org -``` - -### Database Migrations - -The database schema FireFly uses for its state must be configured via [migrations](https://www.prisma.io/dataguide/types/relational/what-are-database-migrations). -The chart offers the ability to automatically apply the migrations matching the version of FireFly in use via a `Job`: - -```yaml -core: - jobs: - postgresMigrations: - enabled: true -``` - -The `Job` will be named with the FireFly version in use, and will be automatically replaced and re-run whenever the -version is updated indicating the expected schema could have potentially changed. - -Additionally, FireFly itself can apply its own schema migrations. However, this is not recommended for production use -where an organization could have multiple FireFly nodes sharing the same database: - -```yaml -config: - postgresAutomigrate: true -``` - -It is recommended to use the migrations `Job` from above in favor of the automatic migrations. - -### Auto-Registration - -FireFly requires that the organizations within the multi-party system, as well as the individual FireFly -nodes be [registered](https://hyperledger.github.io/firefly/keyconcepts/broadcast.html#firefly-built-in-broadcasts) with -the rest of the network. This can be accomplished using the [FireFly REST API](https://hyperledger.github.io/firefly/swagger/swagger.html#/default/postNewOrganizationSelf), -however the chart offers a registration `Job` which will ensure the organization is registered before then -registering the node: - -```yaml -core: - jobs: - registration: - enabled: true -``` - -### DataExchange HTTPS and cert-manager - -The DataExchange HTTPS uses mTLS to securely send messages to other peers. By default, the -chart assumes an mTLS certificate with the proper `subject` and `commonName` is provided -via `dataexchange.tlsSecret.name`. - -However, the chart offers the ability to automatically provision and wire up the DataExchange -with an mTLS certificate using [cert-manager](https://cert-manager.io/): - -```yaml -dataexchange: - tlsSecret: - enabled: false - - certificate: - enabled: true - issuerRef: - name: selfsigned-ca - kind: ClusterIssuer -``` - -> **NOTE**: the certificate cannot be signed by a self-signed or public CA issuer because cert-manager will not set the -> `subject` and `commonName` properly (see https://github.com/jetstack/cert-manager/issues/3651). We recommend using -> an internal CA issuer instead. An example setup of a CA issuer signed by a self-signed issuer can be found [here](../../manifests/tls-issuers.yaml). - -If your DataExchange HTTPS is communicating via `Ingresses`, you will need to enable TLS passthrough -in order for mTLS to work. For example, when using [ingress-nginx](https://kubernetes.github.io/ingress-nginx/) an -annotation can be set on the `Ingress`: - -```yaml - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - class: nginx - hosts: - - host: firefly-dx.acme.org -``` - -> **NOTE**: the `tls` section of the `Ingress` does not need to be configured since mTLS is required. Instead, -> it assumes the provided `hosts` must match the `tls[0].hosts` and that the secret is either pre-made or -> provided by cert-manager. - -### Tokens via ERC1155 Connector - -Chart support for the [ERC1155 token connector](https://github.com/hyperledger/firefly-tokens-erc1155) is coming soon. -See [#272](https://github.com/hyperledger/firefly/issues/272) for updates on its progress. - -### Prometheus Support - -FireFly comes with an [metrics endpoint](https://prometheus.io/docs/instrumenting/exposition_formats/#text-format-example) -exposed on a separate HTTP server for [Prometheus](https://prometheus.io/) scraping. - -By default, the FireFly Prometheus metrics server is enabled. You can turn the server off, or configure its exposed port -and path using the following values: - -```yaml -config: - metricsEnabled: true - metricsPath: /metrics - -core: - service: - metricsPort: 5100 -``` - -Additionally, if you are managing Prometheus via the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), -you can enable a [`ServiceMonitor`](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#related-resources) -for FireFly with: - -```yaml -core: - metrics: - serviceMonitor: - enabled: true -``` - -## Automated Deployments - -Due to Helm's OCI registry support being experimental, below describes how to configure -common deployment automation tooling for consuming the FireFly chart. - -### GitOps - -#### Flux V2 - -[Flux V2](https://fluxcd.io/docs/) is a GitOps controller for Kubernetes which currently [does not support Helm OCI registries](https://github.com/fluxcd/source-controller/issues/124). -Instead, one can use a [`GitRepository`](https://fluxcd.io/docs/components/source/gitrepositories/) resource pointed at a specific release tag: - -```yaml -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: GitRepository -metadata: - name: firefly-helm -spec: - interval: 10m - url: "https://github.com/hyperledger/firefly" - ref: - tag: helm-v0.1.0 - ignore: | - /* - !/deploy/charts/firefly -``` - -then within a [`HelmRelease`](https://fluxcd.io/docs/components/helm/helmreleases/) resource you can refer to the chart via the `GitRepostiory`: - -```yaml -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: firefly -spec: - chart: - spec: - chart: /deploy/charts/firefly - sourceRef: - name: firefly-helm - kind: GitRepository - interval: 1m - values: | - # ... -``` - -#### ArgoCD - -[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) is another GitOps controller for Kubernetes which does support OCI -Helm registries. In order to use the FireFly Helm chart via an ArgoCD [`Application`](https://argo-cd.readthedocs.io/en/stable/user-guide/helm/#declarative), -you must first add the OCI Helm registry for Hyperledger. For example, you can do so using the [CLI](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_repo_add/): - -```shell -argocd repo add ghcr.io/hyperledger/helm --type helm --name hyperledger --enable-oci --username ${USERNAME} --password ${PAT} -``` - -To declaratively add the registry consult the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories). - -### Terraform - -[Terraform](https://www.terraform.io/) is a CLI tool that enables engineers to "plan" and "apply" infrastructure defined -as code in the [HCL language](https://github.com/hashicorp/hcl). Terraform offers a [Helm provider](https://registry.terraform.io/providers/hashicorp/helm/latest/docs) -for managing Helm releases and their values declaratively. Terraform [does not currently support OCI registries](https://github.com/hashicorp/terraform-provider-helm/issues/633). - -As a result, you can configure Terraform to use the FireFly chart by either: - -1. Creating a wrapper parent chart with the FireFly chart dependency pre-downloaded and [vendored](https://medium.com/plain-and-simple/dependency-vendoring-dd765be75655). - See [Using as a Dependency](#using-as-a-dependency) for more information. - -2. Pre-downloading the FireFly chart directly using: - ```shell - helm pull --version 0.0.1 oci://ghcr.io/hyperledger/helm/firefly - ``` - then referring to via its filepath location: - ```hcl - resource "helm_release" "firefly" { - name = "firefly" - chart = "firefly-0.0.1.tgz" - // ... - } - ``` \ No newline at end of file diff --git a/deploy/charts/firefly/ci/eth-values.yaml b/deploy/charts/firefly/ci/eth-values.yaml deleted file mode 100644 index 5fbf113bd7..0000000000 --- a/deploy/charts/firefly/ci/eth-values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -config: - debugEnabled: true - adminEnabled: true - metricsEnabled: true - preInit: true - - organizationName: "firefly-os" - organizationKey: "0xeb7284ce905e0665b7d42cabe31c76c45da1d331" - fireflyContractAddress: "0xeb7284ce905e0665b7d42cabe31c76c45da1d254" - - ethconnectUrl: "http://ethconnect.firefly-os" - - postgresUrl: "postgres://postgres:firef1y@postgresql.default.svc:5432?sslmode=disable" - postgresAutomigrate: true - - ipfsApiUrl: "http://ipfs.firefly-os:5001" - ipfsGatewayUrl: "http://ipfs.firefly-os:8080" - -core: - metrics: - serviceMonitor: - enabled: true - -dataexchange: - certificate: - enabled: true - issuerRef: - kind: ClusterIssuer - name: selfsigned-ca - - tlsSecret: - enabled: false diff --git a/deploy/charts/firefly/ci/fab-values.yaml b/deploy/charts/firefly/ci/fab-values.yaml deleted file mode 100644 index 7f48973c57..0000000000 --- a/deploy/charts/firefly/ci/fab-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -config: - debugEnabled: true - adminEnabled: true - preInit: true - - organizationName: "firefly-os" - organizationKey: "firefly-os" - - fabconnectUrl: "http://fabconnect.firefly-os" - - postgresUrl: "postgres://postgres:firef1y@postgresql.default.svc:5432?sslmode=disable" - postgresAutomigrate: true - - ipfsApiUrl: "http://ipfs.firefly-os:5001" - ipfsGatewayUrl: "http://ipfs.firefly-os:8080" - -dataexchange: - certificate: - enabled: true - issuerRef: - kind: ClusterIssuer - name: selfsigned-ca - - tlsSecret: - enabled: false diff --git a/deploy/charts/firefly/scripts/ff-db-migrations.sh b/deploy/charts/firefly/scripts/ff-db-migrations.sh deleted file mode 100644 index e3d78a848e..0000000000 --- a/deploy/charts/firefly/scripts/ff-db-migrations.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh - -# Install deps -apk add postgresql-client curl jq - -echo "Provided connection string: '${PSQL_URL}'" - -# Extract the database name from the end of the PSQL URL, and check it's there -DB_PARAMS=`echo ${PSQL_URL} | sed 's!^.*/!!'` -DB_NAME=`echo ${DB_PARAMS} | sed 's!?.*!!'` -echo "Database name: '${DB_NAME}'" -USER_NAME=`echo ${PSQL_URL} | sed 's!^.*//!!' | sed 's!:.*$!!'` -echo "Username: '${USER_NAME}'" -COLONS=`echo -n $DB_NAME | sed 's/[^:]//g'` -if [ -z "${DB_NAME}" ] || [ -n "${COLONS}" ] -then - echo "Error: Postgres URL does not appear to contain a database name (required)." - exit 1 -fi - -# Check we can connect to the PSQL server using the default "postgres" database -PSQL_SERVER=`echo ${PSQL_URL} | sed "s!${DB_PARAMS}!!"`postgres -echo "PSQL server URL: '${PSQL_SERVER}'" -until psql -c "SELECT 1;" ${PSQL_SERVER}; do - echo "Waiting for PSQL server connection..." - sleep 1 -done - -# Create the database if it doesn't exist -if ! psql -c "SELECT datname FROM pg_database WHERE datname = '${DB_NAME}';" ${PSQL_SERVER} | grep ${DB_NAME} -then - echo "Database '${DB_NAME}' does not exist; creating." - psql -c "CREATE DATABASE \"${DB_NAME}\" WITH OWNER \"${USER_NAME}\";" ${PSQL_SERVER} -fi - -# Wait for the database itself to be available -until psql -c "SELECT 1;" ${PSQL_URL}; do - echo "Waiting for database..." - sleep 1 -done - -# Download the latest migration tool -MIGRATE_RELEASE=$(curl -sL https://api.github.com/repos/golang-migrate/migrate/releases/latest | jq -r '.name') -curl -sL https://github.com/golang-migrate/migrate/releases/download/${MIGRATE_RELEASE}/migrate.linux-amd64.tar.gz | tar xz - -# Do the migrations -./migrate -database ${PSQL_URL} -path db/migrations/postgres up diff --git a/deploy/charts/firefly/scripts/ff-registration.sh b/deploy/charts/firefly/scripts/ff-registration.sh deleted file mode 100644 index 46bfd265ca..0000000000 --- a/deploy/charts/firefly/scripts/ff-registration.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -apk add curl jq - -until STATUS=$(curl ${FF_URL}/api/v1/status); do - echo "Waiting for FireFly..." - sleep 5 -done - -if [ `echo $STATUS | jq -r .org.registered` != "true" ]; then - - echo "Registering organization" - HTTP_CODE=`curl --silent --output /dev/stderr --write-out "%{http_code}" \ - -X POST -d '{}' -H 'Content-Type: application/json' \ - "${FF_URL}/api/v1/network/organizations/self?confirm"` - if [ "$HTTP_CODE" -ne 200 ]; then - echo "Failed to register with code ${HTTP_CODE}" - exit 1 - fi - -fi - -if [ `echo $STATUS | jq -r .node.registered` != "true" ]; then - - echo "Registering node" - HTTP_CODE=`curl --silent --output /dev/stderr --write-out "%{http_code}" \ - -X POST -d '{}' -H 'Content-Type: application/json' \ - "${FF_URL}/api/v1/network/nodes/self?confirm"` - if [ "$HTTP_CODE" -ne 200 ]; then - echo "Failed to register with code ${HTTP_CODE}" - exit 1 - fi - -else - - echo "Already registered. Nothing to do" - -fi diff --git a/deploy/charts/firefly/templates/NOTES.txt b/deploy/charts/firefly/templates/NOTES.txt deleted file mode 100644 index 681f77b53b..0000000000 --- a/deploy/charts/firefly/templates/NOTES.txt +++ /dev/null @@ -1,29 +0,0 @@ -1. Get the FireFly URL by running these commands: -{{- if .Values.core.ingress.enabled }} -{{- $host := index .Values.core.ingress.hosts 0 }} - export FF_URL="http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}" -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "firefly.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export FF_URL="http://$NODE_IP:$NODE_PORT" -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "firefly.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "firefly.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - export FF_URL="http://$SERVICE_IP:{{ .Values.core.service.httpPort }}" -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "firefly.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - export FF_URL="http://127.0.0.1:8080" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT & -{{- end }} - echo "Visit $FF_URL/api to explore the API via Swagger" - echo "Visit $FF_URL/ui to use explorer UI" -2. Assuming the FireFly smart contracts have been properly deployed and registered on the chain, you can register your FireFly node's organization via the API: - curl -X POST -d '{}' -H 'Content-Type: application/json" $FF_URL/api/v1/network/register/node/organization -3. Wait until your organization then registered, you can confirm its registration by listing the orgs: - curl -X GET $FF_URL/api/v1/network/organizations -4. Once the org is registered, you can register the node itself: - curl -X POST -d '{}' -H 'Content-Type: application/json" $FF_URL/api/v1/network/register/node -5. Lastly, confirm the node has been registered: - curl -X GET $FF_URL/api/v1/network/nodes diff --git a/deploy/charts/firefly/templates/_helpers.tpl b/deploy/charts/firefly/templates/_helpers.tpl deleted file mode 100644 index 47f61c851b..0000000000 --- a/deploy/charts/firefly/templates/_helpers.tpl +++ /dev/null @@ -1,208 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "firefly.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "firefly.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "firefly.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "firefly.coreLabels" -}} -helm.sh/chart: {{ include "firefly.chart" . }} -{{ include "firefly.coreSelectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kuberentes.io/part-of: {{ .Chart.Name }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "firefly.dataexchangeLabels" -}} -helm.sh/chart: {{ include "firefly.chart" . }} -{{ include "firefly.dataexchangeSelectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kuberentes.io/part-of: {{ .Chart.Name }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "firefly.coreSelectorLabels" -}} -app.kubernetes.io/name: {{ include "firefly.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: core -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "firefly.dataexchangeSelectorLabels" -}} -app.kubernetes.io/name: {{ include "firefly.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: dx -{{- end }} - -{{- define "firefly.dataexchangeP2PHost" -}} -{{- if .Values.dataexchange.ingress.enabled }} -{{- (index .Values.dataexchange.ingress.hosts 0).host }} -{{- else }} -{{- printf "%s-dx.%s.svc:%d" (include "firefly.fullname" .) .Release.Namespace (.Values.dataexchange.service.p2pPort | int64) }} -{{- end }} -{{- end }} - -{{- define "firefly.coreConfig" -}} -{{- if .Values.config.debugEnabled }} -log: - level: debug -debug: - port: {{ .Values.core.service.debugPort }} -{{- end }} -http: - port: {{ .Values.core.service.httpPort }} - address: 0.0.0.0 -admin: - port: {{ .Values.core.service.adminPort }} - address: 0.0.0.0 - enabled: {{ .Values.config.adminEnabled }} - preinit: {{ and .Values.config.adminEnabled .Values.config.preInit }} -metrics: - enabled: {{ .Values.config.metricsEnabled }} -{{- if .Values.config.metricsEnabled }} - path: {{ .Values.config.metricsPath }} - address: 0.0.0.0 - port: {{ .Values.core.service.metricsPort }} -{{- end }} -ui: - path: ./frontend -org: - name: {{ .Values.config.organizationName }} - key: {{ .Values.config.organizationKey }} -{{- if .Values.config.blockchainOverride }} -blockchain: - {{- toYaml (tpl .Values.config.blockchainOverride .) | nindent 2 }} -{{- else if .Values.config.ethconnectUrl }} -blockchain: - type: ethereum - ethereum: - ethconnect: - url: {{ tpl .Values.config.ethconnectUrl . }} - instance: {{ .Values.config.fireflyContractAddress }} - topic: {{ .Values.config.ethconnectTopic | quote }} - retry: - enable: {{ .Values.config.ethconnectRetry }} - {{- if and .Values.config.ethconnectUsername .Values.config.ethconnectPassword }} - auth: - username: {{ .Values.config.ethconnectUsername | quote }} - password: {{ .Values.config.ethconnectPassword | quote }} - {{- end }} - {{- if .Values.config.ethconnectPrefixShort }} - prefixShort: {{ .Values.config.ethconnectPrefixShort }} - {{- end }} - {{- if .Values.config.ethconnectPrefixLong }} - prefixLong: {{ .Values.config.ethconnectPrefixLong }} - {{- end }} -{{- else if .Values.config.fabconnectUrl }} -blockchain: - type: fabric - fabric: - fabconnect: - url: {{ tpl .Values.config.fabconnectUrl . }} - {{- if and .Values.config.fabconnectUsername .Values.config.fabconnectPassword }} - auth: - username: {{ .Values.config.fabconnectUsername | quote }} - password: {{ .Values.config.fabconnectPassword | quote }} - {{- end }} - retry: - enable: {{ .Values.config.fabconnectRetry }} - channel: {{ .Values.config.fabconnectChannel | quote }} - chaincode: {{ .Values.config.fireflyChaincode | quote }} - topic: {{ .Values.config.fabconnectTopic | quote }} - signer: {{ .Values.config.fabconnectSigner | quote }} -{{- end }} -{{- if .Values.config.databaseOverride }} -database: - {{- toYaml (tpl .Values.config.databaseOverride .) | nindent 2 }} -{{- else if .Values.config.postgresUrl }} -database: - type: postgres - postgres: - url: {{ tpl .Values.config.postgresUrl . }} - migrations: - auto: {{ .Values.config.postgresAutomigrate }} -{{- end }} -{{- if .Values.config.publicstorageOverride }} -publicstorage: - {{- toYaml (tpl .Values.config.publicstorageOverride .) | nindent 2 }} -{{- else if and .Values.config.ipfsApiUrl .Values.config.ipfsGatewayUrl }} -publicstorage: - type: ipfs - ipfs: - api: - url: {{ tpl .Values.config.ipfsApiUrl . }} - {{- if and .Values.config.ipfsApiUsername .Values.config.ipfsApiPassword }} - auth: - username: {{ .Values.config.ipfsApiUsername |quote }} - password: {{ .Values.config.ipfsApiPassword | quote }} - {{- end }} - gateway: - url: {{ tpl .Values.config.ipfsGatewayUrl . }} - {{- if and .Values.config.ipfsGatewayUsername .Values.config.ipfsGatewayPassword }} - auth: - username: {{ .Values.config.ipfsGatewayUsername |quote }} - password: {{ .Values.config.ipfsGatewayPassword | quote }} - {{- end }} -{{- end }} -{{- if and .Values.config.dataexchangeOverride (not .Values.dataexchange.enabled) }} -dataexchange: - {{- toYaml (tpl .Values.config.dataexchangeOverride .) | nindent 2 }} -{{- else }} -dataexchange: - {{- if .Values.dataexchange.enabled }} - https: - url: http://{{ include "firefly.fullname" . }}-dx.{{ .Release.Namespace }}.svc:{{ .Values.dataexchange.service.apiPort }} - {{- if .Values.dataexchange.apiKey }} - headers: - x-api-key: {{ .Values.dataexchange.apiKey | quote }} - {{- end }} - {{- else }} - https: - url: {{ tpl .Values.config.dataexchangeUrl . }} - {{- if .Values.config.dataexchangeAPIKey }} - headers: - x-api-key: {{ .Values.config.dataexchangeAPIKey | quote }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/charts/firefly/templates/core/ingress.yaml b/deploy/charts/firefly/templates/core/ingress.yaml deleted file mode 100644 index b246862185..0000000000 --- a/deploy/charts/firefly/templates/core/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.core.ingress.enabled -}} -{{- $fullName := include "firefly.fullname" . -}} -{{- $svcPort := .Values.core.service.httpPort -}} -{{- if and .Values.core.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.core.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.core.ingress.annotations "kubernetes.io/ingress.class" .Values.core.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "firefly.coreLabels" . | nindent 4 }} - {{- with .Values.core.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.core.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.core.ingress.className }} - {{- end }} - {{- if .Values.core.ingress.tls }} - tls: - {{- range .Values.core.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.core.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: / - {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deploy/charts/firefly/templates/core/job-migrations.yaml b/deploy/charts/firefly/templates/core/job-migrations.yaml deleted file mode 100644 index 0aea2c36ee..0000000000 --- a/deploy/charts/firefly/templates/core/job-migrations.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.core.jobs.postgresMigrations.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "firefly.fullname" . }}-{{ .Values.core.image.tag | default (printf "v%s" .Chart.AppVersion) }}-migrations" -spec: - backoffLimit: 5 - activeDeadlineSeconds: 12000 - template: - spec: - containers: - - name: migration - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default (printf "v%s" .Chart.AppVersion) }}" - command: - - sh - - -ce - - | -{{ .Files.Get "scripts/ff-db-migrations.sh" | indent 10 }} - env: - - name: PSQL_URL - valueFrom: - secretKeyRef: - name: {{ include "firefly.fullname" . }}-config - key: psql_url - restartPolicy: Never -{{- end }} diff --git a/deploy/charts/firefly/templates/core/job-registration.yaml b/deploy/charts/firefly/templates/core/job-registration.yaml deleted file mode 100644 index f501bdaf80..0000000000 --- a/deploy/charts/firefly/templates/core/job-registration.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.core.jobs.registration.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "firefly.fullname" . }}-{{ .Values.config.organizationName | lower }}-registration" -spec: - backoffLimit: 5 - activeDeadlineSeconds: 12000 - template: - spec: - containers: - - name: registration - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default (printf "v%s" .Chart.AppVersion) }}" - command: - - sh - - -ce - - | -{{ .Files.Get "scripts/ff-registration.sh" | indent 10 }} - env: - - name: FF_URL - value: "http://{{ include "firefly.fullname" . }}:{{ .Values.core.service.httpPort }}" - restartPolicy: Never -{{- end }} diff --git a/deploy/charts/firefly/templates/core/secret.yaml b/deploy/charts/firefly/templates/core/secret.yaml deleted file mode 100644 index 4b3cf3e684..0000000000 --- a/deploy/charts/firefly/templates/core/secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "firefly.fullname" . }}-config - labels: - {{- include "firefly.coreLabels" . | nindent 4 }} -stringData: - {{- if and .Values.config.postgresUrl .Values.core.jobs.postgresMigrations.enabled }} - psql_url: {{ tpl .Values.config.postgresUrl . }} - {{- end }} - firefly.core: | - {{- if .Values.config.templateOverride }} - {{- toYaml (tpl .Values.config.templateOverride .) | nindent 4 }} - {{- else }} - {{- include "firefly.coreConfig" . | nindent 4 }} - {{- end }} diff --git a/deploy/charts/firefly/templates/core/service.yaml b/deploy/charts/firefly/templates/core/service.yaml deleted file mode 100644 index 1b4998efa2..0000000000 --- a/deploy/charts/firefly/templates/core/service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "firefly.fullname" . }} - labels: - {{- include "firefly.coreLabels" . | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - {{- if .Values.config.debugEnabled }} - - port: {{ .Values.core.service.debugPort }} - targetPort: debug - protocol: TCP - name: debug - {{- end }} - - port: {{ .Values.core.service.httpPort }} - targetPort: http - protocol: TCP - name: http - {{- if .Values.config.adminEnabled }} - - port: {{ .Values.core.service.adminPort }} - targetPort: admin - protocol: TCP - name: admin - {{- end }} - {{- if .Values.config.metricsEnabled }} - - port: {{ .Values.core.service.metricsPort }} - targetPort: metrics - protocol: TCP - name: metrics - {{- end }} - selector: - {{- include "firefly.coreSelectorLabels" . | nindent 4 }} diff --git a/deploy/charts/firefly/templates/core/servicemonitor.yaml b/deploy/charts/firefly/templates/core/servicemonitor.yaml deleted file mode 100644 index a59a9eafc1..0000000000 --- a/deploy/charts/firefly/templates/core/servicemonitor.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.core.metrics.serviceMonitor.enabled .Values.config.metricsEnabled }} -{{- if not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }} -# WARNING: prometheus-operator is not installed but serivcemonitor has been enabled, this will fail. Please install -# prometheus-operator to resolve this. -{{- end }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "firefly.fullname" . }} - labels: - {{- include "firefly.coreLabels" . | nindent 4 }} -spec: - endpoints: - - port: metrics - path: {{ .Values.config.metricsPath }} - interval: {{ .Values.core.metrics.serviceMonitor.scrapeInterval }} - {{- if .Values.core.metrics.serviceMonitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.core.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.core.metrics.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.core.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.core.metrics.serviceMonitor.jobLabel | quote }} - {{- end }} - {{- if .Values.core.metrics.serviceMonitor.namespaceSelector }} - namespaceSelector: {{ toYaml .Values.core.metrics.serviceMonitor.namespaceSelector | nindent 4 }} - {{- end }} - {{- if .Values.core.metrics.serviceMonitor.targetLabels }} - targetLabels: - {{- range .Values.core.metrics.serviceMonitor.targetLabels }} - - {{ . }} - {{- end }} - {{- end }} - selector: - matchLabels: - {{- include "firefly.coreSelectorLabels" . | nindent 6 }} -{{- end }} - diff --git a/deploy/charts/firefly/templates/core/statefulset.yaml b/deploy/charts/firefly/templates/core/statefulset.yaml deleted file mode 100644 index 0da28628e6..0000000000 --- a/deploy/charts/firefly/templates/core/statefulset.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "firefly.fullname" . }} - labels: - {{- include "firefly.coreLabels" . | nindent 4 }} -spec: - serviceName: {{ include "firefly.fullname" . }} - updateStrategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - {{- include "firefly.coreSelectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/core/secret.yaml") . | sha256sum }} - {{- with .Values.core.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "firefly.coreSelectorLabels" . | nindent 8 }} - spec: - {{- with .Values.core.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.core.podSecurityContext | nindent 8 }} - containers: - - name: firefly - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default (printf "v%s" .Chart.AppVersion) }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: FIREFLY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .Values.core.extraEnv }} - {{- toYaml .Values.core.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.core.service.httpPort }} - protocol: TCP - {{- if .Values.config.debugEnabled }} - - name: debug - containerPort: {{ .Values.core.service.debugPort }} - protocol: TCP - {{- end }} - {{- if .Values.config.adminEnabled }} - - name: admin - containerPort: {{ .Values.core.service.adminPort }} - protocol: TCP - {{- end }} - {{- if .Values.config.metricsEnabled }} - - name: metrics - containerPort: {{ .Values.core.service.metricsPort }} - protocol: TCP - {{- end }} - livenessProbe: - tcpSocket: - port: {{ if and .Values.config.adminEnabled .Values.config.preInit }}admin{{ else }}http{{ end }} - initialDelaySeconds: 10 - failureThreshold: 5 - successThreshold: 1 - periodSeconds: 5 - readinessProbe: - tcpSocket: - port: {{ if and .Values.config.adminEnabled .Values.config.preInit }}admin{{ else }}http{{ end }} - failureThreshold: 10 - successThreshold: 3 - periodSeconds: 3 - volumeMounts: - - mountPath: /etc/firefly/ - name: firefly-config - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - {{- with .Values.core.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.core.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.core.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: firefly-config - secret: - secretName: {{ include "firefly.fullname" . }}-config diff --git a/deploy/charts/firefly/templates/dataexchange/certificate.yaml b/deploy/charts/firefly/templates/dataexchange/certificate.yaml deleted file mode 100644 index 1740899c56..0000000000 --- a/deploy/charts/firefly/templates/dataexchange/certificate.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.dataexchange.enabled .Values.dataexchange.certificate.enabled }} -{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") }} -# WARNING: cert-manager is not installed but certificate has been enabled, this will fail. Please either -# provide your own TLS certificate via tlsSecret.name or install cert-manager to resolve this. -{{- end }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ include "firefly.fullname" . }}-dx" - labels: - {{- include "firefly.dataexchangeLabels" . | nindent 4 }} -spec: - # NOTE: issuer should always be an internal / self-signed CA so that the subject is included - # LetsEncrypt will not work w/ DX currently bc those certs cannot have subject, etc. configured. - # Nor will a self-signed cert due to https://github.com/jetstack/cert-manager/issues/3651 - issuerRef: - {{- toYaml .Values.dataexchange.certificate.issuerRef | nindent 4 }} - secretName: "{{ include "firefly.fullname" . }}-dx-tls" - subject: - organizations: - - {{ .Values.config.organizationName }} - commonName: {{ if .Values.dataexchange.ingress.enabled }}{{ (index .Values.dataexchange.ingress.hosts 0).host }}{{ else }}{{ include "firefly.fullname" . }}-dx{{ end }} - usages: - - server auth - - client auth - dnsNames: - {{- if .Values.dataexchange.ingress.enabled }} - {{- range .Values.dataexchange.ingress.hosts }} - - {{ .host }} - {{- end }} - {{- end }} - - {{ include "firefly.fullname" . }}-dx - - {{ include "firefly.fullname" . }}-dx.{{ .Release.Namespace }}.svc - - {{ include "firefly.fullname" . }}-dx.{{ .Release.Namespace }}.svc.cluster.local -{{- end }} diff --git a/deploy/charts/firefly/templates/dataexchange/ingress.yaml b/deploy/charts/firefly/templates/dataexchange/ingress.yaml deleted file mode 100644 index 3918f08f34..0000000000 --- a/deploy/charts/firefly/templates/dataexchange/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.dataexchange.enabled .Values.dataexchange.ingress.enabled -}} -{{- $fullName := include "firefly.fullname" . -}} -{{- $svcPort := .Values.dataexchange.service.p2pPort -}} -{{- if and .Values.dataexchange.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.dataexchange.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.dataexchange.ingress.annotations "kubernetes.io/ingress.class" .Values.dataexchange.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }}-dx - labels: - {{- include "firefly.dataexchangeLabels" . | nindent 4 }} - {{- with .Values.dataexchange.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.dataexchange.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.dataexchange.ingress.className }} - {{- end }} - {{- $tlsSecretName := .Values.dataexchange.tlsSecret.name }} - {{- if and .Values.dataexchange.certificate.enabled (not .Values.dataexchange.tlsSecret.enabled) }} - {{- $tlsSecretName = printf "%s-dx-tls" $fullName}} - {{- end }} - tls: - - hosts: - {{- range .Values.dataexchange.ingress.hosts }} - - {{ .host | quote }} - {{- end }} - secretName: {{ $tlsSecretName }} - rules: - {{- range .Values.dataexchange.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: / - {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }}-dx - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }}-dx - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deploy/charts/firefly/templates/dataexchange/secret.yaml b/deploy/charts/firefly/templates/dataexchange/secret.yaml deleted file mode 100644 index b894b885f6..0000000000 --- a/deploy/charts/firefly/templates/dataexchange/secret.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.dataexchange.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "firefly.fullname" . }}-dx-config - labels: - {{- include "firefly.dataexchangeLabels" . | nindent 4 }} -stringData: - config.json: | - { - {{- if .Values.dataexchange.apiKey }} - "apiKey": {{ .Values.dataexchange.apiKey | quote }}, - {{- end }} - "api": { - "hostname": "0.0.0.0", - "port": {{ .Values.dataexchange.service.apiPort }} - }, - "p2p": { - "hostname": "0.0.0.0", - "port": {{ .Values.dataexchange.service.p2pPort }}, - "endpoint": "https://{{ include "firefly.dataexchangeP2PHost" . }}" - } - } -{{- end }} diff --git a/deploy/charts/firefly/templates/dataexchange/service.yaml b/deploy/charts/firefly/templates/dataexchange/service.yaml deleted file mode 100644 index 615f02ebe5..0000000000 --- a/deploy/charts/firefly/templates/dataexchange/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dataexchange.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "firefly.fullname" . }}-dx - labels: - {{- include "firefly.dataexchangeLabels" . | nindent 4 }} -spec: - type: {{ .Values.dataexchange.service.type }} - ports: - - port: {{ .Values.dataexchange.service.apiPort }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.dataexchange.service.p2pPort }} - targetPort: p2p - protocol: TCP - name: p2p - selector: - {{- include "firefly.dataexchangeSelectorLabels" . | nindent 4 }} -{{- end }} diff --git a/deploy/charts/firefly/templates/dataexchange/statefulset.yaml b/deploy/charts/firefly/templates/dataexchange/statefulset.yaml deleted file mode 100644 index e87e40f3fd..0000000000 --- a/deploy/charts/firefly/templates/dataexchange/statefulset.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.dataexchange.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "firefly.fullname" . }}-dx - labels: - {{- include "firefly.dataexchangeLabels" . | nindent 4 }} -spec: - replicas: 1 - serviceName: {{ include "firefly.fullname" . }}-dx - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - {{- include "firefly.dataexchangeSelectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/dataexchange/secret.yaml") . | sha256sum }} - {{- if .Values.dataexchange.certificate.enabled }} - checksum/certificate: {{ include (print $.Template.BasePath "/dataexchange/certificate.yaml") . | sha256sum }} - {{- end }} - {{- with .Values.dataexchange.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "firefly.dataexchangeSelectorLabels" . | nindent 8 }} - spec: - {{- with .Values.dataexchange.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.dataexchange.podSecurityContext | nindent 8 }} - containers: - - name: dx - securityContext: - {{- toYaml .Values.dataexchange.securityContext | nindent 12 }} - image: "{{ .Values.dataexchange.image.repository }}:{{ .Values.dataexchange.image.tag }}" - imagePullPolicy: {{ .Values.dataexchange.image.pullPolicy }} - {{- if .Values.dataexchange.extraEnv }} - env: - {{- toYaml .Values.dataexchange.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.dataexchange.service.apiPort }} - protocol: TCP - - name: p2p - containerPort: {{ .Values.dataexchange.service.p2pPort }} - protocol: TCP - livenessProbe: - tcpSocket: - port: http - initialDelaySeconds: 5 - failureThreshold: 5 - successThreshold: 1 - periodSeconds: 5 - readinessProbe: - tcpSocket: - port: p2p - initialDelaySeconds: 5 - failureThreshold: 10 - successThreshold: 3 - periodSeconds: 3 - resources: - {{- toYaml .Values.dataexchange.resources | nindent 12 }} - volumeMounts: - - mountPath: /data/peer-certs - subPath: peer-certs - name: {{ include "firefly.fullname" . }}-dx-peers - - mountPath: /data/peers - subPath: peers - name: {{ include "firefly.fullname" . }}-dx-peers - - mountPath: /data/config.json - name: config - subPath: config.json - - mountPath: /data/key.pem - name: tls - subPath: tls.key - - mountPath: /data/cert.pem - name: tls - subPath: tls.crt - - mountPath: /data/ca.pem - name: tls - subPath: ca.crt - - mountPath: /data/blobs - {{- if and .Values.dataexchange.persistentVolumes.blobs.enabled .Values.dataexchange.persistentVolumes.blobs.subPath }} - subPath: {{ .Values.dataexchange.persistentVolumes.blobs.subPath | quote }} - {{- end }} - name: {{ include "firefly.fullname" . }}-dx-blobs - {{- with .Values.dataexchange.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataexchange.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.dataexchange.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: config - secret: - secretName: "{{ include "firefly.fullname" . }}-dx-config" - - name: tls - secret: - secretName: {{ if and .Values.dataexchange.certificate.enabled (not .Values.dataexchange.tlsSecret.enabled) }}"{{ include "firefly.fullname" . }}-dx-tls"{{ else }}{{ .Values.dataexchange.tlsSecret.name }}{{ end }} - {{- if not .Values.dataexchange.persistentVolumes.blobs.enabled }} - - name: {{ include "firefly.fullname" . }}-dx-blobs - emptyDir: {} - {{- end }} - {{- if or .Values.dataexchange.persistentVolumes.blobs.enabled .Values.dataexchange.persistentVolumes.peers.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "firefly.fullname" . }}-dx-blobs - {{- with .Values.dataexchange.persistentVolumes.blobs }} - {{- with .annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- toYaml .accessModes | nindent 10 }} - storageClassName: {{ .storageClass }} - resources: - requests: - storage: {{ .size }} - {{- end }} - {{- end }} - - metadata: - name: {{ include "firefly.fullname" . }}-dx-peers - {{- with .Values.dataexchange.persistentVolumes.peers }} - {{- with .annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- toYaml .accessModes | nindent 10 }} - storageClassName: {{ .storageClass }} - resources: - requests: - storage: {{ .size }} - {{- end }} -{{- end }} diff --git a/deploy/charts/firefly/values.yaml b/deploy/charts/firefly/values.yaml deleted file mode 100644 index 4f5fdeaf04..0000000000 --- a/deploy/charts/firefly/values.yaml +++ /dev/null @@ -1,306 +0,0 @@ -# Templates the firefly.core configuration file of FireFly, and in some cases configures which ports are exposed. -config: - # Enables the FireFly debug port on 6060 and `DEBUG` level logs - debugEnabled: false - - # Enables the Admin API port for dynamic configuration - adminEnabled: true - - # Enables the metrics server / port for Prometheus scraping - metricsEnabled: true - - # Configures the path on which Prometheus metrics are served, useful if you need to change it to match existing Prometheus scrape configs - metricsPath: /metrics - - # Puts a fresh FireFly node into the preinit state, allowing an operator to then setup smart contracts, apply database migrations, etc. before re-configuring the node to proceed. - # It is _not_ recommended to configure FireFly nodes in a preinit state for non-development scenarios. - preInit: false - - # The name of the organization the FireFly node belongs to - organizationName: "" - - # The blockchain signing key of the organization e.g. the Ethereum account address or the Fabric membership - organizationKey: "" - - # The Ethereum address of the pre-deployed FireFly smart contract - fireflyContractAddress: "/instances/contractAddress" - - # The name of the Fabric chaincode deployment for the FireFly chaincode - fireflyChaincode: firefly_go - - # The Postgres URL (including credentials and DB) for FireFly to for the database plugin - postgresUrl: "" - - # Whether or not to apply schema migrations automatically on startup, not recommended for production - postgresAutomigrate: false - - # The URL of the HTTPS DataExchange for the node to use for the dataexchange plugin i.e. private messaging, only needed if `dataexchange.enabled` is set to false - dataexchangeUrl: "" - - # The API key used to authenticate to HTTPS DataExchange, only needed if `dataexchange.enabled` is set to false - dataexchangeAPIKey: "" - - # The URL of the IPFS API server to use for the publicstorage plugin, in some cases this is the same as the Gateway URL, see below - ipfsApiUrl: "" - - # The basic auth username to use for authenticating to the IPFS API server - ipfsApiUsername: "" - - # The basic auth password to use for authenticating to the IPFS API server - ipfsApiPassword: "" - - # The URL of the IPFS Gateway server, in some cases this is the same as the API URL - ipfsGatewayUrl: "" - - # The basic auth username to use for authenticating to the IPFS Gateway server - ipfsGatewayUsername: "" - - # The basic auth password to use for authenticating to the IPFS Gateway server - ipfsGatewayPassword: "" - - # The URL of the Ethconnect API and WS server to use for the blockchain plugin of type `ethereum` - ethconnectUrl: "" - - # The basic auth username to use for authenticating to Ethconnect - ethconnectUsername: "" - - # The basic auth password to use for authenticating to Ethconnect - ethconnectPassword: "" - - # Enables retries when communicating with Ethconnect - ethconnectRetry: true - - # The Ethconnect topic to use for blockchain event subscriptions - ethconnectTopic: 0 - - # The short prefix FireFly will prepend to certain headers it sends to Ethconnect i.e. ff or kld - ethconnectPrefixShort: "" - - # The long prefix FireFly will prepend to certain headers it sends to Ethconnect i.e. FireFly or Kaleido - ethconnectPrefixLong: "" - - # The URL of the Fabconnect API and WS server to use for the blockchain plugin of type `fabric` - fabconnectUrl: "" - - # The Fabric channel to use when communicating with peers and running chaincodes - fabconnectChannel: default-channel - - # Enables retries when communicating with Fabconnect - fabconnectRetry: true - - # The basic auth username to use for authenticating to Fabconnect - fabconnectUsername: "" - - # The basic auth password to use for authenticating to Fabconnect - fabconnectPassword: "" - - # The Fabconnect topic to use for blockchain event subscriptions - fabconnectTopic: 0 - - # The Fabric to use for signing transactions, must be pre-registered and enrolled - fabconnectSigner: "" - - # The following values can be used to override the templating of specific plugin sections, in the case where - # the user wants greater control to template the sections using global values, additional helpers, etc. OR if they - # want to use other plugin types i.e. `fabric` which currently do not exist at the time of writing. - - dataexchangeOverride: {} - - databaseOverride: {} - - publicstorageOverride: {} - - blockchainOverride: {} - # type: ethereum - # ethereum: - # ethconnect: - # url: http://ethconnect_0:8080 - # instance: /contracts/firefly - # topic: "0" - - # Instead of using the provided config template from _helpers.tpl, users can use to customize the config using their own global values, etc. - # See the firefly.coreConfig helper for an example of a Go-templated config file that could be provided here as a multiline string. - templateOverride: "" - -# Configures the properties of the StatefulSet, Service, and optionally Ingress used to deploy and expose FireFly -core: - image: - repository: ghcr.io/hyperledger/firefly - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - # tag: latest - - extraEnv: [] - # - name: FIREFLY_LOG_LEVEL - # value: debug - - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - - podAnnotations: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - httpPort: 5000 - adminPort: 5001 - debugPort: 6060 - metricsPort: 5100 - - metrics: - serviceMonitor: - enabled: false - scrapeInterval: 10s - - # NOTE: The Ingress will only expose the HTTP API and never the Admin or Debug APIs - ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - jobs: - # Whether to create a migration job to perform migrations each time a new tag is pushed for the FireFly image (supports DB creation) - postgresMigrations: - enabled: false - - # Whether to use a Job to perform auto-registration of the FireFly runtime. - # Note registration will not be successful until the new node has caught up with the head of the chain. - registration: - enabled: false - -# Configures the properties of the StatefulSet, Service, and optionally Ingress used to deploy and expose FireFly HTTPS DataExchange -dataexchange: - - # Toggles whether or not to deploy HTTPS DataExchange alongside FireFly, and therefore how the dataexchange section of its config will be templated - enabled: true - - # The API key the HTTPS DataExchange will use to secure its API and WS server for communication from FireFly - apiKey: "" - - # A Secret providing the mTLS certificate the HTTPS DataExchange will use to authenticate to peers - tlsSecret: - enabled: true - name: "" - - # Configures whether or not to generate a mTLS certificate for peer-to-peer communications - # using cert-manager's Certificate resource, recommended - certificate: - enabled: false - issuerRef: {} - # name: internal-ca - # kind: ClusterIssuer - - extraEnv: [] - # - name: LOG_LEVEL - # value: DEBUG - - image: - repository: ghcr.io/hyperledger/firefly-dataexchange-https - pullPolicy: Always - tag: v0.9.3 - - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - - podAnnotations: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - apiPort: 5000 - p2pPort: 5001 - - # The Ingress templated will only expose the HTTPS DataExchange P2P endpoint, as its API will only need to be accessible to FireFly - # NOTE: TLS is not templatable for the Ingress since it is provided as part of the mTLS certificate above. TLS passthrough - # must be enabled for the Ingress in order for mTLS to work, make sure to set the appropriate annotation for your - # respective Ingress controller. See below for an example of the passthrough annotation for ingress-nginx. - ingress: - enabled: false - className: "" - annotations: {} - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - hosts: - - host: chart-example.local - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - persistentVolumes: - # split into two mounts: /data/peers and /data/peer-certs - peers: - accessModes: - - ReadWriteOnce - annotations: {} - size: 1Gi - storageClass: "" - blobs: - enabled: true - accessModes: - - ReadWriteOnce - annotations: {} - subPath: "" - size: 2Gi - storageClass: "" diff --git a/deploy/manifests/tls-issuers.yaml b/deploy/manifests/tls-issuers.yaml deleted file mode 100644 index c0c3f8899d..0000000000 --- a/deploy/manifests/tls-issuers.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: selfsigned-ca -spec: - issuerRef: - name: selfsigned - kind: ClusterIssuer - isCA: true - secretName: selfsigned-ca-tls - commonName: selfsigned-ca ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-ca -spec: - ca: - secretName: selfsigned-ca-tls diff --git a/images/helm_chart_deployment_architecture.jpg b/images/helm_chart_deployment_architecture.jpg deleted file mode 100644 index da8b2bd53c..0000000000 Binary files a/images/helm_chart_deployment_architecture.jpg and /dev/null differ