Merge pull request #430 from LF-Decentralized-Trust-labs/operator-config

Enhancements to Operator Configuration and Installation Options

.github/workflows/build-chart.yaml

@@ -0,0 +1,61 @@
+name: Operator Build
+
+on:
+  workflow_call:
+
+jobs:
+  operator-build:
+    runs-on: ubuntu-latest
+    env:
+      CLUSTER_NAME: paladin
+      NAMESPACE: paladin
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: Install pre-requisites
+        uses: ./.github/actions/setup
+
+      - name: Install Kind
+        uses: helm/kind-action@v1
+        with:
+          install_only: true # only install kind, the cluster creation is managed by the deploy step
+          ignore_failed_clean: true
+
+      - name: Download docker artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp # download all docker images to /tmp
+          pattern: paladin-*
+          merge-multiple: true
+
+      - name: Load image
+        run: |
+          docker load --input /tmp/paladin-operator-${{ github.sha }}.tar
+          docker load --input /tmp/paladin-${{ github.sha }}.tar
+          docker image ls -a  
+      
+      # The makefile uses kustomize
+      - uses: imranismail/setup-kustomize@v2
+
+      - name: Deploy Operator
+        run: |
+          ./gradlew deploy \
+            -PclusterName=${{ env.CLUSTER_NAME }} \
+            -Pnamespace=${{ env.NAMESPACE }} \
+            -PbuildOperator=false \
+            -PbuildPaladin=false \
+            -PoperatorImageName=paladin.io/paladin-operator \
+            -PoperatorImageTag=test \
+            -PpaladinImageName=paladin.io/paladin \
+            -PpaladinImageTag=test 
+
+      - name: Uninstall Operator
+        run: |
+          ./gradlew clean \
+            -PclusterName=${{ env.CLUSTER_NAME }} \
+            -Pnamespace=${{ env.NAMESPACE }} \
+            -PdeleteCluster=true

.github/workflows/build-image.yaml

@@ -106,3 +106,11 @@ jobs:
             tag=${{ steps.build_tag_generator.outputs.BUILD_TAG }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          outputs: type=docker,dest=/tmp/${{ inputs.image }}-${{ github.sha }}.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.image }}-${{ github.sha }}
+          path: /tmp/${{ inputs.image }}-${{ github.sha }}.tar
+          retention-days: 1

.github/workflows/paladin-PR-build.yml

@@ -13,7 +13,6 @@ on:
   pull_request:
     paths-ignore:
       - '**.md'
-      - 'operator/charts/**'
   workflow_dispatch:
 
 # Ensure this workflow only runs for the most recent commit of a pull-request
@@ -73,6 +72,12 @@ jobs:
         platforms: linux/amd64
         runs-on: ubuntu-latest
 
+  chart-build:
+    # run only if pull_request and the path operator/** was changed
+    if: github.event_name == 'pull_request'
+    needs: [core-image-build, operator-image-build]
+    uses: ./.github/workflows/build-chart.yaml
+
   image-release:
     # run only on pushes to main or manual triggers
     if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'

operator/Makefile

@@ -1,11 +1,11 @@
 CLUSTER_NAME ?= paladin
 NAMESPACE ?= default
 
-OPERATOR_IMG_NAME ?= paladin-operator
-OPERATOR_IMG_TAG ?= test
-OPERATOR_IMG ?= ${OPERATOR_IMG_NAME}:${OPERATOR_IMG_TAG}
-PALADIN_IMG_NAME ?= paladin
-PALADIN_IMG_TAG ?= test 
+OPERATOR_IMAGE_NAME ?= paladin-operator
+OPERATOR_IMAGE_TAG ?= test
+OPERATOR_IMG ?= ${OPERATOR_IMAGE_NAME}:${OPERATOR_IMAGE_TAG}
+PALADIN_IMAGE_NAME ?= paladin
+PALADIN_IMAGE_TAG ?= test 
 
 # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
 USE_IMAGE_DIGESTS ?= false
@@ -112,7 +112,7 @@ kind-start:	## Create a Kind cluster.
 kind-promote: kind-start ## Load Docker images into Kind cluster.
 	echo "Loading images into Kind cluster..."
 	$(KIND_CLUSTER) load docker-image ${OPERATOR_IMG} --name "${CLUSTER_NAME}"
-	$(KIND_CLUSTER) load docker-image ${PALADIN_IMG_NAME}:${PALADIN_IMG_TAG}  --name "${CLUSTER_NAME}"
+	$(KIND_CLUSTER) load docker-image ${PALADIN_IMAGE_NAME}:${PALADIN_IMAGE_TAG}  --name "${CLUSTER_NAME}"
 
 .PHONY: kind-delete
 kind-delete: ## Delete the Kind cluster.
@@ -205,11 +205,11 @@ helm-install: helm-install-dependencies ## Install operator using Helm.
 	$(HELM) upgrade --install ${CHART_NAME_OPERATOR} ${CHART_PATH_OPERATOR} \
 		-n ${NAMESPACE} --create-namespace \
 		--set operator.namespace=${NAMESPACE} \
-		--set operator.image.repository=${OPERATOR_IMG_NAME} \
+		--set operator.image.repository=${OPERATOR_IMAGE_NAME} \
 		--set operator.image.pullPolicy=IfNotPresent \
-		--set operator.image.tag=${OPERATOR_IMG_TAG} \
-		--set paladin.image.repository=${PALADIN_IMG_NAME} \
-		--set paladin.image.tag=${PALADIN_IMG_TAG} \
+		--set operator.image.tag=${OPERATOR_IMAGE_TAG} \
+		--set paladin.image.repository=${PALADIN_IMAGE_NAME} \
+		--set paladin.image.tag=${PALADIN_IMAGE_TAG} \
 		--set paladin.image.pullPolicy=IfNotPresent \
 		--set prometheus.enabled=false
 

operator/build.gradle

@@ -56,6 +56,11 @@ ext {
     deleteCluster = project.hasProperty('deleteCluster') ? project.deleteCluster.toBoolean() : false // By default, do not delete the cluster
     buildPaladin = project.hasProperty('buildPaladin') ? project.buildPaladin == 'true' : true // Default is to build Paladin
     buildOperator = project.hasProperty('buildOperator') ? project.buildOperator == 'true' : true // Default is to build the operator
+
+    operatorImageName = project.hasProperty('operatorImageName') ? project.operatorImageName : 'paladin-operator'
+    operatorImageTag = project.hasProperty('operatorImageTag') ? project.operatorImageTag : 'test'
+    paladinImageName = project.hasProperty('paladinImageName') ? project.paladinImageName : 'paladin'
+    paladinImageTag = project.hasProperty('paladinImageTag') ? project.paladinImageTag : 'test'
 }
 
 def printClusterStatus(String namespace) {
@@ -177,6 +182,10 @@ task promoteKindImages(type: Exec, dependsOn: [
     executable 'make'
     args 'kind-promote'
     args "CLUSTER_NAME=${clusterName}"
+    args "OPERATOR_IMAGE_NAME=${operatorImageName}"
+    args "OPERATOR_IMAGE_TAG=${operatorImageTag}"
+    args "PALADIN_IMAGE_NAME=${paladinImageName}"
+    args "PALADIN_IMAGE_TAG=${paladinImageTag}"
 }
 
 task prepareCRDsChart(type: Exec) {
@@ -199,6 +208,10 @@ task installOperator(type: Exec, dependsOn: [installCrds, promoteKindImages, pre
     executable 'make'
     args 'helm-install'
     args "NAMESPACE=${namespace}"
+    args "OPERATOR_IMAGE_NAME=${operatorImageName}"
+    args "OPERATOR_IMAGE_TAG=${operatorImageTag}"
+    args "PALADIN_IMAGE_NAME=${paladinImageName}"
+    args "PALADIN_IMAGE_TAG=${paladinImageTag}"
 }
 
 

operator/charts/paladin-operator/assets/config.json

@@ -2,19 +2,30 @@
   "paladin": {
     "image": "{{ .Values.paladin.image.repository }}:{{ .Values.paladin.image.tag }}",
     "imagePullPolicy": "{{ .Values.paladin.image.pullPolicy }}",
-    "labels": {
-      "app": "paladin"
-    }
+    "labels": {{ toJson .Values.paladin.labels }},
+    "annotations": {{ toJson .Values.paladin.annotations }},
+    "envs": {{ toJson .Values.paladin.envs }},
+    "tolerations": {{ toJson .Values.paladin.tolerations }},
+    "affinity": {{ toJson .Values.paladin.affinity }},
+    "nodeSelector": {{ toJson .Values.paladin.nodeSelector }},
+    "securityContext": {{ toJson .Values.paladin.securityContext }}
   },
   "besu": {
     "image": "{{ .Values.besu.image.repository }}:{{ .Values.besu.image.tag }}",
     "imagePullPolicy": "{{ .Values.besu.image.pullPolicy }}",
-    "labels": {
-      "app": "besu"
-    }
+    "labels": {{ toJson .Values.besu.labels }},
+    "annotations": {{ toJson .Values.besu.annotations }},
+    "envs": {{ toJson .Values.besu.envs }},
+    "tolerations": {{ toJson .Values.besu.tolerations }},
+    "affinity": {{ toJson .Values.besu.affinity }},
+    "nodeSelector": {{ toJson .Values.besu.nodeSelector }},
+    "securityContext": {{ toJson .Values.besu.securityContext }}
   },
   "postgres": {
     "image": "{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}",
-    "imagePullPolicy": "{{ .Values.postgres.image.pullPolicy }}"
+    "imagePullPolicy": "{{ .Values.postgres.image.pullPolicy }}",
+    "labels": {{ toJson .Values.postgres.labels }},
+    "annotations": {{ toJson .Values.postgres.annotations }},
+    "envs": {{ toJson .Values.postgres.envs }}
   }
 }

operator/charts/paladin-operator/values.yaml

@@ -1,16 +1,17 @@
-
-
-# Install CRDs as part of the chart installation
-# When this is set to false, the CRDs are expected to be installed separately
-installCRDs: false
+# Installation mode. This setting determines which Custom Resources (CRs) will be installed by default when deploying this chart.
+# Supported modes:
+# - devnet: Installs a default Paladin network (3 nodes) along with the related Smart Contracts.
+# - smartcontractdeployment: Deploys the Smart Contracts without installing the Paladin network.
+# - none (or left empty): Only the operator will be installed.
+mode: devnet
 
 # Default values for paladin-operator
 operator:
   name: paladin-operator
   namespace: paladin
   image:
-    repository: kaleidoinc/paladin-operator
-    tag: release
+    repository: ghcr.io/lf-decentralized-trust-labs/paladin-operator
+    tag: main
     pullPolicy: Always
 
   serviceAccount:
@@ -90,16 +91,25 @@ prometheus:
 
 paladin:
   image:
-    repository: kaleidoinc/paladin
-    tag: release
+    repository: ghcr.io/lf-decentralized-trust-labs/paladin
+    tag: main
     pullPolicy: Always
+  labels:
+    app: paladin
+
 besu:
   image:
     repository: hyperledger/besu
     tag: latest
     pullPolicy: Always
-postgres:
+  labels:
+    app: besu
+postgres: # the postgres container runs as a sidecar to the paladin container
   image:
     repository: postgres
     tag: latest
-    pullPolicy: Always
+    pullPolicy: Always
+
+# Install CRDs as part of the chart installation
+# When this is set to false, the CRDs are expected to be installed separately
+installCRDs: false

operator/contractpkg/main.go

@@ -257,6 +257,27 @@ func template() error {
 		// Perform the regex replacement
 		newContent := pattern.ReplaceAllString(string(content), "{{ `{{${1}}}` }}")
 
+		// Add conditional wrapper around the content
+		conditions := []string{"(eq .Values.mode \"devnet\")"}
+
+		if strings.Contains(file, "smartcontractdeployment") {
+			// Include additional condition if file contains "smartcontractdeployment"
+			conditions = append(conditions, "(eq .Values.mode \"smartcontractdeployment\")")
+		}
+
+		// Build the condition string for the template
+		var condition string
+		if len(conditions) == 1 {
+			// Single condition doesn't need 'or'
+			condition = conditions[0]
+		} else {
+			// Multiple conditions use 'or' to combine them
+			condition = fmt.Sprintf("(or %s)", strings.Join(conditions, " "))
+		}
+
+		// Wrap newContent with the conditional template
+		newContent = fmt.Sprintf("{{- if %s }}\n\n%s\n{{- end }}", condition, newContent)
+
 		// Write the modified content back to the same file
 		err = os.WriteFile(file, []byte(newContent), fs.FileMode(0644))
 		if err != nil {

operator/gitops/flux/README.md

@@ -0,0 +1,11 @@
+# Install paladin operator using flux
+
+## Install the cert-manager
+```
+kubectl apply -f cert-manager.yaml
+```
+
+## Install paladin operator
+```
+kubectl apply -f paladin-operator.yaml
+```

operator/gitops/flux/cert-manager.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: https://charts.jetstack.io
+
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.16.1"
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager
+        namespace: cert-manager
+      interval: 12h
+  values:
+    installCRDs: true