feat(helm): support external artifact sourcing

Author: roderik

charts/network/charts/network-bootstrapper/README.md

@@ -15,6 +15,13 @@ A Helm chart for Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
+| artifacts.external.faucet.address | string | `""` | Faucet account address stored in the `besu-faucet-address` ConfigMap when `source` equals `external`. |
+| artifacts.external.faucet.privateKey | string | `""` | Faucet private key stored in the `besu-faucet-private-key` Secret when `source` equals `external`. |
+| artifacts.external.faucet.publicKey | string | `""` | Faucet account public key stored in the `besu-faucet-pubkey` ConfigMap when `source` equals `external`. |
+| artifacts.external.genesis | object | `{}` | Besu genesis document rendered into the `besu-genesis` ConfigMap when `source` equals `external`. |
+| artifacts.external.staticNodes | list | `[]` | Collection of enode URIs persisted to the `besu-static-nodes` ConfigMap when `source` equals `external`. |
+| artifacts.external.validators | list | `[]` | Validator node definitions providing the data expected by the nodes chart. Each entry must include `address`, `publicKey`, `privateKey`, and `enode`. |
+| artifacts.source | string | `"generated"` | Determines how Besu network artifacts are populated. Use `generated` to run the job or `external` to supply values manually. |
 | fullnameOverride | string | `"bootstrapper"` | Override for the fully qualified resource name generated by helpers. |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy controlling when Kubernetes fetches updated image layers. |
 | image.repository | string | `"ghcr.io/settlemint/network-bootstrapper"` | OCI registry path hosting the network bootstrapper image. |

charts/network/charts/network-bootstrapper/templates/external-artifacts.yaml

@@ -0,0 +1,123 @@
+{{- $artifactSource := default "generated" .Values.artifacts.source -}}
+{{- if eq $artifactSource "external" }}
+{{- $root := . -}}
+{{- $external := .Values.artifacts.external | default (dict) -}}
+{{- $genesis := get $external "genesis" -}}
+{{- $staticNodes := get $external "staticNodes" -}}
+{{- $validators := get $external "validators" -}}
+{{- $faucet := get $external "faucet" -}}
+{{- $validatorCount := len $validators -}}
+{{- if not $genesis }}{{ fail "artifacts.external.genesis must be provided when artifacts.source is 'external'." }}{{- end }}
+{{- if not $staticNodes }}{{ fail "artifacts.external.staticNodes must include at least one enode when artifacts.source is 'external'." }}{{- end }}
+{{- if not $validators }}{{ fail "artifacts.external.validators must include at least one entry when artifacts.source is 'external'." }}{{- end }}
+{{- if not ($faucet.address) }}{{ fail "artifacts.external.faucet.address must be set when artifacts.source is 'external'." }}{{- end }}
+{{- if not ($faucet.publicKey) }}{{ fail "artifacts.external.faucet.publicKey must be set when artifacts.source is 'external'." }}{{- end }}
+{{- if not ($faucet.privateKey) }}{{ fail "artifacts.external.faucet.privateKey must be set when artifacts.source is 'external'." }}{{- end }}
+{{- $globalValues := default (dict) .Values.global -}}
+{{- $globalReplicaCount := -1 -}}
+{{- if and (kindIs "map" $globalValues) (hasKey $globalValues "network") -}}
+  {{- $networkGlobal := index $globalValues "network" -}}
+  {{- if and (kindIs "map" $networkGlobal) (hasKey $networkGlobal "validatorReplicaCount") -}}
+    {{- $globalReplicaCount = (index $networkGlobal "validatorReplicaCount" | int) -}}
+  {{- end -}}
+{{- end -}}
+{{- if and (eq $globalReplicaCount -1) (kindIs "map" $globalValues) (hasKey $globalValues "validatorReplicaCount") -}}
+  {{- $globalReplicaCount = (index $globalValues "validatorReplicaCount" | int) -}}
+{{- end -}}
+{{- if eq $globalReplicaCount -1 -}}
+  {{- fail (printf "artifacts.external.validators has %d entries. Set global.validatorReplicaCount (or global.network.validatorReplicaCount) to this value and align network-nodes.validatorReplicaCount." $validatorCount) -}}
+{{- end -}}
+{{- if ne $globalReplicaCount $validatorCount -}}
+  {{- fail (printf "artifacts.external.validators has %d entries but the configured validator replica count is %d. Update global.validatorReplicaCount (or global.network.validatorReplicaCount) and network-nodes.validatorReplicaCount to match." $validatorCount $globalReplicaCount) -}}
+{{- end -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: besu-genesis
+  labels:
+    {{- include "network-bootstrapper.labels" . | nindent 4 }}
+data:
+  genesis.json: |-
+{{ toPrettyJson $genesis | indent 4 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: besu-static-nodes
+  labels:
+    {{- include "network-bootstrapper.labels" . | nindent 4 }}
+data:
+  static-nodes.json: |-
+{{ toPrettyJson $staticNodes | indent 4 }}
+{{- range $index, $validator := $validators }}
+{{- $requiredAddress := required (printf "artifacts.external.validators[%d].address must be set." $index) $validator.address }}
+{{- $requiredPublicKey := required (printf "artifacts.external.validators[%d].publicKey must be set." $index) $validator.publicKey }}
+{{- $requiredPrivateKey := required (printf "artifacts.external.validators[%d].privateKey must be set." $index) $validator.privateKey }}
+{{- $requiredEnode := required (printf "artifacts.external.validators[%d].enode must be set." $index) $validator.enode }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "besu-node-validator-%d-address" $index }}
+  labels:
+    {{- include "network-bootstrapper.labels" $root | nindent 4 }}
+data:
+  address: {{ $requiredAddress | quote }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "besu-node-validator-%d-enode" $index }}
+  labels:
+    {{- include "network-bootstrapper.labels" $root | nindent 4 }}
+data:
+  enode: {{ $requiredEnode | quote }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "besu-node-validator-%d-pubkey" $index }}
+  labels:
+    {{- include "network-bootstrapper.labels" $root | nindent 4 }}
+data:
+  publicKey: {{ $requiredPublicKey | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "besu-node-validator-%d-private-key" $index }}
+  labels:
+    {{- include "network-bootstrapper.labels" $root | nindent 4 }}
+type: Opaque
+stringData:
+  privateKey: {{ $requiredPrivateKey | quote }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: besu-faucet-address
+  labels:
+    {{- include "network-bootstrapper.labels" . | nindent 4 }}
+data:
+  address: {{ $faucet.address | quote }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: besu-faucet-pubkey
+  labels:
+    {{- include "network-bootstrapper.labels" . | nindent 4 }}
+data:
+  publicKey: {{ $faucet.publicKey | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: besu-faucet-private-key
+  labels:
+    {{- include "network-bootstrapper.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  privateKey: {{ $faucet.privateKey | quote }}
+{{- end }}

charts/network/charts/network-bootstrapper/templates/job.yaml

@@ -1,3 +1,5 @@
+{{- $artifactSource := default "generated" .Values.artifacts.source -}}
+{{- if eq $artifactSource "generated" }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -106,3 +108,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+{{- end }}

charts/network/charts/network-bootstrapper/values.yaml

@@ -121,3 +121,22 @@ settings:
   evmStackSize:
   # -- (int) Maximum smart-contract bytecode size accepted by the EVM.
   contractSizeLimit:
+
+# Artifact sourcing controls for bootstrap data used by the nodes chart.
+artifacts:
+  # -- (string) Determines how Besu network artifacts are populated. Use `generated` to run the job or `external` to supply values manually.
+  source: generated
+  external:
+    # -- (object) Besu genesis document rendered into the `besu-genesis` ConfigMap when `source` equals `external`.
+    genesis: {}
+    # -- (list) Collection of enode URIs persisted to the `besu-static-nodes` ConfigMap when `source` equals `external`.
+    staticNodes: []
+    # -- (list) Validator node definitions providing the data expected by the nodes chart. Each entry must include `address`, `publicKey`, `privateKey`, and `enode`.
+    validators: []
+    faucet:
+      # -- (string) Faucet account address stored in the `besu-faucet-address` ConfigMap when `source` equals `external`.
+      address: ""
+      # -- (string) Faucet account public key stored in the `besu-faucet-pubkey` ConfigMap when `source` equals `external`.
+      publicKey: ""
+      # -- (string) Faucet private key stored in the `besu-faucet-private-key` Secret when `source` equals `external`.
+      privateKey: ""

charts/network/charts/network-nodes/README.md

@@ -135,6 +135,6 @@ A Helm chart for Kubernetes
 | serviceAccount.create | bool | `true` | Create a ServiceAccount resource automatically for the release. |
 | serviceAccount.name | string | `""` | Existing ServiceAccount name to reuse when creation is disabled. |
 | tolerations | list | `[]` | Tolerations allowing pods to run on nodes with matching taints. |
-| validatorReplicaCount | int | `4` | Number of validator node replicas participating in consensus. |
+| validatorReplicaCount | int | `nil` | Number of validator node replicas participating in consensus. Leave unset to derive from global.validatorReplicaCount. |
 | volumeMounts | list | `[]` | Additional volume mounts applied to Besu containers. |
 | volumes | list | `[]` | Extra volumes attached to Besu pods for custom configuration or secrets. |

charts/network/charts/network-nodes/templates/_helpers.tpl

@@ -60,3 +60,29 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Resolve the number of validator replicas, falling back to global overrides when provided.
+*/}}
+{{- define "nodes.validatorReplicaCount" -}}
+{{- $explicit := .Values.validatorReplicaCount -}}
+{{- if not (empty $explicit) -}}
+{{- $explicit | int -}}
+{{- else -}}
+{{- $global := default (dict) .Values.global -}}
+{{- $networkGlobal := dict -}}
+{{- if and (kindIs "map" $global) (hasKey $global "network") -}}
+  {{- $networkCandidate := index $global "network" -}}
+  {{- if kindIs "map" $networkCandidate -}}
+    {{- $networkGlobal = $networkCandidate -}}
+  {{- end -}}
+{{- end -}}
+{{- if and (kindIs "map" $networkGlobal) (hasKey $networkGlobal "validatorReplicaCount") -}}
+{{- (index $networkGlobal "validatorReplicaCount") | int -}}
+{{- else if and (kindIs "map" $global) (hasKey $global "validatorReplicaCount") -}}
+{{- (index $global "validatorReplicaCount") | int -}}
+{{- else -}}
+4
+{{- end -}}
+{{- end -}}
+{{- end }}

charts/network/charts/network-nodes/templates/statefulset-validator.yaml

@@ -27,8 +27,8 @@ spec:
   {{- $useClaimTemplate := and $persistenceEnabled (not $useExistingClaim) }}
   {{- $privateKeyFilename := default "privateKey" .Values.config.privateKeyFilename }}
   {{- $shouldMountPersistence := $persistenceEnabled }}
-  {{- $validatorReplicaBudget := .Values.validatorReplicaCount | int }}
-  replicas: {{ .Values.validatorReplicaCount }}
+  {{- $validatorReplicaBudget := (include "nodes.validatorReplicaCount" . | int) }}
+  replicas: {{ $validatorReplicaBudget }}
   serviceName: {{ include "nodes.fullname" . }}
   {{- if and $useClaimTemplate (or (ne $whenDeleted "") (ne $whenScaled "")) }}
   persistentVolumeClaimRetentionPolicy:

charts/network/charts/network-nodes/values.yaml

@@ -3,8 +3,8 @@
 # -- (int) Number of RPC node replicas provisioned via StatefulSet.
 rpcReplicaCount: 2
 
-# -- (int) Number of validator node replicas participating in consensus.
-validatorReplicaCount: 4
+# -- (int) Number of validator node replicas participating in consensus. Leave unset to derive from global.validatorReplicaCount.
+validatorReplicaCount:
 
 # Container image configuration shared by validator and RPC pods.
 image: