feat(helm): add init container configuration hooks

Author: roderik

AGENTS.md

@@ -8,6 +8,10 @@ The TypeScript sources live in `src/`. CLI flows under `src/cli/` orchestrate pr
 
 Install dependencies with `bun install`. Use `bun run src/index.ts` to execute the bootstrapper locally. Run the full test suite with `bun test`. Type safety is enforced by `bun run typecheck`, and formatting plus lint rules are auto-fixed with `bun run check:fix` (Biome). Combine these commands before pushing to catch regressions early.
 
+## Documentation
+
+Regenerate Helm chart documentation with `helm-docs` (`bun run docs:helm`) after modifying any values or templates so every README stays in helm-docs format. When editing `values.yaml`, ensure each key has a helm-docs compatible comment block (`# -- description`) including type hints or context so autogenerated tables stay complete.
+
 ## Coding Style & Naming Conventions
 
 We write modern ESM TypeScript with strict compiler options. Keep indentation at two spaces and favor `const` over `let`. Module files follow kebab-case (for example, `build-command.ts`), functions and variables use camelCase, and classes use PascalCase. Rely on Biome defaults; do not disable rules unless you add justification. Avoid `console` noise in committed code—prefer structured logging through existing helpers.

charts/network/charts/network-bootstrapper/README.md

@@ -20,6 +20,7 @@ A Helm chart for Kubernetes
 | image.repository | string | `"ghcr.io/settlemint/network-bootstrapper"` | OCI registry path hosting the network bootstrapper image. |
 | image.tag | string | `""` | Image tag override; leave empty to inherit the chart appVersion. |
 | imagePullSecrets | list | `[]` | Image pull secrets enabling access to private registries. |
+| initContainers | list|string | `[]` | Init containers executed before the bootstrapper container starts. |
 | nameOverride | string | `""` | Override for the short release name used by name templates. |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |

charts/network/charts/network-bootstrapper/templates/job.yaml

@@ -29,6 +29,14 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+{{- if kindIs "string" . -}}
+{{ tpl . $ | nindent 8 }}
+{{- else -}}
+{{ tpl (toYaml .) $ | nindent 8 }}
+{{- end }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           {{- with .Values.securityContext }}

charts/network/charts/network-bootstrapper/values.yaml

@@ -53,6 +53,37 @@ securityContext:
   # runAsNonRoot: true
   # runAsUser: 1000
 
+# -- (list|string) Init containers executed before the bootstrapper container starts.
+initContainers: []
+# - name: wait-for-genesis
+#   image: busybox:1.36
+#   imagePullPolicy: IfNotPresent
+#   command:
+#     - sh
+#     - -c
+#   args:
+#     - >-
+#       until nc -z ${STATIC_NODE_HOST:?} ${STATIC_NODE_PORT:?}; do echo "waiting for nodes"; sleep 2; done
+#   env:
+#     - name: STATIC_NODE_HOST
+#       value: besu-node-validator-0.besu-node-validator
+#     - name: STATIC_NODE_PORT
+#       value: "30303"
+#   envFrom:
+#     - secretRef:
+#         name: bootstrapper-env
+#   volumeMounts:
+#     - name: config
+#       mountPath: /config
+#   resources:
+#     requests:
+#       cpu: 50m
+#       memory: 64Mi
+#   securityContext: {}
+#   workingDir: /config
+#   stdin: false
+#   tty: false
+
 # CPU and memory requests or limits for the bootstrapper container.
 resources:
   {}

charts/network/charts/network-nodes/README.md

@@ -77,6 +77,9 @@ A Helm chart for Kubernetes
 | ingress.enabled | bool | `false` | Enable creation of an Ingress resource. |
 | ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Hostname and path routing rules for the Ingress. |
 | ingress.tls | list | `[]` | TLS configuration for Ingress hosts. |
+| initContainers.rpc | list|string | `[]` | Additional init containers exclusively for RPC pods. |
+| initContainers.shared | list|string | `[]` | Init containers applied to both validator and RPC pods. |
+| initContainers.validator | list|string | `[]` | Additional init containers exclusively for validator pods. |
 | livenessProbe.failureThreshold | int | `3` | Consecutive failures required before the container is restarted. |
 | livenessProbe.httpGet.path | string | `"/liveness"` | HTTP path used for liveness probing. |
 | livenessProbe.httpGet.port | string|int | `"json-rpc"` | Target container port serving the liveness endpoint. |

charts/network/charts/network-nodes/templates/_helpers.tpl

@@ -60,3 +60,20 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Render init container specifications provided via values.
+Accepts either a YAML string or a list of init container maps and indents output appropriately.
+*/}}
+{{- define "nodes.renderInitContainers" -}}
+{{- $ctx := .context -}}
+{{- $containers := .containers -}}
+{{- $indent := .indent | default 2 -}}
+{{- if $containers }}
+  {{- if kindIs "string" $containers -}}
+{{ tpl $containers $ctx | nindent $indent }}
+  {{- else -}}
+{{ tpl (toYaml $containers) $ctx | nindent $indent }}
+  {{- end -}}
+{{- end -}}
+{{- end }}

charts/network/charts/network-nodes/templates/statefulset-rpc.yaml

@@ -28,6 +28,9 @@ spec:
   {{- $privateKeyFilename := default "privateKey" .Values.config.privateKeyFilename }}
   {{- $shouldMountPersistence := $persistenceEnabled }}
   {{- $rpcReplicaBudget := .Values.rpcReplicaCount | int }}
+  {{- $initContainers := .Values.initContainers | default (dict) }}
+  {{- $sharedInitContainers := get $initContainers "shared" }}
+  {{- $rpcInitContainers := get $initContainers "rpc" }}
   podManagementPolicy: Parallel
   replicas: {{ .Values.rpcReplicaCount }}
   serviceName: {{ include "nodes.fullname" . }}-rpc
@@ -66,6 +69,11 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if or $sharedInitContainers $rpcInitContainers }}
+      initContainers:
+{{- include "nodes.renderInitContainers" (dict "context" $root "containers" $sharedInitContainers "indent" 8) }}
+{{- include "nodes.renderInitContainers" (dict "context" $root "containers" $rpcInitContainers "indent" 8) }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           env:

charts/network/charts/network-nodes/templates/statefulset-validator.yaml

@@ -28,6 +28,9 @@ spec:
   {{- $privateKeyFilename := default "privateKey" .Values.config.privateKeyFilename }}
   {{- $shouldMountPersistence := $persistenceEnabled }}
   {{- $validatorReplicaBudget := .Values.validatorReplicaCount | int }}
+  {{- $initContainers := .Values.initContainers | default (dict) }}
+  {{- $sharedInitContainers := get $initContainers "shared" }}
+  {{- $validatorInitContainers := get $initContainers "validator" }}
   replicas: {{ .Values.validatorReplicaCount }}
   serviceName: {{ include "nodes.fullname" . }}
   {{- if and $useClaimTemplate (or (ne $whenDeleted "") (ne $whenScaled "")) }}
@@ -65,6 +68,11 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if or $sharedInitContainers $validatorInitContainers }}
+      initContainers:
+{{- include "nodes.renderInitContainers" (dict "context" $root "containers" $sharedInitContainers "indent" 8) }}
+{{- include "nodes.renderInitContainers" (dict "context" $root "containers" $validatorInitContainers "indent" 8) }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           env:

charts/network/charts/network-nodes/values.yaml

@@ -408,6 +408,64 @@ volumeMounts: []
 #   mountPath: "/etc/foo"
 #   readOnly: true
 
+# Init containers executed before Besu containers start.
+initContainers:
+  # -- (list|string) Init containers applied to both validator and RPC pods.
+  shared: []
+  # - name: install-plugins
+  #   image: busybox:1.36
+  #   command:
+  #     - sh
+  #     - -c
+  #   args:
+  #     - >-
+  #       cp /extensions/*.jar /data/plugins && chmod 644 /data/plugins/*.jar
+  #   env:
+  #     - name: BESU_LOG
+  #       value: DEBUG
+  #   envFrom:
+  #     - configMapRef:
+  #         name: besu-env
+  #   volumeMounts:
+  #     - name: data
+  #       mountPath: /data
+  #   resources:
+  #     requests:
+  #       cpu: 75m
+  #       memory: 128Mi
+  #   securityContext:
+  #     runAsNonRoot: true
+  #   workingDir: /work
+  #   stdin: false
+  #   tty: false
+  # -- (list|string) Additional init containers exclusively for validator pods.
+  validator: []
+  # - name: wait-for-bootstrapper
+  #   image: busybox:1.36
+  #   command:
+  #     - sh
+  #     - -c
+  #   args:
+  #     - >-
+  #       until nslookup bootstrapper.{{ .Release.Namespace }}.svc.cluster.local; do echo "waiting"; sleep 3; done
+  #   resources:
+  #     limits:
+  #       cpu: 25m
+  #       memory: 32Mi
+  # -- (list|string) Additional init containers exclusively for RPC pods.
+  rpc: []
+  # - name: warm-cache
+  #   image: curlimages/curl:8.10.1
+  #   command:
+  #     - sh
+  #     - -c
+  #   args:
+  #     - curl -sf http://metadata/config && echo "cache primed"
+  #   resources:
+  #     requests:
+  #       cpu: 25m
+  #       memory: 32Mi
+
 # Node selector constraints influencing where Besu pods can schedule.
 nodeSelector: {}