Merge pull request #2 from 0xff-dev/main

feat: deploy fabirc-operator by helm

Author: bjwswang

.github/workflows/e2e.yaml

@@ -0,0 +1,23 @@
+name: "installer e2e"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  suite: 
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Kind
+      run: |
+        make kind
+    - name: Install
+      run: |
+        make e2e

Makefile

@@ -0,0 +1,8 @@
+
+kind:
+	./scripts/kind.sh
+
+unkind:
+	kind delete cluster -nkind
+e2e:
+	./scripts/e2e.sh

README.md

@@ -1,14 +1,41 @@
 Here is the steps about how to install bestchains BaaS platform
 
-## 1. Install u4a-component
+# Installer
+## Prerequisites
+
+- [Install Docker](https://docs.docker.com/engine/install/)
+- [Install kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+- [Install Helm](https://helm.sh/docs/intro/install/)
+- [Install kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+- Get source code
+  ```shell
+  $ git clone https://github.com/bestchains/installer.git;
+  ```
+
+## Quick Start
+
+  Create a k8s cluster via kind and deploy the cluster component, u4a component and baas component.
+
+```shell
+# if  you don't have a k8s cluster, it will create a k8s cluster by kind
+make kind
+
+# it will install cluster components, u4a-components and baas components
+make e2e
+```
+
+## Manual deployment
+
+### 1. Install u4a-component
 For the 1st step, we'll install u4a-component and it'll provide the account, authentication, authorization and audit funcationality built on Kubernetes. And it has the capability to add more features following the guide later.
 
 And then we'll deploy BaaS on top of it, and use OIDC token for SSO between u4a and baas component.
 
-### Install cluster tools
+#### 1.1 Install cluster tools
+
 Before deploy u4a, we should add some tools for later usage. Enter into u4a-component folder and following the step below:
 
-* This step will install a ingress nginx controller with ingressclass named 'u4a-component-ingress' and cert-manager for certificate management.
+* This step will install a ingress nginx controller with ingressclass named 'portal-ingress' and cert-manager for certificate management.
 
 ```
 # 1. create a namespace to install u4a-component
@@ -35,7 +62,7 @@ cert-manager-cainjector-64685f8d48-qg69v                      1/1     Running
 cert-manager-webhook-5c46d68c6b-f4dkh                         1/1     Running   0          76m
 cluster-component-ingress-nginx-controller-5bd67897dd-5m9n7   1/1     Running   0          76m
 ```
-### Install u4a services
+#### 1.2 Install u4a services
 Enter into u4a-component folder and following the step below:
 
 This step will install the following services:
@@ -51,59 +78,108 @@ This step will install the following services:
 * you should also update the image address if you're using a private registry
 
 2. Install u4a component using helm
-```
-# run helm install
-$ helm install --wait u4a-component -n u4a-system .
 
-# wait for all pods to be ready
-$ kubectl get pod -n u4a-system
-NAME                                                          READY   STATUS    RESTARTS   AGE
-bff-server-6c9b4b97f5-gqrx6                                   1/1     Running   0          45m
-capsule-controller-manager-6cf656b98c-sjm5n                   1/1     Running   0          66m
-cert-manager-756fd78bff-wb2vh                                 1/1     Running   0          76m
-cert-manager-cainjector-64685f8d48-qg69v                      1/1     Running   0          76m
-cert-manager-webhook-5c46d68c6b-f4dkh                         1/1     Running   0          76m
-cluster-component-ingress-nginx-controller-5bd67897dd-5m9n7   1/1     Running   0          76m
-kube-oidc-proxy-5f4598c77c-fzl5q                              1/1     Running   0          65m
-oidc-server-85db495594-k6pkt                                  2/2     Running   0          65m
-resource-view-controller-76d8c79cf-smkj5                      1/1     Running   0          66m
-```
+    ```
+    # run helm install
+    $ helm install --wait u4a-component -n u4a-system .
+
+    # wait for all pods to be ready
+    $ kubectl get pod -n u4a-system
+    NAME                                                          READY   STATUS    RESTARTS   AGE
+    bff-server-6c9b4b97f5-gqrx6                                   1/1     Running   0          45m
+    capsule-controller-manager-6cf656b98c-sjm5n                   1/1     Running   0          66m
+    cert-manager-756fd78bff-wb2vh                                 1/1     Running   0          76m
+    cert-manager-cainjector-64685f8d48-qg69v                      1/1     Running   0          76m
+    cert-manager-webhook-5c46d68c6b-f4dkh                         1/1     Running   0          76m
+    cluster-component-ingress-nginx-controller-5bd67897dd-5m9n7   1/1     Running   0          76m
+    kube-oidc-proxy-5f4598c77c-fzl5q                              1/1     Running   0          65m
+    oidc-server-85db495594-k6pkt                                  2/2     Running   0          65m
+    resource-view-controller-76d8c79cf-smkj5                      1/1     Running   0          66m
+    ```
+
 3. At the end of the helm install, it'll prompt you with some notes like below:
-```
-NOTES:
-1. Get the  ServiceAccount token by running these commands:
 
-  export TOKENNAME=$(kubectl get serviceaccount/host-cluster-reader -n u4a-system -o jsonpath='{.secrets[0].name}')
-  kubectl get secret $TOKENNAME -n u4a-system -o jsonpath='{.data.token}' | base64 -d
-```
-Save the token and will use it to add the cluster later.
+    ```
+    NOTES:
+    1. Get the  ServiceAccount token by running these commands:
+
+      export TOKENNAME=$(kubectl get serviceaccount/host-cluster-reader -n u4a-system -o jsonpath='{.secrets[0].name}')
+      kubectl get secret $TOKENNAME -n u4a-system -o jsonpath='{.data.token}' | base64 -d
+    ```
+
+    Save the token and will use it to add the cluster later.
+
 
 4. Open the host configured using ingress below:
 
-`https://portal.<replaced-ingress-nginx-ip>.nip.io`
+    `https://portal.<replaced-ingress-nginx-ip>.nip.io`
+
+
+    If your host isn't able to access nip.io, you should add the ip<->host mapping to your hosts file. Login with user admin/baas-admin (default one).
 
-If your host isn't able to access nip.io, you should add the ip<->host mapping to your hosts file. Login with user admin/baas-admin (default one).
 
 5. Prepare the environment
 1) Create a namespace for cluster management, it should be 'cluster-system'.
-```
-kubectl create -n cluster-system
-```
+
+    ```
+    kubectl create -n cluster-system
+    ```
 
 2) Add current cluster to the portal. Navigate to '集群管理' and '添加集群'
 * for API Host, use the one from `hostK8sApiWithOidc`
 * for API Token, use the one you saved from step 3.
 
 Now, you should have a cluster and a 'system-tenant' and tenant management.
 
-## 2. Install baas-component
+### 2. Install baas-component
+
+#### 2.1 Install Fabric-Operator and bc-api using Helm
+
+1. Create namespace
+
+    If you want to install operator under the namespace `baas-system`, and this namespace does not exist, you need to create this namespace.
+
+    ```shell
+    kubectl create ns baas-system
+    ```
+
+2. Install Fabric-Operator And bc-apis
+
+    Before installation, the content to be replaced needs to be updated.
+    - \<replaced-ingress-nginx-ip\>
+    - \<replaced-iam-server\>
+    - \<replace-with-k8s-oidc-proxy-url\>
+    - \<replace-with-oidc-server-url\>
+    - \<replace-with-oidc-client-id\>
+    - \<replace-with-oidc-client-secret\>
+
+    ```shell
+    $ cd installer;
+    $ helm -nbaas-system install fabric fabric-operator;
+    ```
+    For more configuration parameters, please refer to the following document: [install-fabric-operator](./fabric-operator/README.md)
+
+3. Verify pods are running properly.
+
+    ```shell
+    $ kubectl get po -nbaas-system
+    NAME                                          READY   STATUS    RESTARTS   AGE
+    bff-apis-5b857f6577-c6pjz                     1/1     Running   0          55s
+    controller-manager-5d6449b864-ckf25           1/1     Running   0          55s
+    ```
+
+4. Clean up the deployment environment
+    ```shell
+    helm -nbaas-system uninstall fabric;
 
+    kubectl delete ns baas-system;
+    ```
 
-## 3. Add more components
+### 3. Add more components
 1. Install [kube-dashboard](./kube-dashboard/) to integrate with u4a.
 
-Refer to [kubernetes dashboard ](https://github.com/kubernetes/dashboard) for details.
+    Refer to [kubernetes dashboard ](https://github.com/kubernetes/dashboard) for details.
 
 2. Install [kubelogin](./kubelogin/) to integrate with u4a
 
-Refer to [kubelogin](https://github.com/int128/kubelogin) for details.
+    Refer to [kubelogin](https://github.com/int128/kubelogin) for details.

fabric-operator/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: fabric-operator
+description: fabric-operator is an open-source, cloud-native Operator for managing Hyperledger Fabric networks on Kubernetes
+type: application
+version: 0.1.0
+icon: https://avatars.githubusercontent.com/u/116370569?s=200&v=4
+appVersion: v0.1.0
+keywords:
+  - chain
+  - operator
+  - fabric-operator
+  - bestchains
+sources:
+  - https://github.com/bestchains/fabric-operator
+maintainers:
+  - name: nkwangleiGIT
+    url: https://github.com/nkwangleiGIT
+  - name: bjwswang
+    url: https://github.com/bjwswang
+  - name: Abirdcfly
+    url: https://github.com/Abirdcfly
+  - name: 0xff-dev
+    url: https://github.com/0xff-dev

fabric-operator/README.md

@@ -0,0 +1,80 @@
+# Baas Helm Chart
+
+## Installation
+
+Quick start to deploy Baas using Helm.
+
+### Prerequisites
+
+- [Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
+
+#### Install chart using Helm v3.0+
+
+1. Get source code
+
+        ```shell
+        $ git clone https://github.com/bestchains/installer.git;
+        $ cd installer;
+        ```
+
+2. Some variables that must be modified
+
+
+- `<replaced-ingress-nginx-ip>` needs to be replaced with the ip address of ingress
+- `<replaced-iam-server>` needs to be replaced with iam server address. example: https://oidc-server.system.svc
+- `<replace-with-k8s-oidc-proxy-url>` 
+- `<replace-with-oidc-server-url>` 
+- `<replace-with-oidc-client-id>`
+- `<replace-with-oidc-client-secret>`
+
+
+    ```shell
+    # If namespace does not exist.
+    $ kubectl create ns baas-system;
+    $ helm -nbaas-system install fabric fabric-operator;
+    ```
+
+#### Verify pods are running properly.
+
+```shell
+$ kubectl get po -nbaas-system
+NAME                                          READY   STATUS    RESTARTS   AGE
+bff-apis-5b857f6577-c6pjz                     1/1     Running   0          55s
+controller-manager-5d6449b864-ckf25           1/1     Running   0          55s
+```
+
+### Configuration
+
+The following table lists the configurable parameters of fabric-operator chart and their default values.
+
+| Parameter                                   | Description                                 | Default                                                          |
+| ------------------------------------------- | ------------------------------------------- | ---------------------------------------------------------------- |
+| `namespace`                               | which namespace the operator will be deployed.   | default `baas-system`. |
+| `ingressDomain`          | ingress domain.    | default `empty`, **you must set it**.       |
+| `serviceAccountName`                      | service account name   | default ` operator-controller-manager`   |
+| `operator.watchNamespace`                 | The namespace under which the CR is created can trigger the operator's logic.   | default `empty`, means all namespace. |
+| `operator.clusterType`                    | K8S, or OPENSHIFT. | default `K8S`.                |
+| `operator.iamServer`                      | iam provider address.                            | default `emtpy`, **you must set it**.   |
+| `operator.image`                          | The image that the operator deployment will use. | default `hyperledgerk8s/fabric-operator:latest`   |
+| `operator.imagePullPolicy`                | image pull policy.          | default `IfNotPresent`. Other optional values for reference [image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)  |
+| `operator.clusterRoleName`                |  cluster role name. | The clusterrole contains the permissions required by the operator's serviceaccount. default `manager-role` |
+| `operator.clusterRoleBindingName`         | cluster role binding   | default `operator` |
+| `operator.resources`                      | request resource.  | default request cpu is `100m`, default request memory is `200Mi` |
+| `operator.readinessProbe`                 | readiness probe        |                |
+| `operator.tolerations`                    | Pod tolerated stains   | Tolerate all stains by default    |
+| `operator.affinity`                       | How pods are scheduled |                                   |
+| `leaderElection.roleName`                 | The name of the role that contains the permissions needed for operator elections | default `leader-election-role` |
+| `leaderElection.roleNameBinding`          | role binding   | default `leader-election-rolebinding`  |
+| `authProxy.authProxyServiceName`          | service name   | default `controller-manager-metrics-service` |
+| `authProxy.proxyClusterRoleName`          | cluster role name                  | default `proxy-role`           |
+| `authProxy.proxyClusterRoleBindingName`   | cluster rolebinding name           | default `proxy-rolebinding`    |
+| `authProxy.metricReaderClusterRoleName`   | metrics reader cluster role name   | default `metrics-reader`        |
+| `bcapi.name`   | Composited APIs for fabric resource APIs   | default `bff-apis`        |
+| `bcapi.env.k8sOIDCProxyURL`   | oidc proxy url   | it can be emtpty if you don't need oidc-proxy.        |
+| `bcapi.env.OIDCServerURL`   | oidc server  | must be completed       |
+| `bcapi.env.OIDCServerClientID`   | oidc client id   | must be completed       |
+| `bcapi.env.OIDCServerClientSecret`   | oidc client secret   | must be completed       |
+| `bcapi.image`   | image used by the bff service |  hyperledgerk8s/bc-apis:v0.1.0-20230118     |
+| `bcapi.imagePullPolicy`   | the policy of pulling image  | `IfNotPresent` |
+| `bcapi.hostAliases`   | add entry to Pod's /etc/hosts  | can be empty, format reference [adding-additional-entries-with-hostaliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/#adding-additional-entries-with-hostaliases)    |
+| `bcapi.ingressName`   | name of the ingress of the bff service| `bc-apis-ingress` |