helm/charts/goquorum-genesis/templates/genesis-job-init.yaml

---
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "goquorum-genesis.name" . }}-init
  labels:
{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}
    aadpodidbinding: "{{ .Values.azure.identityName }}"
{{- end }}  
    app.kubernetes.io/name: goquorum-genesis-job
    app.kubernetes.io/component: genesis-job
    app.kubernetes.io/part-of: {{ include "goquorum-genesis.fullname" . }}
    app.kubernetes.io/namespace: {{ .Release.Namespace }}
    app.kubernetes.io/managed-by: helm
  namespace: {{ .Release.Namespace }}
  annotations:
    helm.sh/hook-delete-policy: "hook-succeeded"
spec:
  backoffLimit: 3
  completions: 1
  template:
    metadata:
      labels:
{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}
        aadpodidbinding: "{{ .Values.azure.identityName }}"
{{- end}}      
        app.kubernetes.io/name: goquorum-genesis-job
        app.kubernetes.io/component: genesis-job
        app.kubernetes.io/part-of: {{ include "goquorum-genesis.fullname" . }}
        app.kubernetes.io/namespace: {{ .Release.Namespace }}
        app.kubernetes.io/managed-by: helm
    spec:
{{- if and (eq .Values.cluster.provider "aws") (.Values.cluster.cloudNativeServices) }}
      serviceAccountName: {{ .Values.aws.serviceAccountName }}
{{- else }}
      serviceAccountName: {{ include "goquorum-genesis.name" . }}-sa
{{- end }}    
      restartPolicy: "Never"
      containers:
        - name: generate-genesis
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          securityContext:
            runAsUser: 0
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command:
            - /bin/bash
            - -c
          args:
            - |
              echo "Creating config ..."

{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}

              function safeWriteSecret {
                key=$1
                fpath=$2
                az keyvault secret show --vault-name {{ .Values.azure.keyvaultName }} --name $key > /dev/null 2>&1
                if [ $? -ne 0 ]; then
                  az keyvault secret set --vault-name {{ .Values.azure.keyvaultName }} --name $key --file $fpath --encoding utf-8
                else
                  # if the key exists pull it from keyvault so that when you update the enodes configmap, you have the right value
                  az keyvault secret show --vault-name {{ .Values.azure.keyvaultName }} --name $key | jq -r '.value' > $fpath
                fi
              }

              az login --identity --debug
              az account set --subscription {{ .Values.azure.subscriptionId }}

{{- else if and (eq .Values.cluster.provider "aws") (.Values.cluster.cloudNativeServices) }}

              function safeWriteSecret {
                key=$1
                fpath=$2
                aws secretsmanager describe-secret --secret-id $key > /dev/null 2>&1
                if [ $? -ne 0 ]; then
                  aws secretsmanager create-secret --name $key --description $key --secret-string file://$fpath
                else
                  # if the key exists pull it from keyvault so that when you update the enodes configmap, you have the right value
                  aws secretsmanager get-secret-value --secret-id $key | jq -r '.SecretString' > $fpath
                fi
              }

{{- else }}
              
              function safeWriteSecret {
                key=$1
                fpath=$2
                kubectl create secret generic ${key}-keys --namespace {{ .Release.Namespace }} --from-file=nodekey=${fpath}/nodekey --from-file=nodekey.pub=${fpath}/nodekey.pub --from-file=enode=${fpath}/nodekey.pub --from-file=accountPrivate.key=${fpath}/accountPrivateKey --from-file=accountPassword=${fpath}/accountPassword --from-file=accountKeystore=${fpath}/accountKeystore --from-file=accountAdddress=${fpath}/accountAddress
              }

{{- end }}

              function safeWriteGenesisConfigmap {
                FOLDER_PATH=$1
                kubectl get configmap --namespace {{ .Release.Namespace }} goquorum-genesis
                if [ $? -ne 0 ]; then
                  kubectl create configmap --namespace {{ .Release.Namespace }} goquorum-genesis --from-file=genesis.json=$FOLDER_PATH/goQuorum/genesis.json
                fi
              }

              function safeWriteQuorumPeersConfigmap {
                kubectl get configmap --namespace {{ .Release.Namespace }} goquorum-peers
                if [ $? -ne 0 ]; then
                  kubectl create configmap --namespace {{ .Release.Namespace }} goquorum-peers --from-file=static-nodes.json=/generated-config/static-nodes.json
                fi
              }

              FOLDER_PATH=$(quorum-genesis-tool --consensus {{ .Values.rawGenesisConfig.genesis.config.algorithm.consensus }} {{ if .Values.rawGenesisConfig.blockchain.nodes.generate }} --validators {{ .Values.rawGenesisConfig.blockchain.nodes.count }} {{ else }} --validators 0 {{ end }} --members 0 --bootnodes 0 --chainID {{ .Values.rawGenesisConfig.genesis.config.chainId }} --blockperiod {{ .Values.rawGenesisConfig.genesis.config.algorithm.blockperiodseconds }} --emptyBlockPeriod {{ .Values.rawGenesisConfig.genesis.config.algorithm.emptyBlockPeriod }} --epochLength {{ .Values.rawGenesisConfig.genesis.config.algorithm.epochlength }} --requestTimeout {{ .Values.rawGenesisConfig.genesis.config.algorithm.requesttimeoutseconds }} --difficulty {{ .Values.rawGenesisConfig.genesis.difficulty }} --gasLimit {{ .Values.rawGenesisConfig.genesis.gasLimit }} --coinbase {{ .Values.rawGenesisConfig.genesis.coinbase }} {{ if .Values.rawGenesisConfig.blockchain.accountPassword }} --accountPassword {{ .Values.rawGenesisConfig.blockchain.accountPassword }} {{ end }} {{ if eq .Values.cluster.cloudNativeServices false }} --quickstartDevAccounts {{ .Values.rawGenesisConfig.genesis.includeQuickStartAccounts }} {{ end }} --outputPath /generated-config | tail -1 | sed -e "s/^Artifacts in folder: //")

              echo $FOLDER_PATH
              echo "Creating genesis configmap in k8s ..."
              safeWriteGenesisConfigmap $FOLDER_PATH

              # create the static-nodes with proper dns names for the quorum nodes  
              echo "[" > /generated-config/static-nodes.json

              # 0 index so setting this to the num of validators
              echo "Creating validator keys ..."
              i=1
              for f in $(find $FOLDER_PATH -type d -iname "validator*" -exec basename {} \;); do
                echo $f

                if [ -d $FOLDER_PATH/${f} ]; then

                  echo "Creating keys for $f ..."

{{- if and (ne .Values.cluster.provider "local") (.Values.cluster.cloudNativeServices) }}

                  echo "Using cloud native services"
                  safeWriteSecret goquorum-node-validator-${i}-nodekey $FOLDER_PATH/${f}/nodekey
                  safeWriteSecret goquorum-node-validator-${i}-nodekeypub $FOLDER_PATH/${f}/nodekey.pub 
                  safeWriteSecret goquorum-node-validator-${i}-enode $FOLDER_PATH/${f}/nodekey.pub 
                  safeWriteSecret goquorum-node-validator-${i}-address $FOLDER_PATH/${f}/address
                  kubectl create configmap --namespace {{ .Release.Namespace }} goquorum-node-validator-${i}-address --from-file=address=$FOLDER_PATH/${f}/address

                  safeWriteSecret goquorum-node-validator-${i}-accountPrivateKey $FOLDER_PATH/${f}/accountPrivateKey
                  safeWriteSecret goquorum-node-validator-${i}-accountPassword $FOLDER_PATH/${f}/accountPassword
                  safeWriteSecret goquorum-node-validator-${i}-accountKeystore $FOLDER_PATH/${f}/accountKeystore 
                  safeWriteSecret goquorum-node-validator-${i}-accountAddress $FOLDER_PATH/${f}/accountAddress 
                  
{{- else }}

                  echo "Using k8s secrets"
                  safeWriteSecret goquorum-node-validator-${i} "$FOLDER_PATH/${f}"
                  kubectl create configmap --namespace {{ .Release.Namespace }} goquorum-node-validator-${i}-address --from-file=address=$FOLDER_PATH/${f}/address

{{- end }}

                  # add to the static-nodes
                  pubkey=$(cat $FOLDER_PATH/${f}/nodekey.pub )
                  echo ",\"enode://$pubkey@goquorum-node-validator-$i-0.goquorum-node-validator-$i.{{ .Release.Namespace }}.svc.cluster.local:30303?discport=0\"" >> /generated-config/static-nodes.json

                  i=$((i+1))
                fi
              done

              echo "]" >> /generated-config/static-nodes.json
              # remove the extra comma to make it valid json
              sed -i '0,/,/s///' /generated-config/static-nodes.json
              safeWriteQuorumPeersConfigmap

              echo "Completed ..."