Continuous deployment kubernetes deploy and wallet integration test (#…

…101)

* Add Kubernetes deployment manifests

- Manifests for deploying a 5 node network
- one-shot enclave build
- Jenkins steps to run and watch that deployment
- Wallet test integration

deploy/.gitignore

@@ -0,0 +1 @@
+build

deploy/00-node-grpc-ingress.yaml

@@ -0,0 +1,207 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: node-grpc-NETWORKNAME
+  namespace: NETWORKNAME
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPCS"
+    certmanager.k8s.io/cluster-issuer: letsencrypt-production
+spec:
+  tls:
+    - hosts:
+      - NETWORKNAME.mobilecoin.com
+      - '*.NETWORKNAME.mobilecoin.com'
+      secretName: NETWORKNAME-mobilecoin-wildcard-tls
+  rules:
+    - host: node1.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /attest
+          backend:
+            serviceName: node1
+            servicePort: 3223
+        - path: /blockchain
+          backend:
+            serviceName: node1
+            servicePort: 8443
+        - path: /consensus_client
+          backend:
+            serviceName: node1
+            servicePort: 3223
+        - path: /consensus_peer
+          backend:
+            serviceName: node1
+            servicePort: 8443
+        - path: /node_user
+          backend:
+            serviceName: node1
+            servicePort: 3223
+    - host: peer1.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /consensus_peer
+          backend:
+            serviceName: node1
+            servicePort: 8443
+        - path: /attest
+          backend:
+            serviceName: node1
+            servicePort: 8443
+        - path: /blockchain
+          backend:
+            serviceName: node1
+            servicePort: 8443
+    - host: node2.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /attest
+          backend:
+            serviceName: node2
+            servicePort: 3223
+        - path: /blockchain
+          backend:
+            serviceName: node2
+            servicePort: 8443
+        - path: /consensus_client
+          backend:
+            serviceName: node2
+            servicePort: 3223
+        - path: /consensus_peer
+          backend:
+            serviceName: node2
+            servicePort: 8443
+        - path: /node_user
+          backend:
+            serviceName: node2
+            servicePort: 3223
+    - host: peer2.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /consensus_peer
+          backend:
+            serviceName: node2
+            servicePort: 8443
+        - path: /attest
+          backend:
+            serviceName: node2
+            servicePort: 8443
+        - path: /blockchain
+          backend:
+            serviceName: node2
+            servicePort: 8443
+    - host: node3.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /attest
+          backend:
+            serviceName: node3
+            servicePort: 3223
+        - path: /blockchain
+          backend:
+            serviceName: node3
+            servicePort: 8443
+        - path: /consensus_client
+          backend:
+            serviceName: node3
+            servicePort: 3223
+        - path: /consensus_peer
+          backend:
+            serviceName: node3
+            servicePort: 8443
+        - path: /node_user
+          backend:
+            serviceName: node3
+            servicePort: 3223
+    - host: peer3.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /consensus_peer
+          backend:
+            serviceName: node3
+            servicePort: 8443
+        - path: /attest
+          backend:
+            serviceName: node3
+            servicePort: 8443
+        - path: /blockchain
+          backend:
+            serviceName: node3
+            servicePort: 8443
+    - host: node4.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /attest
+          backend:
+            serviceName: node4
+            servicePort: 3223
+        - path: /blockchain
+          backend:
+            serviceName: node4
+            servicePort: 8443
+        - path: /consensus_client
+          backend:
+            serviceName: node4
+            servicePort: 3223
+        - path: /consensus_peer
+          backend:
+            serviceName: node4
+            servicePort: 8443
+        - path: /node_user
+          backend:
+            serviceName: node4
+            servicePort: 3223
+    - host: peer4.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /consensus_peer
+          backend:
+            serviceName: node4
+            servicePort: 8443
+        - path: /attest
+          backend:
+            serviceName: node4
+            servicePort: 8443
+        - path: /blockchain
+          backend:
+            serviceName: node4
+            servicePort: 8443
+    - host: node5.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /attest
+          backend:
+            serviceName: node5
+            servicePort: 3223
+        - path: /blockchain
+          backend:
+            serviceName: node5
+            servicePort: 8443
+        - path: /consensus_client
+          backend:
+            serviceName: node5
+            servicePort: 3223
+        - path: /consensus_peer
+          backend:
+            serviceName: node5
+            servicePort: 8443
+        - path: /node_user
+          backend:
+            serviceName: node5
+            servicePort: 3223
+    - host: peer5.NETWORKNAME.mobilecoin.com
+      http:
+        paths:
+        - path: /consensus_peer
+          backend:
+            serviceName: node5
+            servicePort: 8443
+        - path: /attest
+          backend:
+            serviceName: node5
+            servicePort: 8443
+        - path: /blockchain
+          backend:
+            serviceName: node5
+            servicePort: 8443

deploy/01-node-certificates.yaml

@@ -0,0 +1,119 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: node1-peer-tls
+  namespace: NETWORKNAME
+spec:
+  # Secret names are always required.
+  secretName: node1-peer-tls
+  duration: 8760h # 365d
+  renewBefore: 360h # 15d
+  organization:
+  - mobilecoin
+  keySize: 2048
+  keyAlgorithm: rsa
+  keyEncoding: pkcs1
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - node1.NETWORKNAME.mobilecoin.com
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: node2-peer-tls
+  namespace: NETWORKNAME
+spec:
+  # Secret names are always required.
+  secretName: node2-peer-tls
+  duration: 8760h # 365d
+  renewBefore: 360h # 15d
+  organization:
+  - mobilecoin
+  keySize: 2048
+  keyAlgorithm: rsa
+  keyEncoding: pkcs1
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - node2.NETWORKNAME.mobilecoin.com
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: node3-peer-tls
+  namespace: NETWORKNAME
+spec:
+  # Secret names are always required.
+  secretName: node3-peer-tls
+  duration: 8760h # 365d
+  renewBefore: 360h # 15d
+  organization:
+  - mobilecoin
+  keySize: 2048
+  keyAlgorithm: rsa
+  keyEncoding: pkcs1
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - node3.NETWORKNAME.mobilecoin.com
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: node4-peer-tls
+  namespace: NETWORKNAME
+spec:
+  # Secret names are always required.
+  secretName: node4-peer-tls
+  duration: 8760h # 365d
+  renewBefore: 360h # 15d
+  organization:
+  - mobilecoin
+  keySize: 2048
+  keyAlgorithm: rsa
+  keyEncoding: pkcs1
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - node4.NETWORKNAME.mobilecoin.com
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: node5-peer-tls
+  namespace: NETWORKNAME
+spec:
+  # Secret names are always required.
+  secretName: node5-peer-tls
+  duration: 8760h # 365d
+  renewBefore: 360h # 15d
+  organization:
+  - mobilecoin
+  keySize: 2048
+  keyAlgorithm: rsa
+  keyEncoding: pkcs1
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - node5.NETWORKNAME.mobilecoin.com
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer