integrate PR#12 comments from henrikr3

CHECKLIST.md

@@ -73,6 +73,30 @@ Configuration:
 			- Please have a look at the logs files for the three pods to make sure they are running without errors (kubectl get pods + kubectl logs -f <pod name>)
 			- Run delete_all.sh to remove all resources from the Kubernetes cluster if you need to start fresh
 
+Testnet configuration:
+
+	- Retrieve certificates and config:
+      - Register on corda marketplace : https://marketplace.r3.com/register
+      - Go to https://marketplace.r3.com/network/testnet/install-node
+      - Choose 
+        - node version: "Enterprise"
+        - Corda version : 4.0
+      - Click on "Create new node"
+      - Click on download corda node. It should download a `node.zip` file
+    - Update certificates with your keypair:
+      - unzip the `node.zip` on a PC or a VM with internet access. (We are going to call it NODE_DIR)
+      - Edit `node.conf` and change `p2pAddress` 
+      - Run in a shell: `java -jar corda.jar` 
+      - Wait for node to start. That will enrich `certificates/nodekeystore.jks` with the node legal entity key pair
+      - kill the node process
+      - Copy certificates `cp $NODE_DIR/certificates/*.jks ./helm/files/certificates/node`
+    - Values.yaml:
+      - Fill variables  `keystorePassword` and `truststorePassword` from unzipped `node.conf` to  `.Values.corda.firewall.conf.nodeKeystorePassword` and `.Values.corda.firewall.conf.nodeTruststorePassword`
+      - Fill variable `myLegalName` from node.conf to `.Values.corda.node.conf.legalName`
+      - Fill variable `corda.node.conf.compatibilityZoneEnabled`  with `true` in `helm/values.yaml` 
+      - Fill variable `corda.node.conf.compatibilityZoneURL` with `https://netmap.testnet.r3.com`
+
+
 Useful commands:
 
 	- Check deployment status with: kubectl get pods, expect to see 'Running' if the pods are working normally

helm/files/bridge.conf

@@ -30,8 +30,8 @@ bridgeInnerConfig: {
 certificatesDirectory: "./workspace/certificates"
 sslKeystore: "./workspace/certificates/sslkeystore.jks"
 trustStoreFile: "./workspace/certificates/truststore.jks"
-keyStorePassword: "{{ .Values.corda.nodebridge.conf.nodeKeystorePassword }}"
-trustStorePassword: "{{ .Values.corda.nodebridge.conf.nodeTruststorePassword }}"
+keyStorePassword: "{{ .Values.corda.firewall.conf.nodeKeystorePassword }}"
+trustStorePassword: "{{ .Values.corda.firewall.conf.nodeTruststorePassword }}"
 crlCheckSoftFail: {{ .Values.corda.node.conf.crlCheckSoftFail }}
 silencedIPs: []
 

helm/files/node.conf

@@ -3,12 +3,12 @@ emailAddress: "{{ .Values.corda.node.conf.emailAddress }}"
 p2pAddress: "{{ .Values.corda.node.conf.p2pAddress }}:{{ .Values.corda.node.conf.p2pPort }}"
 {{- if .Values.corda.node.conf.compatibilityZoneEnabled }}
 compatibilityZoneURL: ".Values.corda.node.conf.compatibilityZoneURL"
-{{ else }}
+{{- else }}
 networkServices: {
   doormanURL: "http://{{ .Values.corda.node.conf.identityManagerAddress }}",
   networkMapURL: "http://{{ .Values.corda.node.conf.networkmapAddress }}"
 }
-{{ end }}
+{{- end }}
 crlCheckSoftFail: {{ .Values.corda.node.conf.crlCheckSoftFail }}
 {{- if ne .Values.corda.node.conf.tlsCertCrlDistPoint "" }}
 tlsCertCrlDistPoint:  "{{ .Values.corda.node.conf.tlsCertCrlDistPoint }}",
@@ -46,8 +46,8 @@ dataSourceProperties: {
   dataSource.user: "{{ .Values.corda.node.conf.dataSource.user }}",
   dataSource.password: "{{ .Values.corda.node.conf.dataSource.password }}"
 }
-trustStorePassword: "{{ .Values.corda.nodebridge.conf.nodeTruststorePassword }}"
-keyStorePassword : "{{ .Values.corda.nodebridge.conf.nodeKeystorePassword }}"
+trustStorePassword: "{{ .Values.corda.firewall.conf.nodeTruststorePassword }}"
+keyStorePassword : "{{ .Values.corda.firewall.conf.nodeKeystorePassword }}"
 detectPublicIp: false
 messagingServerAddress: "0.0.0.0:{{ .Values.corda.node.conf.p2pPort }}"
 messagingServerExternal: false

helm/values.yaml

@@ -127,9 +127,9 @@ corda:
       identityManagerAddress: ""
       # networkmapAddress defines the accesspoint for the Network Map server (public domain name+port)
       networkmapAddress: ""
-      # compatibilityZoneEnabled set to true for testnet
+      # compatibilityZoneEnabled defines if you are connecting to a compatibility zone rather than using the above identityManagerAddress+networkmapAddress. Set this to true to be able to join Corda Testnet along with compatibilityZoneURL.
       compatibilityZoneEnabled: false
-      # compatibilityZoneURL The root address of Corda compatibility zone network management services
+      # compatibilityZoneURL defines the root address of Corda compatibility zone network management services. For Corda Testnet you can use "https://netmap.testnet.r3.com"
       compatibilityZoneURL: "" # Exemple for testnet "https://netmap.testnet.r3.com"     
       # truststorePassword defines the password with which to unlock the network root truststore file usually named 'networkRootTrustStore.jks'.
       truststorePassword: "trustpass"
@@ -181,12 +181,6 @@ corda:
       allowDevCorDapps:
         # enabled is a boolean value for the above parameter
         enabled: true
-  # nodebridge is the options that define how to define the node.conf and bridge.conf files which defines the bridge/node tunnel      
-  nodebridge:
-    # Values that will end up in the node.conf/bridge.conf
-    conf:
-      nodeKeystorePassword: "cordacadevpass"
-      nodeTruststorePassword: "trustpass"
   # firewall is the options that define how to define the bridge.conf and float.conf files which defines how the Corda Firewall will function
   firewall: 
     # Values that will end up in the bridge.conf/float.conf files
@@ -197,4 +191,8 @@ corda:
       bridgeKeystorePassword: "bridgepass" # NOTE! The link to corda-pki-generator/pki-firewall/generate_pki.sh is not automated yet, if you change this parameter you would have to manually edit the "sh" file as well.
       # truststorePassword defines the password with which to unlock the firewall tunnel root truststore file usually named 'trust.jks'.
       floatKeystorePassword: "floatpass" # NOTE! The link to corda-pki-generator/pki-firewall/generate_pki.sh is not automated yet, if you change this parameter you would have to manually edit the "sh" file as well.
+      # Value that will end up in the node.conf/bridge.conf
+      nodeKeystorePassword: "cordacadevpass"
+      # Value that will end up in the node.conf/bridge.conf
+      nodeTruststorePassword: "trustpass"
 # fin.