Skip to content

refactor(cardanonetwork)!: delete the in-cluster faucet service#108

Merged
jmgilman merged 1 commit into
masterfrom
refactor/faucet-removal-p4b
Jun 4, 2026
Merged

refactor(cardanonetwork)!: delete the in-cluster faucet service#108
jmgilman merged 1 commit into
masterfrom
refactor/faucet-removal-p4b

Conversation

@jmgilman
Copy link
Copy Markdown
Contributor

@jmgilman jmgilman commented Jun 4, 2026

Summary

P4b of the faucet-removal re-architecture (completes P4, follows merged PR-4a #107). This deletes the in-cluster faucet HTTP service entirely. The genesis-funded faucet wallet (Secret <net>-wallet-faucet) stays and is now the network's funded wallet, spent from host-side via yacd wallet topup … --from faucet (delivered in P3 #106).

After PR-4a the controller no longer called the faucet service; this PR removes the now-dead service and its entire build/release/CLI surface, plus the one behavioral change that matters: re-gating the genesis faucet wallet on local mode alone.

⚠️ Two distinct "faucets" — only the service is removed. The genesis-funded wallet (<net>-wallet-faucet, Store.Faucet, faucetWalletGenesisFundingInitContainer) is intentionally kept.

Breaking change

Removes from the CardanoNetwork CRD: spec.chainAPI.faucet, status.faucet, the faucet endpoint, and the FaucetReady condition. Pre-1.0; devnets are ephemeral; no conversion webhook.

What changed

The re-gate (highest-risk edit): faucetWalletEnabled / resolveFaucetWalletSettings now gate the genesis faucet wallet on Spec.Mode == Local alone (dropped the old faucet.enabled dependency). Wrong here = a fresh devnet boots with no funding source.

Deleted:

  • services/faucet/ (whole tree), the faucet image (release.yml jobs, Tiltfile, ko-build-faucet.sh, --default-faucet-image flag, chart faucet.image + kyverno entry), and the CLI embedded-chart faucet image plumbing.
  • Controller faucet-service wiring: faucet_auth.go, faucet_auth_watch.go, faucetContainer, source-address init, faucet Service/auth Secret, FaucetReady, revokePrimaryFaucetExposure, faucet readiness/status/conditions/defaults, the faucet port-conflict branch, and the primarypod faucet port.
  • CLI faucet trust-gate residue: faucetTokenForHost, YACD_FAUCET_*, endpoints FaucetURL, info/list faucet sections, ConditionFaucetReady, devconfig faucet validation.
  • API: FaucetSpec/FaucetStatus/ChainAPISpec.Faucet/status.Faucet/endpoints.Faucet/FaucetReady.

Tests: rewrote the Chainsaw smoke (dropped the faucet HTTP curl test; asserts the <net>-wallet-faucet Secret + a non-empty address, and that the wallet survives a chain-API toggle; teardown disables kupo only); fixed the orphaned dbsync port-conflict test (8080 freed). Added a direct-reconcile TestCardanoNetworkReconcilerReconcileGatesFaucetWalletOnLocalMode (local → wallet Secret present, public → absent).

88 files, +268 / −7653 (bulk is the services/faucet/ deletion).

Validation

  • root:check (gofmt, lint, generated-artifacts guard, helm, chainsaw-lint)
  • root:test (envtest + unit), incl. the new re-gate reconcile test
  • root:test-e2e (real Kind/Chainsaw): local network boots with no faucet service, the genesis faucet wallet Secret exists with a funded address, survives a kupo-disable patch, and the network reaches Ready
  • ✅ Manager dependency boundary: go list -deps ./cmd free of ogmigo/kugo/Apollo-tx-builder (only Apollo address/key subpackages)
  • ✅ Faucet-token sweep: only the faucet wallet, Cardano *-keys genesis artifacts, and P5-deferred doc prose remain

Adversarial review

A multi-agent review (6 dimensions, each finding independently verified) surfaced 3 findings; all dispositioned:

  • Missing wallet-Secret Owns() watch — dismissed. On master the only Secret watch (faucetAuthSecretEventPredicate) matched -faucet-auth and deliberately excluded the wallet Secret; this PR doesn't regress it. Watching is wrong by design — the wallet is create-once genesis-funded key material, and recreating it on external delete would mint an unfunded address.
  • RBAC list;watch on secrets now unused — actioned (per-controller marker only). Tightened the cardanonetwork marker to get;create;patch;delete (its only Secret informer is gone). The shared manager ClusterRole is unchanged — it's the controller-gen union and cardanodbsync legitimately needs Secret list;watch (Owns(&Secret) + a Secret Watches handler), so the role can't shrink without splitting ClusterRoles (out of scope). TestManagerRBACMatchesControllerGen green.
  • Chainsaw missing positive survival assert — actioned. Added an explicit kubectl get secret <net>-wallet-faucet check after the kupo-disable patch.

Not done here (P5)

  • Faucet-free operator release + re-pin the CLI's embedded chart manager digest (the embedded operator is still the digest-pinned v0.1.1, which predates the genesis faucet wallet — so yacd devnet end-to-end is P5-gated).
  • Docs (DESIGN.md, README.md, docs/host-access.md, containers/cardano-testnet/README.md) still describe the faucet service — intentionally deferred to P5 / docs PR docs: add MkDocs documentation site with Diátaxis structure #91.
  • Dev-stack live yacd wallet topup --from faucet was not run: the running dev stack is bound to the now-merged 4a worktree (pre-4b code), and re-pointing it requires a disruptive teardown. Chainsaw already proves the re-gate in a real cluster, and the topup path is unchanged P3 code. Can run it on request before merge.

🤖 Generated with Claude Code

@jmgilman @claude
refactor(cardanonetwork)!: delete the in-cluster faucet service
167ea9b 
P4b of the faucet-removal re-architecture (completes P4). Removes the in-cluster
faucet HTTP service entirely; the genesis-funded `faucet` wallet is now created
for every local network (gated on local mode alone) and is the network's funded
wallet, spent from host-side via `yacd wallet topup`.

BREAKING CHANGE: removes spec.chainAPI.faucet, status.faucet, the faucet endpoint,
and the FaucetReady condition from the CardanoNetwork CRD. Pre-1.0; devnets are
ephemeral.

- delete services/faucet/, the faucet image (release.yml jobs, Tiltfile,
  ko-build-faucet.sh, --default-faucet-image flag, chart faucet.image + kyverno),
  and the CLI embedded-chart faucet image plumbing
- delete controller faucet-service wiring: faucet_auth.go, faucet_auth_watch.go,
  faucetContainer, source-address init, faucet Service/auth Secret, FaucetReady,
  revokePrimaryFaucetExposure, faucet readiness/status/conditions/defaults, the
  faucet port-conflict branch, and primarypod faucet port
- re-gate the genesis faucet wallet to local-mode-only (builder.go)
- CLI: drop the faucet trust-gate residue (faucetTokenForHost, YACD_FAUCET_*,
  endpoints FaucetURL, info/list faucet, ConditionFaucetReady, devconfig faucet
  validation)
- rewrite the Chainsaw smoke (drop the faucet HTTP test; assert only the faucet
  wallet Secret + kupo-disable teardown); fix the orphaned dbsync port-conflict test
- regenerate CRD/deepcopy/mocks; examples + embedded yamls drop chainAPI.faucet

Manager dependency boundary preserved (./cmd pulls no ogmigo/kugo/Apollo tx-builder).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jmgilman jmgilman merged commit 1652ac6 into master Jun 4, 2026
12 checks passed
@meigma-release-please meigma-release-please Bot mentioned this pull request Jun 4, 2026
Merged
@jmgilman jmgilman deleted the refactor/faucet-removal-p4b branch June 5, 2026 01:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmgilman