NethermindEth · aivarasko · Apr 25, 2024 · Apr 26, 2024 · Apr 26, 2024 · Apr 29, 2024
diff --git a/charts/dirk/scripts/generate_cert.sh b/charts/dirk/scripts/generate_cert.sh
@@ -9,6 +9,9 @@ generate_certs() {
 LOCATION=$1
 CA_CERT_NAME=$2
 CERT_NAME=$3
+DOMAIN=$4
+
+echo "DOMAIN: ${DOMAIN}"
 
 mkdir -p "${LOCATION}"
 pushd "${LOCATION}"
@@ -36,6 +39,11 @@ subjectAltName = @alt_names
 DNS.1 = "${CERT_NAME}"
 EOEXT
 
+if [ -n "${DOMAIN}" ]; then echo "DNS.2 = \"${CERT_NAME}.${DOMAIN}\"" >> "${CERT_NAME}.ext"; fi
+
+
+cat "${CERT_NAME}".ext
+
   openssl genrsa -out "${CERT_NAME}.key" 4096
   openssl req -out "${CERT_NAME}.csr" -key "${CERT_NAME}.key" -new -subj "/CN=${CERT_NAME}" -addext "subjectAltName=DNS:${CERT_NAME}"
   openssl x509 -req -in "${CERT_NAME}.csr" -CA "${CA_CERT_NAME}.crt" -CAkey "${CA_CERT_NAME}.key" -CAcreateserial -out "${CERT_NAME}.crt" -days 1825 -sha256 -extfile "${CERT_NAME}.ext"

diff --git a/charts/dirk/templates/configmap.yaml b/charts/dirk/templates/configmap.yaml
@@ -6,7 +6,15 @@ metadata:
   labels:
     {{- include "common.labels.standard" . | nindent 4 }}
 data:
+  {{- if .Values.dirk.peers }}
+  {{- $myVal := "_" -}}
+  {{- range $k, $v := .Values.dirk.peers }}
+  {{- $myVal = printf "%s,%s:%s" $myVal $k $v -}}
+  {{- end }}
+  PEERS: {{ $myVal | replace "_,1" "1" }}
+  {{- else }}
   PEERS: 1:{{ include "dirk.fullname" . }}-0.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }},2:{{ include "dirk.fullname" . }}-1.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }},3:{{ include "dirk.fullname" . }}-2.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }}
+  {{- end }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -34,9 +42,15 @@ data:
       type: filesystem
       location: /data/dirk/wallets
     peers:
+    {{- if .Values.dirk.peers }}
+      {{- range $k, $v := .Values.dirk.peers }}
+      {{ $k }}: {{ $v }}
+      {{- end }}
+    {{- else }}
       1: {{ include "dirk.fullname" . }}-0.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }}
       2: {{ include "dirk.fullname" . }}-1.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }}
       3: {{ include "dirk.fullname" . }}-2.{{ include "dirk.fullname" . }}:{{ .Values.service.httpPort }}
+    {{- end }}
     permissions:
       {{ .Values.dirk.clientName }}:
         Validators: All

diff --git a/charts/dirk/templates/statefulset.yaml b/charts/dirk/templates/statefulset.yaml
@@ -5,11 +5,17 @@ metadata:
   name: {{ include "common.names.fullname" . }}
   labels:
     {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.clusterIndex }}
+    apps.kubernetes.io/cluster-deployment-type: cluster
+    {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "common.labels.matchLabels" . | nindent 6 }}
+      {{- if .Values.clusterIndex }}
+      apps.kubernetes.io/cluster-deployment-type: cluster
+      {{- end }}
   serviceName: {{ include "common.names.fullname" . }}
   template:
     metadata:
@@ -19,6 +25,9 @@ spec:
       {{- end }}
       labels:
         {{- include "common.labels.matchLabels" . | nindent 8 }}
+        {{- if .Values.clusterIndex }}
+        apps.kubernetes.io/cluster-deployment-type: cluster
+        {{- end }}
     spec:
       {{- with .Values.nodeSelector }}
       nodeSelector:
@@ -58,12 +67,20 @@ spec:
             - >
               rm -f /data/dirk/dirty;
               mkdir -p /data/dirk/certs;
+              {{- if .Values.clusterIndex }}
+              export INDEX="{{ .Values.clusterIndex }}";
+              {{- else }}
               export INDEX=$((${HOSTNAME##*-}+1));
+              {{- end }}
               echo "$INDEX" > /data/dirk/index;
               envsubst < /config/dirk.yaml.tml > /data/dirk/dirk.yaml;
               printenv CA_CRT | base64 -d  > /data/dirk/certs/ca.crt;
               printenv CA_KEY | base64 -d  > /data/dirk/certs/ca.key;
+              {{- if .Values.clusterIndex }}
+              bash /scripts/generate_cert.sh /data/dirk/certs/ ca ${HOSTNAME}.{{ include "dirk.fullname" . }} {{ get .Values.clusterMapping .Values.clusterLabel }};
+              {{- else }}
               bash /scripts/generate_cert.sh /data/dirk/certs/ ca ${HOSTNAME}.{{ include "dirk.fullname" . }};
+              {{- end }}
               chown -R {{ .Values.global.podSecurityContext.runAsUser }}:{{ .Values.global.podSecurityContext.fsGroup }} /data/dirk;
           envFrom:
             - secretRef:
@@ -184,6 +201,11 @@ spec:
         - name: scripts
           configMap:
             name: {{ include "common.names.fullname" . }}-scripts
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      dnsConfig:
+        {{- toYaml .Values.dnsConfig | nindent 8 }}
+      {{- end }}
   minReadySeconds: {{ .Values.minReadySeconds }}
   volumeClaimTemplates:
     - metadata:

diff --git a/charts/dirk/values.yaml b/charts/dirk/values.yaml
@@ -22,6 +22,9 @@ global:
       - ALL
 
 replicaCount: 3
+clusterIndex: null
+clusterMapping: {}
+clusterLabel: ""
 
 image:
   repository: attestant/dirk
@@ -60,6 +63,10 @@ dirk:
   tracing:
 
   fetchKeysExtraFlags: []
+  peers: {}
+
+dnsPolicy: null
+dnsConfig: {}
 
 imagePullSecrets: []
 

diff --git a/charts/vouch/templates/statefulset.yaml b/charts/vouch/templates/statefulset.yaml
@@ -173,3 +173,8 @@ spec:
           emptyDir:
             medium: Memory
             sizeLimit: 128Mi
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      dnsConfig:
+        {{- toYaml .Values.dnsConfig | nindent 8 }}
+      {{- end }}
diff --git a/charts/vouch/values.yaml b/charts/vouch/values.yaml
@@ -85,6 +85,9 @@ vouch:
 
 relays: []
 
+dnsPolicy: null
+dnsConfig: {}
+
 imagePullSecrets: []
 
 ## Provide a name in place of operator for `app:` labels