From 7fe41a184edaf73647434da7a97c4750f09de6ab Mon Sep 17 00:00:00 2001 From: Aleksandar Knezevic Date: Tue, 17 May 2022 01:02:47 -0700 Subject: [PATCH] Dev/beeconfig to raw configmap (#182) * first version bee helm chart 0.12 * changes * chore: all config put in configmap * chore: fix linting * chore: fix linting * chore: rename addr to port * fix: ct install * removed secret and bee password from beeConfig Co-authored-by: Ivan Vandot --- charts/bee/Chart.yaml | 6 +- charts/bee/ci/ct-values.yaml | 4 + charts/bee/templates/_helpers.tpl | 39 +++--- charts/bee/templates/config.yaml | 60 +-------- charts/bee/templates/ingress-debug.yaml | 2 +- charts/bee/templates/secret-password.yaml | 4 +- charts/bee/templates/secret-swarmkeys.yaml | 1 - charts/bee/templates/service-api.yaml | 2 +- charts/bee/templates/service-debug.yaml | 4 +- charts/bee/templates/service-headless.yaml | 10 +- charts/bee/templates/service-p2p.yaml | 2 +- charts/bee/templates/servicemonitor.yaml | 2 +- charts/bee/templates/statefulset.yaml | 24 ++-- .../bee/templates/tests/test-connection.yaml | 6 +- charts/bee/values.yaml | 127 +++--------------- 15 files changed, 86 insertions(+), 207 deletions(-) create mode 100644 charts/bee/ci/ct-values.yaml diff --git a/charts/bee/Chart.yaml b/charts/bee/Chart.yaml index b786224..fbdcf00 100644 --- a/charts/bee/Chart.yaml +++ b/charts/bee/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: latest +appVersion: 1.6.0 name: bee -version: 0.11.9 -kubeVersion: ">=1.15.0-0" +version: 0.12.0 +kubeVersion: ">=1.19.0-0" description: Ethereum Swarm Bee Helm chart for Kubernetes home: https://www.ethswarm.org icon: https://docs.ethswarm.org/img/swarm-logo-2.svg diff --git a/charts/bee/ci/ct-values.yaml b/charts/bee/ci/ct-values.yaml new file mode 100644 index 0000000..4d9cc77 --- /dev/null +++ b/charts/bee/ci/ct-values.yaml @@ -0,0 +1,4 @@ +probesEnable: false + +beeConfig: + swap-endpoint: https://rpc.gnosischain.com/ diff --git a/charts/bee/templates/_helpers.tpl b/charts/bee/templates/_helpers.tpl index 300ff08..cca2fa9 100644 --- a/charts/bee/templates/_helpers.tpl +++ b/charts/bee/templates/_helpers.tpl @@ -101,23 +101,12 @@ Create the name of the service account to use. {{- end -}} {{- end -}} -{{/* -Get the password secret. -*/}} -{{- define "bee.secretName" -}} -{{- if .Values.beeConfig.existingSecret -}} -{{- printf "%s" .Values.beeConfig.existingSecret -}} -{{- else -}} -{{- printf "%s" (include "bee.fullname" .) -}} -{{- end -}} -{{- end -}} - {{/* Get the password key to be retrieved from the secret. */}} {{- define "bee.secretPasswordKey" -}} -{{- if and .Values.beeConfig.existingSecret .Values.beeConfig.existingSecretPasswordKey -}} -{{- printf "%s" .Values.beeConfig.existingSecretPasswordKey -}} +{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}} +{{- printf "%s" .Values.existingSecretPasswordKey -}} {{- else -}} {{- printf "password" -}} {{- end -}} @@ -127,13 +116,33 @@ Get the password key to be retrieved from the secret. Return Bee password. */}} {{- define "bee.password" -}} -{{- if not (empty .Values.beeConfig.password) }} - {{- .Values.beeConfig.password -}} +{{- if not (empty .Values.password) }} + {{- .Values.password -}} {{- else -}} {{- randAlphaNum 10 -}} {{- end -}} {{- end -}} +{{/* +Define config parameters api-addr, debug-api-addr, debug-api-enable, p2p-addr +*/}} +{{- define "bee.config.api_port" -}} +{{- $full_api_addr := index .Values.beeConfig "api-addr" -}} +{{- $api_port := (split ":" $full_api_addr )._1 }} +{{- printf "%s" $api_port -}} +{{- end -}} +{{- define "bee.config.debug_api_port" -}} +{{- $full_debug_api_addr := index .Values.beeConfig "debug-api-addr" -}} +{{- $debug_api_port := (split ":" $full_debug_api_addr )._1 }} +{{- printf "%s" $debug_api_port -}} +{{- end -}} +{{- define "bee.config.p2p_port" -}} +{{- $full_p2p_addr := index .Values.beeConfig "p2p-addr" -}} +{{- $p2p_port := (split ":" $full_p2p_addr )._1 }} +{{- printf "%s" $p2p_port -}} +{{- end -}} + + {{/* Get the libp2pKeys secret. */}} diff --git a/charts/bee/templates/config.yaml b/charts/bee/templates/config.yaml index bce551a..56495ce 100644 --- a/charts/bee/templates/config.yaml +++ b/charts/bee/templates/config.yaml @@ -8,61 +8,7 @@ metadata: {{- include "bee.labels" . | nindent 4 }} data: .bee.yaml: |+ - allow-private-cidrs: {{ .Values.beeConfig.allow_private_cidrs }} - api-addr: {{ .Values.beeConfig.api_addr }} - block-time: {{ .Values.beeConfig.block_time }} - bootnode: {{ .Values.beeConfig.bootnode }} - bootnode-mode: {{ .Values.beeConfig.bootnode_mode }} - clef-signer-enable: {{ .Values.beeConfig.clef_signer_enable }} - clef-signer-endpoint: {{ .Values.beeConfig.clef_signer_endpoint }} - cors-allowed-origins: {{ .Values.beeConfig.cors_allowed_origins }} - data-dir: {{ .Values.beeConfig.data_dir }} - cache-capacity: {{ .Values.beeConfig.cache_capacity }} - db-open-files-limit: {{ .Values.beeConfig.db_open_files_limit }} - db-block-cache-capacity: {{ .Values.beeConfig.db_block_cache_capacity }} - db-write-buffer-size: {{ .Values.beeConfig.db_write_buffer_size }} - db-disable-seeks-compaction: {{ .Values.beeConfig.db_disable_seeks_compaction }} - debug-api-addr: {{ .Values.beeConfig.debug_api_addr }} - debug-api-enable: {{ .Values.beeConfig.debug_api_enable }} - full-node: {{ .Values.beeConfig.full_node }} - gateway-mode: {{ .Values.beeConfig.gateway_mode }} - mainnet: {{ .Values.beeConfig.mainnet }} - nat-addr: {{ .Values.beeConfig.nat_addr }} - network-id: {{ .Values.beeConfig.network_id }} - {{- if .Values.beeConfig.usePasswordFile }} + {{- range $k, $v := .Values.beeConfig }} + {{ $k | replace "_" "-" }}: {{ $v }} + {{- end }} password-file: /home/bee/.secret/password - {{- else }} - password: {{ include "bee.password" . }} - {{- end }} - payment-early-percent: {{ .Values.beeConfig.payment_early_percent }} - payment-threshold: {{ .Values.beeConfig.payment_threshold }} - payment-tolerance-percent: {{ .Values.beeConfig.payment_tolerance_percent }} - postage-stamp-address: {{ .Values.beeConfig.postage_stamp_address }} - price-oracle-address: {{ .Values.beeConfig.price_oracle_address }} - p2p-addr: {{ .Values.beeConfig.p2p_addr }} - p2p-quic-enable: {{ .Values.beeConfig.p2p_quic_enable }} - p2p-ws-enable: {{ .Values.beeConfig.p2p_ws_enable }} - resolver-options: {{ .Values.beeConfig.resolver_options }} - resync: {{ .Values.beeConfig.resync }} - standalone: {{ .Values.beeConfig.standalone }} - swap-enable: {{ .Values.beeConfig.swap_enable }} - swap-endpoint: {{ .Values.beeConfig.swap_endpoint }} - swap-factory-address: {{ .Values.beeConfig.swap_factory_address }} - swap-legacy-factory-addresses: {{ .Values.beeConfig.swap_legacy_factory_addresses }} - swap-deployment-gas-price: {{ .Values.beeConfig.swap_deployment_gas_price }} - swap-initial-deposit: {{ .Values.beeConfig.swap_initial_deposit }} - tracing-enable: {{ .Values.beeConfig.tracing_enable }} - tracing-endpoint: {{ .Values.beeConfig.tracing_endpoint }} - tracing-service-name: {{ .Values.beeConfig.tracing_service_name }} - transaction: {{ .Values.beeConfig.transaction }} - use-postage-snapshot: {{ .Values.beeConfig.use_postage_snapshot }} - verbosity: {{ .Values.beeConfig.verbosity }} - warmup-time: {{ .Values.beeConfig.warmup_time }} - welcome-message: {{ .Values.beeConfig.welcome_message }} - {{- if .Values.beeConfig.bootnode_mode }} - static-nodes: - {{- range .Values.beeConfig.static_nodes }} - - {{ . }} - {{- end }} - {{- end }} - diff --git a/charts/bee/templates/ingress-debug.yaml b/charts/bee/templates/ingress-debug.yaml index 82409df..1bc3459 100644 --- a/charts/bee/templates/ingress-debug.yaml +++ b/charts/bee/templates/ingress-debug.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.beeConfig.debug_api_enable .Values.ingressDebug.enabled -}} +{{- if and (index .Values.beeConfig "debug-api-enable") .Values.ingressDebug.enabled -}} {{- $root := . -}} {{- $fullName := include "bee.fullname" $root -}} diff --git a/charts/bee/templates/secret-password.yaml b/charts/bee/templates/secret-password.yaml index 34f727b..ef92669 100644 --- a/charts/bee/templates/secret-password.yaml +++ b/charts/bee/templates/secret-password.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.beeConfig.usePasswordFile (not .Values.beeConfig.existingSecret) -}} +{{- if not .Values.existingSecret -}} --- apiVersion: v1 kind: Secret metadata: - name: {{ template "bee.fullname" . }} + name: {{ template "bee.fullname" . }}-password namespace: {{ .Release.Namespace }} labels: {{- include "bee.labels" . | nindent 4 }} diff --git a/charts/bee/templates/secret-swarmkeys.yaml b/charts/bee/templates/secret-swarmkeys.yaml index 963a895..798c865 100644 --- a/charts/bee/templates/secret-swarmkeys.yaml +++ b/charts/bee/templates/secret-swarmkeys.yaml @@ -13,5 +13,4 @@ stringData: {{- range $key, $val := .Values.swarmSettings.swarmKeys }} {{ $key }}: {{ $val }} {{- end }} - {{- end -}} diff --git a/charts/bee/templates/service-api.yaml b/charts/bee/templates/service-api.yaml index 3bbb9cd..98873d2 100644 --- a/charts/bee/templates/service-api.yaml +++ b/charts/bee/templates/service-api.yaml @@ -37,7 +37,7 @@ spec: type: ClusterIP ports: - name: api - port: {{ int (split ":" $root.Values.beeConfig.api_addr )._1 }} + port: {{ int (include "bee.config.api_port" $root) }} protocol: TCP targetPort: api selector: diff --git a/charts/bee/templates/service-debug.yaml b/charts/bee/templates/service-debug.yaml index 50c983f..0a7fc34 100644 --- a/charts/bee/templates/service-debug.yaml +++ b/charts/bee/templates/service-debug.yaml @@ -1,4 +1,4 @@ -{{- if .Values.beeConfig.debug_api_enable -}} +{{- if index .Values.beeConfig "debug-api-enable" }} {{- $root := . -}} @@ -20,7 +20,7 @@ spec: type: ClusterIP ports: - name: debug - port: {{ int (split ":" $root.Values.beeConfig.debug_api_addr )._1 }} + port: {{ int (include "bee.config.debug_api_port" $root) }} protocol: TCP targetPort: debug selector: diff --git a/charts/bee/templates/service-headless.yaml b/charts/bee/templates/service-headless.yaml index e335dba..66b1acb 100644 --- a/charts/bee/templates/service-headless.yaml +++ b/charts/bee/templates/service-headless.yaml @@ -10,16 +10,16 @@ spec: clusterIP: None ports: - name: api - port: {{ int (split ":" .Values.beeConfig.api_addr )._1 }} + port: {{ int (include "bee.config.api_port" .) }} protocol: TCP targetPort: api - name: p2p - port: {{ int (split ":" .Values.beeConfig.p2p_addr )._1 }} + port: {{ int (include "bee.config.p2p_port" .) }} protocol: TCP targetPort: p2p - {{- if .Values.beeConfig.debug_api_enable }} + {{- if index .Values.beeConfig "debug-api-enable" }} - name: debug - port: {{ int (split ":" .Values.beeConfig.debug_api_addr )._1 }} + port: {{ int (include "bee.config.debug_api_port" .) }} protocol: TCP targetPort: debug {{- end }} @@ -45,7 +45,7 @@ spec: clusterIP: None ports: - name: p2p - port: {{ int (split ":" $root.Values.beeConfig.p2p_addr )._1 }} + port: {{ int (include "bee.config.p2p_port" $root) }} protocol: TCP targetPort: p2p selector: diff --git a/charts/bee/templates/service-p2p.yaml b/charts/bee/templates/service-p2p.yaml index f2756ae..4f110a8 100644 --- a/charts/bee/templates/service-p2p.yaml +++ b/charts/bee/templates/service-p2p.yaml @@ -17,7 +17,7 @@ spec: externalTrafficPolicy: Local ports: - name: p2p - port: {{ int (split ":" $root.Values.beeConfig.p2p_addr )._1 }} + port: {{ int (include "bee.config.p2p_port" $root) }} protocol: TCP targetPort: p2p {{- if $root.Values.p2pFixedPort.enabled }} diff --git a/charts/bee/templates/servicemonitor.yaml b/charts/bee/templates/servicemonitor.yaml index 3283ff9..989a92d 100644 --- a/charts/bee/templates/servicemonitor.yaml +++ b/charts/bee/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.serviceMonitor.enabled .Values.beeConfig.debug_api_enable -}} +{{- if and .Values.serviceMonitor.enabled (index .Values.beeConfig "debug-api-enable") -}} --- apiVersion: monitoring.coreos.com/v1 diff --git a/charts/bee/templates/statefulset.yaml b/charts/bee/templates/statefulset.yaml index 493d525..bc04145 100644 --- a/charts/bee/templates/statefulset.yaml +++ b/charts/bee/templates/statefulset.yaml @@ -174,15 +174,15 @@ spec: - {{ . }} {{- end }} ports: - - containerPort: {{ int (split ":" .Values.beeConfig.api_addr )._1 }} + - containerPort: {{ int (include "bee.config.api_port" .) }} name: api protocol: TCP - - containerPort: {{ int (split ":" .Values.beeConfig.p2p_addr )._1 }} + - containerPort: {{ int (include "bee.config.p2p_port" .) }} name: p2p protocol: TCP {{- if .Values.probesEnable }} - {{- if .Values.beeConfig.debug_api_enable }} - - containerPort: {{ int (split ":" .Values.beeConfig.debug_api_addr )._1 }} + {{- if index .Values.beeConfig "debug-api-enable" }} + - containerPort: {{ int (include "bee.config.debug_api_port" .) }} name: debug protocol: TCP livenessProbe: @@ -232,11 +232,10 @@ spec: - name: localstore mountPath: /home/bee/.bee/localstore {{- end }} - {{- if .Values.beeConfig.usePasswordFile }} - name: bee-secret - mountPath: /home/bee/.secret + mountPath: /home/bee/.secret/password + subPath: password readOnly: true - {{- end }} {{- if .Values.clefSettings.enabled }} - name: clef image: "{{ include "clef.image" . }}" @@ -308,14 +307,19 @@ spec: - name: config configMap: name: {{ template "bee.fullname" . }} - {{- if .Values.beeConfig.usePasswordFile }} - name: bee-secret secret: - secretName: {{ template "bee.secretName" . }} + {{- if .Values.existingSecret }} + secretName: {{ .Values.existingSecret }} items: - key: {{ template "bee.secretPasswordKey" . }} path: password - {{- end }} + {{- else }} + secretName: {{ template "bee.fullname" . }}-password + items: + - key: password + path: password + {{- end }} {{- if .Values.libp2pSettings.enabled }} - name: bee-libp2p secret: diff --git a/charts/bee/templates/tests/test-connection.yaml b/charts/bee/templates/tests/test-connection.yaml index afbc472..e03d0a1 100644 --- a/charts/bee/templates/tests/test-connection.yaml +++ b/charts/bee/templates/tests/test-connection.yaml @@ -1,3 +1,5 @@ +{{- $root := . -}} + apiVersion: v1 kind: Pod metadata: @@ -10,6 +12,6 @@ spec: containers: - name: wget image: busybox - command: ['wget'] - args: ['{{ include "bee.fullname" . }}:{{ .Values.service.port }}'] + command: ['echo'] + args: ['{{ include "bee.fullname" . }}:{{ int (include "bee.config.debug_api_port" $root) }}/addresses'] restartPolicy: Never diff --git a/charts/bee/values.yaml b/charts/bee/values.yaml index e60da35..98b9181 100644 --- a/charts/bee/values.yaml +++ b/charts/bee/values.yaml @@ -4,7 +4,7 @@ image: repository: ethersphere/bee - tag: 1.0.0 + tag: 1.6.0 # digest: sha256:508a6bc1d3f45acaf98b746d521ee2cb11a895d8334446d2205fe4053b9e3667 pullPolicy: IfNotPresent @@ -80,7 +80,7 @@ ingress: tlsSecret: "" tls: false -## If enabled and beeConfig.debug_api_enable is enabled, creates ingress for debug api +## If enabled and beeConfig.debug-api-enable is enabled, creates ingress for debug api ## Creates one ingress per pod ## Total number of created ingress objects is: replicaCount ## Hostname for 'per pod ingresses' is: -debug-, or -debug-. if domain is specified @@ -156,7 +156,7 @@ persistence: # existingClaim: ## Enable this if you're using https://github.com/coreos/prometheus-operator -## and beeConfig.debug_api_enable is enabled +## and beeConfig.debug-api-enable is enabled serviceMonitor: enabled: false additionalLabels: {} @@ -190,7 +190,7 @@ probesEnable: true podLabels: {} podAnnotations: {} ## Add this annotations if you're using https://github.com/prometheus/prometheus -## and beeConfig.debug_api_enable is enabled +## and beeConfig.debug-api-enable is enabled # prometheus.io/scrape: "true" # prometheus.io/port: "1635" @@ -203,108 +203,25 @@ tolerations: [] beeCommand: ["bee", "start", "--config=.bee.yaml"] beeConfig: - ## allow to advertise private CIDRs to the public network - allow_private_cidrs: false ## HTTP API listen address - api_addr: :1633 - ## Chain block-time - block_time: 15 - ## Initial nodes to connect to - bootnode: "" - ## Cause the node to always accept incoming connections - bootnode_mode: false - ## Enable clef signer - clef_signer_enable: false - ## Set clef signer endpoint - clef_signer_endpoint: "" - ## Origins with CORS headers enabled - cors_allowed_origins: "" - ## Data directory - data_dir: /home/bee/.bee - ## DB capacity in chunks - cache_capacity: 1000000 - ## Number of open files allowed by database - db_open_files_limit: 200 - ## Size of block cache of the database in bytes - db_block_cache_capacity: 33554432 - ## Size of the database write buffer in bytes - db_write_buffer_size: 33554432 - ## Disables db compactions triggered by seeks - db_disable_seeks_compaction: false + api-addr: :1633 + ## P2P listen address + p2p-addr: :1634 ## Debug HTTP API listen address - debug_api_addr: :1635 + debug-api-addr: :1635 ## Enable debug HTTP API - debug_api_enable: false + debug-api-enable: true ## Set the run mode - light by default - full_node: true - ## Disable a set of sensitive features in the api - gateway_mode: false - ## Mainnet - mainnet: true - ## NAT exposed address - nat_addr: "" - ## ID of the Swarm network - network_id: 1 - ## Password for decrypting keys (please change it for production deployments) - ## If not set, it will be automatically generated - password: beekeeper - ## Path to a file that contains password for decrypting keys is /home/bee/.secret/password - usePasswordFile: false - ## Use existing secret (ignores previous password) - # existingSecret: - # existingSecretPasswordKey: - ## percentage below the peers payment threshold when we initiate settlement - payment_early_percent: 50 - ## Threshold in BZZ where you expect to get paid from your peers - payment_threshold: 100000000 - ## excess debt above payment threshold in percentages where you disconnect from your peer - payment_tolerance_percent: 25 - ## Postage stamp address - postage_stamp_address: "" - ## Price oracle address - price_oracle_address: "" - ## P2P listen address - p2p_addr: :1634 - ## Enable P2P QUIC transport - p2p_quic_enable: false - ## Enable P2P WebSocket transport - p2p_ws_enable: false - ## Set resync flag - resync: false - ## Whether node starts with no listen addresses for p2p - standalone: false - ## Static overlay addresses to protect on bootnode - static_nodes: "" - ## Enable SWAP - swap_enable: false - ## Set swap ethereum blockchain endpoint - swap_endpoint: http://localhost:8545 - ## Set swap factory address - swap_factory_address: "" - ## Set swap legacy factory addresses - swap_legacy_factory_addresses: "" - ## Set gas price in wei to use for deployment and funding - swap_deployment_gas_price: "" - ## Set initial deposit if deploying a new chequebook - swap_initial_deposit: 10000000000000000 - ## Resolver connection string - resolver_options: "" - ## Enable tracing - tracing_enable: false - ## Endpoint to send tracing data - tracing_endpoint: 127.0.0.1:6831 - ## Service name identifier for tracing - tracing_service_name: bee - ## Proof-of-identity transaction hash - transaction: "" - ## Enable option for using postage snapshot - use_postage_snapshot: false - ## Log verbosity level 0=silent, 1=error, 2=warn, 3=info, 4=debug, 5=trace - verbosity: 3 - ## Warmup time for node (default 20m) - warmup_time: 20m - ## Send a welcome message string during handshakes - welcome_message: "Welcome to the Swarm, you are Bee-ing connected!" + full-node: true + ## ID of the Swarm network - 10 by default + network-id: 1 + +## Password for decrypting bee keys (please set it for production deployments) +## If not set, it will be automatically generated +password: +## Use existing secret (ignores previous password) +# existingSecret: +# existingSecretPasswordKey: ## If you prefer setting config options using ENV variables you can set beeEnv ## Use same option names as in beeConfig it will be translated to ENV variable format: api_addr -> BEE_API_ADDR @@ -373,9 +290,7 @@ clefSettings: # memory: 1Gi # requests: # cpu: 100m - # memory: 128Mi - - + # memory: 128Mi ## If enabled it will start gateway-proxy sidecar container that will be publicly exposed ## It is used by gateway app gatewayProxy: @@ -427,4 +342,4 @@ gatewayProxy: # memory: 1Gi # requests: # cpu: 100m - # memory: 128Mi + # memory: 128Mi