diff --git a/charts/chainlink-cluster/dashboard/dashboard.go b/charts/chainlink-cluster/dashboard/dashboard.go index b29140c0405..19a596b63e9 100644 --- a/charts/chainlink-cluster/dashboard/dashboard.go +++ b/charts/chainlink-cluster/dashboard/dashboard.go @@ -350,48 +350,6 @@ func (m *CLClusterDashboard) generate() error { ), ), ), - // logs - dashboard.Row( - "Logs", - row.Collapse(), - row.WithTimeSeries( - "Log Counters", - timeseries.Span(12), - timeseries.Height("200px"), - timeseries.DataSource(m.PrometheusDataSourceName), - timeseries.WithPrometheusTarget( - `log_panic_count{namespace="${namespace}"}`, - prometheus.Legend("{{pod}} - panic"), - ), - timeseries.WithPrometheusTarget( - `log_fatal_count{namespace="${namespace}"}`, - prometheus.Legend("{{pod}} - fatal"), - ), - timeseries.WithPrometheusTarget( - `log_critical_count{namespace="${namespace}"}`, - prometheus.Legend("{{pod}} - critical"), - ), - timeseries.WithPrometheusTarget( - `log_warn_count{namespace="${namespace}"}`, - prometheus.Legend("{{pod}} - warn"), - ), - timeseries.WithPrometheusTarget( - `log_error_count{namespace="${namespace}"}`, - prometheus.Legend("{{pod}} - error"), - ), - ), - m.logsRowOption("All errors", ` - {namespace="${namespace}", app="app", container="node"} - | json - | level="error" - | line_format "{{ .instance }} {{ .level }} {{ .ts }} {{ .logger }} {{ .caller }} {{ .msg }} {{ .version }} {{ .nodeTier }} {{ .nodeName }} {{ .node }} {{ .evmChainID }} {{ .nodeOrder }} {{ .mode }} {{ .nodeState }} {{ .sentryEventID }} {{ .stacktrace }}"`), - m.logsRowOption("Node 1", `{namespace="${namespace}", app="app", instance="node-1", container="node"}`), - m.logsRowOption("Node 2", `{namespace="${namespace}", app="app", instance="node-2", container="node"}`), - m.logsRowOption("Node 3", `{namespace="${namespace}", app="app", instance="node-3", container="node"}`), - m.logsRowOption("Node 4", `{namespace="${namespace}", app="app", instance="node-4", container="node"}`), - m.logsRowOption("Node 5", `{namespace="${namespace}", app="app", instance="node-5", container="node"}`), - m.logsRowOption("Node 6", `{namespace="${namespace}", app="app", instance="node-6", container="node"}`), - ), // HeadTracker dashboard.Row("Head tracker", row.Collapse(), diff --git a/charts/chainlink-cluster/devspace.yaml b/charts/chainlink-cluster/devspace.yaml index a99ae4364fd..9c39209ff5c 100644 --- a/charts/chainlink-cluster/devspace.yaml +++ b/charts/chainlink-cluster/devspace.yaml @@ -40,21 +40,18 @@ deployments: # they can be defined the same way in values.yml # devspace merging this "values" and "values.yml" before deploy values: - runner: - image: ${DEVSPACE_IMAGE} - stateful: false - geth: - version: v1.12.0 - wsrpc-port: 8546 - httprpc-port: 8544 - networkid: 1337 - blocktime: 1 - mockserver: - enabled: true - port: 1080 - db: - stateful: false + podSecurityContext: + fsGroup: 999 + chainlink: + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 14933 + runAsGroup: 999 web_port: 6688 p2p_port: 6690 nodes: @@ -76,11 +73,202 @@ deployments: - name: node-6 image: ${DEVSPACE_IMAGE} version: latest - prometheusMonitor: "true" - podAnnotations: {} - nodeSelector: {} - tolerations: [] - affinity: {} + resources: + requests: + cpu: 350m + memory: 1024Mi + limits: + cpu: 350m + memory: 1024Mi + + # each CL node have a dedicated PostgreSQL 11.15 + # use StatefulSet by setting: + # + # stateful: true + # capacity 10Gi + # + # if you are running long tests + db: + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + stateful: false + resources: + requests: + cpu: 1 + memory: 1024Mi + limits: + cpu: 1 + memory: 1024Mi + # default cluster shipped with latest Geth ( dev mode by default ) + geth: + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + version: v1.12.0 + wsrpc-port: 8546 + httprpc-port: 8544 + networkid: 1337 + blocktime: 1 + resources: + requests: + cpu: 1 + memory: 1024Mi + limits: + cpu: 1 + memory: 1024Mi + # mockserver is https://www.mock-server.com/where/kubernetes.html + # used to stub External Adapters + mockserver: + # image: "mockserver/mockserver" + # version: "mockserver-5.15.0" + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + enabled: true + releasenameOverride: mockserver + app: + runAsUser: 999 + readOnlyRootFilesystem: false + port: 1080 + resources: + requests: + cpu: 1 + memory: 1024Mi + limits: + cpu: 1 + memory: 1024Mi + runner: + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + stateful: false + resources: + requests: + cpu: 1 + memory: 512Mi + limits: + cpu: 1 + memory: 512Mi + affinity: { } + tolerations: [ ] + nodeSelector: { } + ingress: + enabled: false + className: "" + hosts: [ ] + tls: [ ] + annotations: { } + service: + type: NodePort + port: 8080 + + + # monitoring.coreos.com/v1 PodMonitor for each node + prometheusMonitor: true + + # deployment placement, standard helm stuff + podAnnotations: + nodeSelector: + tolerations: + affinity: +# podSecurityContext: +# fsGroup: 999 +# runner: +# image: ${DEVSPACE_IMAGE} +# stateful: false +# geth: +# podSecurityContext: +# fsGroup: 999 +# securityContext: +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: false +# runAsNonRoot: true +# runAsUser: 999 +# runAsGroup: 999 +# version: v1.12.0 +# wsrpc-port: 8546 +# httprpc-port: 8544 +# networkid: 1337 +# blocktime: 1 +# mockserver: +# enabled: true +# releasenameOverride: mockserver +# app: +# runAsUser: 999 +# readOnlyRootFilesystem: false +# port: 1080 +# db: +# podSecurityContext: +# fsGroup: 999 +# securityContext: +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: false +# runAsNonRoot: true +# runAsUser: 999 +# runAsGroup: 999 +# stateful: false +# chainlink: +# podSecurityContext: +# fsGroup: 14933 +# securityContext: +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: false +# runAsNonRoot: true +# runAsUser: 14933 +# runAsGroup: 14933 +# web_port: 6688 +# p2p_port: 6690 +# nodes: +# - name: node-1 +# image: ${DEVSPACE_IMAGE} +# version: latest +# - name: node-2 +# image: ${DEVSPACE_IMAGE} +# version: latest +# - name: node-3 +# image: ${DEVSPACE_IMAGE} +# version: latest +# - name: node-4 +# image: ${DEVSPACE_IMAGE} +# version: latest +# - name: node-5 +# image: ${DEVSPACE_IMAGE} +# version: latest +# - name: node-6 +# image: ${DEVSPACE_IMAGE} +# version: latest +# prometheusMonitor: "true" +# podAnnotations: {} +# nodeSelector: {} +# tolerations: [] +# affinity: {} profiles: # this replaces only "runner" pod, usable when you'd like to run some system level tests inside k8s diff --git a/charts/chainlink-cluster/templates/mockserver.yaml b/charts/chainlink-cluster/templates/mockserver.yaml index 14c05d0acd5..4c5d2054314 100755 --- a/charts/chainlink-cluster/templates/mockserver.yaml +++ b/charts/chainlink-cluster/templates/mockserver.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: {{ .Release.Name }}-mockserver - image: {{ default "mockserver/mockserver" .Values.mockserver.image }}:{{ default "mockserver-5.15.0" .Values.mockserver.version }} + image: "mockserver/mockserver:mockserver-5.15.0" imagePullPolicy: IfNotPresent securityContext: runAsUser: 65534 # nonroot diff --git a/charts/chainlink-cluster/values-raw-helm.yaml b/charts/chainlink-cluster/values-raw-helm.yaml index 036d604f359..99f52e82c2d 100644 --- a/charts/chainlink-cluster/values-raw-helm.yaml +++ b/charts/chainlink-cluster/values-raw-helm.yaml @@ -120,6 +120,8 @@ geth: # mockserver is https://www.mock-server.com/where/kubernetes.html # used to stub External Adapters mockserver: +# image: "mockserver/mockserver" +# version: "mockserver-5.15.0" securityContext: capabilities: drop: @@ -129,6 +131,10 @@ mockserver: runAsUser: 999 runAsGroup: 999 enabled: true + releasenameOverride: mockserver + app: + runAsUser: 999 + readOnlyRootFilesystem: false port: 1080 resources: requests: @@ -169,7 +175,7 @@ runner: # monitoring.coreos.com/v1 PodMonitor for each node -prometheusMonitor: false +prometheusMonitor: true # deployment placement, standard helm stuff podAnnotations: diff --git a/charts/chainlink-cluster/values.yaml b/charts/chainlink-cluster/values.yaml deleted file mode 100644 index f9e62ebb373..00000000000 --- a/charts/chainlink-cluster/values.yaml +++ /dev/null @@ -1,154 +0,0 @@ -# override resources for keys "chainlink", "db", or "geth" if needed -# resources: -# requests: -# cpu: 350m -# memory: 1024Mi -# limits: -# cpu: 350m -# memory: 1024Mi -# images can be overriden for the same keys: -# image: ethereum/client-go -# version: stable -chainlink: - podSecurityContext: - fsGroup: 14933 - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 14933 - runAsGroup: 14933 - web_port: 6688 - p2p_port: 8090 - nodes: - - name: node-1 - image: "public.ecr.aws/chainlink/chainlink:latest" - # override default config per node - # for example, use OCRv2 P2P setup, the whole config - # toml: | - # RootDir = './clroot' - # [Log] - # JSONConsole = true - # Level = 'debug' - # [WebServer] - # AllowOrigins = '*' - # SecureCookies = false - # SessionTimeout = '999h0m0s' - # [OCR2] - # Enabled = true - # [P2P] - # [P2P.V2] - # Enabled = false - # AnnounceAddresses = [] - # DefaultBootstrappers = [] - # DeltaDial = '15s' - # DeltaReconcile = '1m0s' - # ListenAddresses = [] - # [[EVM]] - # ChainID = '1337' - # MinContractPayment = '0' - # [[EVM.Nodes]] - # Name = 'node-0' - # WSURL = 'ws://geth:8546' - # HTTPURL = 'http://geth:8544' - # [WebServer.TLS] - # HTTPSPort = 0 - - name: node-2 - - name: node-3 - - name: node-4 - resources: - requests: - cpu: 350m - memory: 1024Mi - limits: - cpu: 350m - memory: 1024Mi - -# each CL node have a dedicated PostgreSQL 11.15 -# use StatefulSet by setting: -# -# stateful: true -# capacity 10Gi -# -# if you are running long tests -db: - podSecurityContext: - fsGroup: 999 - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 999 - runAsGroup: 999 - stateful: false - resources: - requests: - cpu: 1 - memory: 1024Mi - limits: - cpu: 1 - memory: 1024Mi -# default cluster shipped with latest Geth ( dev mode by default ) -geth: - podSecurityContext: - fsGroup: 999 - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 999 - runAsGroup: 999 - version: v1.12.0 - wsrpc-port: 8546 - httprpc-port: 8544 - networkid: 1337 - blocktime: 1 - resources: - requests: - cpu: 1 - memory: 1024Mi - limits: - cpu: 1 - memory: 1024Mi -# mockserver is https://www.mock-server.com/where/kubernetes.html -# used to stub External Adapters -mockserver: - enabled: true - releasenameOverride: mockserver - app: - runAsUser: 999 - readOnlyRootFilesystem: false -runner: - podSecurityContext: - fsGroup: 999 - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 999 - runAsGroup: 999 - stateful: false - resources: - requests: - cpu: 1 - memory: 512Mi - limits: - cpu: 1 - memory: 512Mi - -# monitoring.coreos.com/v1 PodMonitor for each node -prometheusMonitor: false - -# deployment placement, standard helm stuff -podAnnotations: -nodeSelector: -tolerations: -affinity: diff --git a/core/chainlink.devspace.Dockerfile b/core/chainlink.devspace.Dockerfile index 9ec061ae40d..88d3cec16ad 100644 --- a/core/chainlink.devspace.Dockerfile +++ b/core/chainlink.devspace.Dockerfile @@ -20,7 +20,7 @@ RUN make install-chainlink # Final image: ubuntu with chainlink binary FROM golang:1.21-bullseye -ARG CHAINLINK_USER=root +ARG CHAINLINK_USER=chainlink ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y ca-certificates gnupg lsb-release curl