Skip to content

Commit

Permalink
Merge branch 'develop' into BCF-2612-ChainReader-Next
Browse files Browse the repository at this point in the history
  • Loading branch information
nolag committed Jan 19, 2024
2 parents 469296b + 9c22655 commit 4797358
Show file tree
Hide file tree
Showing 9 changed files with 145 additions and 3 deletions.
4 changes: 2 additions & 2 deletions charts/chainlink-cluster/devspace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ pipelines:
run_dependencies --all
ensure_pull_secrets --all
build_images ---var DOCKER_DEFAULT_PLATFORM=linux/amd64 --all -t $(git rev-parse --short HEAD)
kubectl annotate namespace ${DEVSPACE_NAMESPACE} janitor/ttl=${NS_TTL}
kubectl label namespace/${DEVSPACE_NAMESPACE} network=crib
kubectl annotate namespace ${DEVSPACE_NAMESPACE} janitor/ttl=${NS_TTL} || true
kubectl label namespace/${DEVSPACE_NAMESPACE} network=crib || true
create_deployments --all
echo "Namespace ${DEVSPACE_NAMESPACE} will be deleted in ${NS_TTL}"
purge:
Expand Down
23 changes: 23 additions & 0 deletions charts/chainlink-cluster/templates/chainlink-db-networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $.Release.Name }}-db
spec:
podSelector:
matchLabels:
app: {{ $.Release.Name }}-db
policyTypes:
- Ingress
ingress:
- from:
# Allow all node pods to access the database pods.
- podSelector:
matchLabels:
app: {{ $.Release.Name }}
# Allow all runner pods to access the database pods.
- podSelector:
matchLabels:
app: runner
ports:
- protocol: TCP
port: 5432
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- range $cfg := .Values.chainlink.nodes }}
{{- range $index, $cfg := .Values.chainlink.nodes }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand All @@ -18,6 +18,10 @@ spec:
app: {{ $.Release.Name }}
instance: {{ $cfg.name }}
release: {{ $.Release.Name }}
# Used for testing. Role value should either be: bootstrap or node.
# There should only be one "bootstrap" node, the rest should be "node".
# Here we set the first node to be bootstrap, the rest to be node.
role: {{ if eq $index 0 }}bootstrap{{ else }}node{{ end }}
{{- range $key, $value := $.Values.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $.Release.Name }}-node
spec:
podSelector:
matchLabels:
app: {{ $.Release.Name }}
policyTypes:
- Ingress
ingress:
# Allow all ingress traffic between the node pods and from runner pod.
- from:
- podSelector:
matchLabels:
app: {{ $.Release.Name }}
- podSelector:
matchLabels:
app: runner
2 changes: 2 additions & 0 deletions charts/chainlink-cluster/templates/geth-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ spec:
- '--miner.etherbase'
- '0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266'
- '--ipcdisable'
- '--http.api'
- 'admin,debug,web3,eth,txpool,personal,miner,net'
- '--http'
- '--http.vhosts'
- '*'
Expand Down
25 changes: 25 additions & 0 deletions charts/chainlink-cluster/templates/geth-networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $.Release.Name }}-geth
spec:
podSelector:
matchLabels:
app: geth
policyTypes:
- Ingress
ingress:
- from:
# Allow http and websocket connections from the node pods.
- podSelector:
matchLabels:
app: {{ $.Release.Name }}
# Allow http and websocket connections from the runner pods.
- podSelector:
matchLabels:
app: runner
ports:
- protocol: TCP
port: 8544
- protocol: TCP
port: 8546
23 changes: 23 additions & 0 deletions charts/chainlink-cluster/templates/mockserver-networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $.Release.Name }}-mockserver
spec:
podSelector:
matchLabels:
app: mockserver
policyTypes:
- Ingress
ingress:
- from:
# Allow http traffic from the node pods.
- podSelector:
matchLabels:
app: {{ $.Release.Name }}
# Allow http traffic from the runner pods.
- podSelector:
matchLabels:
app: runner
ports:
- protocol: TCP
port: 1080
27 changes: 27 additions & 0 deletions charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: "{{ $.Release.Namespace }}"
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
19 changes: 19 additions & 0 deletions charts/chainlink-cluster/templates/runner-networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $.Release.Name }}-runner
spec:
podSelector:
matchLabels:
app: runner
policyTypes:
- Ingress
ingress:
# Allow all ingress traffic between the node pods and from runner pod.
- from:
- podSelector:
matchLabels:
app: {{ $.Release.Name }}
- podSelector:
matchLabels:
app: runner

0 comments on commit 4797358

Please sign in to comment.