diff --git a/.github/workflows/test-ethereum-node.yaml b/.github/workflows/test-ethereum-node.yaml index 16325e43..61651024 100644 --- a/.github/workflows/test-ethereum-node.yaml +++ b/.github/workflows/test-ethereum-node.yaml @@ -14,7 +14,7 @@ jobs: fail-fast: false matrix: consensus: [teku, prysm, lighthouse, nimbus, lodestar] - execution: [geth, nethermind, erigon, besu, ethereumjs] + execution: [geth, nethermind, erigon, besu, ethereumjs, reth] network: [sepolia, mainnet] steps: - name: Checkout diff --git a/README.md b/README.md index c06dd812..ed04e93d 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ Execution layer clients - [`ethereumjs`](charts/ethereumjs) - [`geth`](charts/geth) - [`nethermind`](charts/nethermind) +- ['reth'](charts/reth) Consensus layer clients diff --git a/charts/ethereum-node/Chart.lock b/charts/ethereum-node/Chart.lock index 5bf101e0..c2467041 100644 --- a/charts/ethereum-node/Chart.lock +++ b/charts/ethereum-node/Chart.lock @@ -4,16 +4,19 @@ dependencies: version: 1.0.2 - name: erigon repository: file://../erigon - version: 1.0.2 + version: 1.0.3 - name: ethereumjs repository: file://../ethereumjs version: 0.0.1 - name: geth repository: file://../geth - version: 1.0.2 + version: 1.0.3 - name: nethermind repository: file://../nethermind - version: 1.0.2 + version: 1.0.3 +- name: reth + repository: file://../reth + version: 0.0.1 - name: lighthouse repository: file://../lighthouse version: 1.0.2 @@ -25,15 +28,15 @@ dependencies: version: 1.0.2 - name: nimbus repository: file://../nimbus - version: 1.0.2 + version: 1.0.3 - name: lodestar repository: file://../lodestar - version: 1.0.2 + version: 1.0.3 - name: ethereum-metrics-exporter repository: file://../ethereum-metrics-exporter version: 0.1.3 - name: xatu-sentry repository: file://../xatu-sentry version: 0.0.6 -digest: sha256:1ace42c8a9868c6ca5d83823c8758264684c730663f024ec6c8325752dc99c34 -generated: "2023-05-01T14:37:42.892842+02:00" +digest: sha256:4ded3507f762751a56fc62d8cc16e0951277f74686bd662218ac8184cc00c6fc +generated: "2023-05-03T14:24:19.101996674Z" diff --git a/charts/ethereum-node/Chart.yaml b/charts/ethereum-node/Chart.yaml index 4aa27c1c..fa8f468a 100644 --- a/charts/ethereum-node/Chart.yaml +++ b/charts/ethereum-node/Chart.yaml @@ -8,7 +8,7 @@ icon: https://avatars.githubusercontent.com/u/6250754?s=200&v=4 sources: - https://github.com/ethpandaops/ethereum-helm-charts type: application -version: 0.0.2 +version: 0.0.3 maintainers: - name: skylenet email: rafael@skyle.net @@ -20,7 +20,7 @@ dependencies: repository: "file://../besu" condition: besu.enabled - name: erigon - version: "1.0.2" + version: "1.0.3" #repository: "https://ethpandaops.github.io/ethereum-helm-charts" repository: "file://../erigon" condition: erigon.enabled @@ -30,15 +30,20 @@ dependencies: repository: "file://../ethereumjs" condition: ethereumjs.enabled - name: geth - version: "1.0.2" + version: "1.0.3" #repository: "https://ethpandaops.github.io/ethereum-helm-charts" repository: "file://../geth" condition: geth.enabled - name: nethermind - version: "1.0.2" + version: "1.0.3" #repository: "https://ethpandaops.github.io/ethereum-helm-charts" repository: "file://../nethermind" condition: nethermind.enabled +- name: reth + version: "0.0.1" + #repository: "https://ethpandaops.github.io/ethereum-helm-charts" + repository: "file://../reth" + condition: reth.enabled - name: lighthouse version: "1.0.2" @@ -56,12 +61,12 @@ dependencies: repository: "file://../prysm" condition: prysm.enabled - name: nimbus - version: "1.0.2" + version: "1.0.3" #repository: "https://ethpandaops.github.io/ethereum-helm-charts" repository: "file://../nimbus" condition: nimbus.enabled - name: lodestar - version: "1.0.2" + version: "1.0.3" #repository: "https://ethpandaops.github.io/ethereum-helm-charts" repository: "file://../lodestar" condition: lodestar.enabled diff --git a/charts/ethereum-node/README.md b/charts/ethereum-node/README.md index 00536d21..9b7fbc43 100644 --- a/charts/ethereum-node/README.md +++ b/charts/ethereum-node/README.md @@ -1,7 +1,7 @@ # ethereum-node -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) This chart acts as an umbrella chart and allows to run a ethereum execution and consensus layer client. It's also able to deploy optional monitoring applications. @@ -15,15 +15,16 @@ This chart acts as an umbrella chart and allows to run a ethereum execution and | Repository | Name | Version | |------------|------|---------| | file://../besu | besu | 1.0.2 | -| file://../erigon | erigon | 1.0.2 | +| file://../erigon | erigon | 1.0.3 | | file://../ethereum-metrics-exporter | ethereum-metrics-exporter | 0.1.3 | | file://../ethereumjs | ethereumjs | 0.0.1 | -| file://../geth | geth | 1.0.2 | +| file://../geth | geth | 1.0.3 | | file://../lighthouse | lighthouse | 1.0.2 | -| file://../lodestar | lodestar | 1.0.2 | -| file://../nethermind | nethermind | 1.0.2 | -| file://../nimbus | nimbus | 1.0.2 | +| file://../lodestar | lodestar | 1.0.3 | +| file://../nethermind | nethermind | 1.0.3 | +| file://../nimbus | nimbus | 1.0.3 | | file://../prysm | prysm | 1.0.2 | +| file://../reth | reth | 0.0.1 | | file://../teku | teku | 1.0.2 | | file://../xatu-sentry | xatu-sentry | 0.0.6 | diff --git a/charts/ethereum-node/ci/clients/execution/reth.yaml b/charts/ethereum-node/ci/clients/execution/reth.yaml new file mode 100644 index 00000000..ea10e8b0 --- /dev/null +++ b/charts/ethereum-node/ci/clients/execution/reth.yaml @@ -0,0 +1,2 @@ +reth: + enabled: true diff --git a/charts/ethereum-node/templates/NOTES.txt b/charts/ethereum-node/templates/NOTES.txt index 44329474..907679ed 100644 --- a/charts/ethereum-node/templates/NOTES.txt +++ b/charts/ethereum-node/templates/NOTES.txt @@ -30,6 +30,10 @@ To learn more about the release, try: {{ $elCount = add1 $elCount -}} {{ $elName = "nethermind" -}} {{- end -}} +{{- if .Values.reth.enabled -}} +{{ $elCount = add1 $elCount -}} +{{ $elName = "reth" -}} +{{- end -}} {{- $clName := "" -}} {{- $clCount := 0 | int -}} diff --git a/charts/ethereum-node/values.yaml b/charts/ethereum-node/values.yaml index ed6f4f00..2a40bf2a 100644 --- a/charts/ethereum-node/values.yaml +++ b/charts/ethereum-node/values.yaml @@ -19,6 +19,7 @@ global: ethereumjs: [] geth: [] nethermind: [] + reth: [] consensus: lighthouse: [] lodestar: [] @@ -37,6 +38,8 @@ global: - --goerli nethermind: - --config=goerli + reth: + - --chain=goerli consensus: lighthouse: - --network=goerli @@ -60,6 +63,8 @@ global: - --sepolia nethermind: - --config=sepolia + reth: + - --chain=sepolia consensus: lighthouse: - --network=sepolia @@ -159,6 +164,22 @@ nethermind: {{- end -}} {{- end }} +reth: + enabled: false + nameOverride: execution + httpPort: 8545 + extraArgs: + - >- + {{- with( index .Values.global.clientArgs.networks .Values.global.main.network ) }} + {{- range $i, $v := .execution.reth }} + {{- if (eq $i 0) }} + {{- $v }} + {{- else }} + {{ $v }} + {{- end }} + {{- end -}} + {{- end }} + ######################## ### ### Consensus clients diff --git a/charts/reth/.helmignore b/charts/reth/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/reth/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/reth/Chart.yaml b/charts/reth/Chart.yaml new file mode 100644 index 00000000..dcad42da --- /dev/null +++ b/charts/reth/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: reth +description: > + Reth (short for Rust Ethereum, pronunciation) is a new Ethereum full node implementation that is focused on being user-friendly, highly modular, as well as being fast and efficient. Reth is an Execution Layer (EL) and is compatible with all Ethereum Consensus Layer (CL) implementations that support the Engine API. It is originally built and driven forward by Paradigm, and is licensed under the Apache and MIT licenses. +home: https://www.paradigm.xyz/2022/12/reth +icon: https://github.com/paradigmxyz/reth/raw/main/assets/reth.jpg +sources: + - https://github.com/paradigmxyz/reth/ +type: application +version: 0.0.1 +maintainers: + - name: barnabasbusa + email: busa.barnabas@gmail.com diff --git a/charts/reth/README.md b/charts/reth/README.md new file mode 100644 index 00000000..b3646f09 --- /dev/null +++ b/charts/reth/README.md @@ -0,0 +1,123 @@ + +# reth + +![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Reth (short for Rust Ethereum, pronunciation) is a new Ethereum full node implementation that is focused on being user-friendly, highly modular, as well as being fast and efficient. Reth is an Execution Layer (EL) and is compatible with all Ethereum Consensus Layer (CL) implementations that support the Engine API. It is originally built and driven forward by Paradigm, and is licensed under the Apache and MIT licenses. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity configuration for pods | +| annotations | object | `{}` | Annotations for the StatefulSet | +| authPort | int | `8551` | Engine Port (Auth Port) | +| containerSecurityContext | object | See `values.yaml` | The security context for containers | +| customCommand | list | `[]` | Legacy way of overwriting the default command. You may prefer to change defaultCommandTemplate instead. | +| defaultCommandTemplate | string | See `values.yaml` | Template used for the default command | +| extraArgs | list | `[]` | Extra args for the reth container | +| extraContainerPorts | list | `[]` | Additional ports for the main container | +| extraContainers | list | `[]` | Additional containers | +| extraEnv | list | `[]` | Additional env variables | +| extraPorts | list | `[]` | Additional ports. Useful when using extraContainers or extraContainerPorts | +| extraVolumeMounts | list | `[]` | Additional volume mounts | +| extraVolumes | list | `[]` | Additional volumes | +| fullnameOverride | string | `""` | Overrides the chart's computed fullname | +| httpPort | int | `8545` | HTTP Port | +| image.pullPolicy | string | `"IfNotPresent"` | reth container pull policy | +| image.repository | string | `"ethpandaops/reth"` | reth container image repository | +| image.tag | string | `"main"` | reth container image tag | +| imagePullSecrets | list | `[]` | Image pull secrets for Docker images | +| ingress.annotations | object | `{}` | Annotations for Ingress | +| ingress.enabled | bool | `false` | Ingress resource for the HTTP API | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | Ingress TLS | +| initChownData.enabled | bool | `true` | Init container to set the correct permissions to access data directories | +| initChownData.image.pullPolicy | string | `"IfNotPresent"` | Container pull policy | +| initChownData.image.repository | string | `"busybox"` | Container repository | +| initChownData.image.tag | string | `"1.34.0"` | Container tag | +| initChownData.resources | object | `{}` | Resource requests and limits | +| initContainers | list | `[]` | Additional init containers | +| jwt | string | `"ecb22bc24e7d4061f7ed690ccd5846d7d73f5d2b9733267e12f56790398d908a"` | JWT secret is attached as a secret object. Change this value. | +| livenessProbe | object | See `values.yaml` | Liveness probe | +| nameOverride | string | `""` | Overrides the chart's name | +| nodeSelector | object | `{}` | Node selector for pods | +| p2pNodePort.enabled | bool | `false` | Expose P2P port via NodePort | +| p2pNodePort.initContainer.image.pullPolicy | string | `"IfNotPresent"` | Container pull policy | +| p2pNodePort.initContainer.image.repository | string | `"lachlanevenson/k8s-kubectl"` | Container image to fetch nodeport information | +| p2pNodePort.initContainer.image.tag | string | `"v1.21.3"` | Container tag | +| p2pNodePort.port | int | `31000` | NodePort to be used | +| p2pNodePort.portForwardContainer.image.pullPolicy | string | `"IfNotPresent"` | Container pull policy | +| p2pNodePort.portForwardContainer.image.repository | string | `"alpine/socat"` | Container image for the port forwarder | +| p2pNodePort.portForwardContainer.image.tag | string | `"latest"` | Container tag | +| persistence.accessModes | list | `["ReadWriteOnce"]` | Access mode for the volume claim template | +| persistence.annotations | object | `{}` | Annotations for volume claim template | +| persistence.enabled | bool | `false` | Uses an EmptyDir when not enabled | +| persistence.existingClaim | string | `nil` | Use an existing PVC when persistence.enabled | +| persistence.selector | object | `{}` | Selector for volume claim template | +| persistence.size | string | `"20Gi"` | Requested size for volume claim template | +| persistence.storageClassName | string | `nil` | Use a specific storage class E.g 'local-path' for local storage to achieve best performance Read more (https://github.com/rancher/local-path-provisioner) | +| podAnnotations | object | `{}` | Pod annotations | +| podDisruptionBudget | object | `{}` | Define the PodDisruptionBudget spec If not set then a PodDisruptionBudget will not be created | +| podLabels | object | `{}` | Pod labels | +| podManagementPolicy | string | `"OrderedReady"` | Pod management policy | +| priorityClassName | string | `nil` | Pod priority class | +| rbac.clusterRules | list | See `values.yaml` | Required ClusterRole rules | +| rbac.create | bool | `true` | Specifies whether RBAC resources are to be created | +| rbac.rules | list | See `values.yaml` | Required ClusterRole rules | +| readinessProbe | object | See `values.yaml` | Readiness probe | +| replicas | int | `1` | Number of replicas | +| resources | object | `{}` | Resource requests and limits | +| secretEnv | object | `{}` | Additional env variables injected via a created secret | +| securityContext | object | See `values.yaml` | The security context for pods | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| serviceMonitor.annotations | object | `{}` | Additional ServiceMonitor annotations | +| serviceMonitor.enabled | bool | `false` | If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator | +| serviceMonitor.interval | string | `"1m"` | ServiceMonitor scrape interval | +| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor | +| serviceMonitor.path | string | `"/debug/metrics/prometheus"` | Path to scrape | +| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabelings | +| serviceMonitor.scheme | string | `"http"` | ServiceMonitor scheme | +| serviceMonitor.scrapeTimeout | string | `"30s"` | ServiceMonitor scrape timeout | +| serviceMonitor.tlsConfig | object | `{}` | ServiceMonitor TLS configuration | +| terminationGracePeriodSeconds | int | `300` | How long to wait until the pod is forcefully terminated | +| tolerations | list | `[]` | Tolerations for pods | +| updateStrategy | object | `{"type":"RollingUpdate"}` | Update stategy for the Statefulset | +| updateStrategy.type | string | `"RollingUpdate"` | Update stategy type | +| wsAuthPort | int | `8551` | WS Engine Auth Port | +| wsPort | int | `8545` | WS Port | + +# Examples + +## Connecting to the goerli test network + +```yaml +extraArgs: + - --network=goerli +``` + +## Exposing the P2P service via NodePort + +This will make your node accessible via the Internet using a service of type [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport). +When using `p2pNodePort.enabled` the exposed IP address on your ENR record will be the "External IP" of the node where the pod is running. + +**Limitations:** You can only run a single replica per chart deployment when using `p2pNodePort.enabled=true`.If you need N nodes, simply deploy the chart N times. +Currently reth doesn't allow you to announce a a different discovery port, which would be a requirement to run multiple replicas within the same chart. + +```yaml +replicas: 1 + +p2pNodePort: + enabled: true + port: 31000 +``` diff --git a/charts/reth/README.md.gotmpl b/charts/reth/README.md.gotmpl new file mode 100644 index 00000000..081f1b7b --- /dev/null +++ b/charts/reth/README.md.gotmpl @@ -0,0 +1,40 @@ + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +# Examples + +## Connecting to the goerli test network + +```yaml +extraArgs: + - --network=goerli +``` + +## Exposing the P2P service via NodePort + +This will make your node accessible via the Internet using a service of type [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport). +When using `p2pNodePort.enabled` the exposed IP address on your ENR record will be the "External IP" of the node where the pod is running. + +**Limitations:** You can only run a single replica per chart deployment when using `p2pNodePort.enabled=true`.If you need N nodes, simply deploy the chart N times. +Currently reth doesn't allow you to announce a a different discovery port, which would be a requirement to run multiple replicas within the same chart. + +```yaml +replicas: 1 + +p2pNodePort: + enabled: true + port: 31000 +``` diff --git a/charts/reth/ci/default-values.yaml b/charts/reth/ci/default-values.yaml new file mode 100644 index 00000000..7cf9a955 --- /dev/null +++ b/charts/reth/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave empty so that CT tests with default values diff --git a/charts/reth/templates/NOTES.txt b/charts/reth/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/charts/reth/templates/_cmd.tpl b/charts/reth/templates/_cmd.tpl new file mode 100644 index 00000000..f88200aa --- /dev/null +++ b/charts/reth/templates/_cmd.tpl @@ -0,0 +1,6 @@ +{{/* +# Default command +*/}} +{{- define "reth.defaultCommand" -}} +{{- tpl .Values.defaultCommandTemplate . }} +{{- end }} diff --git a/charts/reth/templates/_helpers.tpl b/charts/reth/templates/_helpers.tpl new file mode 100644 index 00000000..b0783c8b --- /dev/null +++ b/charts/reth/templates/_helpers.tpl @@ -0,0 +1,78 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "reth.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "reth.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "reth.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "reth.labels" -}} +helm.sh/chart: {{ include "reth.chart" . }} +{{ include "reth.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "reth.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reth.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "reth.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "reth.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "reth.p2pPort" -}} +{{- if .Values.p2pNodePort.enabled }} +{{- print .Values.p2pNodePort.port }} +{{- else }} +{{- printf "30303" -}} +{{- end }} +{{- end -}} + +{{- define "reth.replicas" -}} +{{- if .Values.p2pNodePort.enabled }} +{{- print 1 }} +{{ else }} +{{- print .Values.replicas }} +{{- end}} +{{- end -}} diff --git a/charts/reth/templates/clusterrole.yaml b/charts/reth/templates/clusterrole.yaml new file mode 100644 index 00000000..bc9169a8 --- /dev/null +++ b/charts/reth/templates/clusterrole.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "reth.serviceAccountName" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +rules: +{{- toYaml .Values.rbac.clusterRules | nindent 0 }} +{{- end }} diff --git a/charts/reth/templates/clusterrolebinding.yaml b/charts/reth/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..2bf92409 --- /dev/null +++ b/charts/reth/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "reth.serviceAccountName" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "reth.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "reth.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/reth/templates/ingress.yaml b/charts/reth/templates/ingress.yaml new file mode 100644 index 00000000..d73e068b --- /dev/null +++ b/charts/reth/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "reth.fullname" . -}} +{{- $svcPort := .Values.httpPort -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "reth.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/reth/templates/poddisruptionbudget.yaml b/charts/reth/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..8f02e3eb --- /dev/null +++ b/charts/reth/templates/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "reth.fullname" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "reth.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/reth/templates/role.yaml b/charts/reth/templates/role.yaml new file mode 100644 index 00000000..1a06f9fc --- /dev/null +++ b/charts/reth/templates/role.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "reth.serviceAccountName" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +rules: +{{- toYaml .Values.rbac.rules | nindent 0 }} +{{- end }} diff --git a/charts/reth/templates/rolebinding.yaml b/charts/reth/templates/rolebinding.yaml new file mode 100644 index 00000000..591be226 --- /dev/null +++ b/charts/reth/templates/rolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "reth.serviceAccountName" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "reth.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "reth.serviceAccountName" . }} +{{- end }} diff --git a/charts/reth/templates/secret.yaml b/charts/reth/templates/secret.yaml new file mode 100644 index 00000000..1376538a --- /dev/null +++ b/charts/reth/templates/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "reth.fullname" . }}-env + labels: + {{- include "reth.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.secretEnv }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "reth.fullname" . }}-jwt +type: Opaque +data: + jwt.hex: {{ .Values.jwt | b64enc }} \ No newline at end of file diff --git a/charts/reth/templates/service-headless.yaml b/charts/reth/templates/service-headless.yaml new file mode 100644 index 00000000..55aec918 --- /dev/null +++ b/charts/reth/templates/service-headless.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "reth.fullname" . }}-headless + labels: + {{- include "reth.labels" . | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ include "reth.p2pPort" . }} + targetPort: p2p-tcp + protocol: TCP + name: p2p-tcp + - port: {{ include "reth.p2pPort" . }} + targetPort: p2p-udp + protocol: UDP + name: p2p-udp + - port: {{ .Values.httpPort }} + targetPort: http-rpc + protocol: TCP + name: http-rpc + - port: {{ .Values.authPort }} + targetPort: auth-rpc + protocol: TCP + name: auth-rpc + {{- if ne .Values.httpPort .Values.wsPort }} + - port: {{ .Values.wsPort }} + targetPort: ws-rpc + protocol: TCP + name: ws-rpc + {{- end }} + {{- if .Values.extraPorts }} + {{ toYaml .Values.extraPorts | nindent 4}} + {{- end }} + selector: + {{- include "reth.selectorLabels" . | nindent 4 }} diff --git a/charts/reth/templates/service.p2p.nodeport.yaml b/charts/reth/templates/service.p2p.nodeport.yaml new file mode 100644 index 00000000..6640b98d --- /dev/null +++ b/charts/reth/templates/service.p2p.nodeport.yaml @@ -0,0 +1,30 @@ +{{- if .Values.p2pNodePort.enabled -}} + +{{- $port := $.Values.p2pNodePort.port -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "reth.fullname" $ }}-p2p-0 + labels: + {{- include "reth.labels" $ | nindent 4 }} + pod: {{ include "reth.fullname" $ }}-0 + type: p2p +spec: + type: NodePort + externalTrafficPolicy: Local + ports: + - name: p2p-tcp + port: {{ include "reth.p2pPort" $ }} + protocol: TCP + targetPort: p2p-tcp + nodePort: {{ $port }} + - name: p2p-udp + port: {{ include "reth.p2pPort" $ }} + protocol: UDP + targetPort: p2p-udp + nodePort: {{ $port }} + selector: + {{- include "reth.selectorLabels" $ | nindent 4 }} + statefulset.kubernetes.io/pod-name: "{{ include "reth.fullname" $ }}-0" +{{- end }} diff --git a/charts/reth/templates/service.yaml b/charts/reth/templates/service.yaml new file mode 100644 index 00000000..a5030b10 --- /dev/null +++ b/charts/reth/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "reth.fullname" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ include "reth.p2pPort" . }} + targetPort: p2p-tcp + protocol: TCP + name: p2p-tcp + - port: {{ include "reth.p2pPort" . }} + targetPort: p2p-udp + protocol: UDP + name: p2p-udp + - port: {{ .Values.httpPort }} + targetPort: http-rpc + protocol: TCP + name: http-rpc + - port: {{ .Values.authPort }} + targetPort: auth-rpc + protocol: TCP + name: auth-rpc + {{- if ne .Values.httpPort .Values.wsPort }} + - port: {{ .Values.wsPort }} + targetPort: ws-rpc + protocol: TCP + name: ws-rpc + {{- end }} + {{- if ne .Values.authPort .Values.wsAuthPort }} + - port: {{ .Values.wsAuthPort }} + targetPort: ws-auth-rpc + protocol: TCP + name: ws-auth-rpc + {{- end }} + {{- if .Values.extraPorts }} + {{ toYaml .Values.extraPorts | nindent 4}} + {{- end }} + selector: + {{- include "reth.selectorLabels" . | nindent 4 }} diff --git a/charts/reth/templates/serviceaccount.yaml b/charts/reth/templates/serviceaccount.yaml new file mode 100644 index 00000000..07e25217 --- /dev/null +++ b/charts/reth/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "reth.serviceAccountName" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/reth/templates/servicemonitor.yaml b/charts/reth/templates/servicemonitor.yaml new file mode 100644 index 00000000..b8329849 --- /dev/null +++ b/charts/reth/templates/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "reth.serviceAccountName" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "reth.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.annotations }} + annotations: + {{ toYaml .Values.serviceMonitor.annotations | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: metrics + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "reth.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/reth/templates/statefulset.yaml b/charts/reth/templates/statefulset.yaml new file mode 100644 index 00000000..4644d6fe --- /dev/null +++ b/charts/reth/templates/statefulset.yaml @@ -0,0 +1,202 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "reth.fullname" . }} + labels: + {{- include "reth.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} +spec: + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ include "reth.replicas" . }} + selector: + matchLabels: + {{- include "reth.selectorLabels" . | nindent 6 }} + serviceName: {{ include "reth.fullname" . }}-headless + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + template: + metadata: + labels: + {{- include "reth.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "reth.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + initContainers: + {{- if .Values.initContainers }} + {{- tpl (toYaml .Values.initContainers | nindent 8) $ }} + {{- end }} + {{- if .Values.p2pNodePort.enabled }} + - name: init-nodeport + image: "{{ .Values.p2pNodePort.initContainer.image.repository }}:{{ .Values.p2pNodePort.initContainer.image.tag }}" + imagePullPolicy: {{.Values.p2pNodePort.initContainer.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - sh + - -c + - > + export EXTERNAL_PORT=$(kubectl get services -l "pod in (${POD_NAME}), type in (p2p)" -o jsonpath='{.items[0].spec.ports[0].nodePort}'); + export EXTERNAL_IP=$(kubectl get nodes "${NODE_NAME}" -o jsonpath='{.status.addresses[?(@.type=="ExternalIP")].address}'); + echo "EXTERNAL_PORT=$EXTERNAL_PORT" > /env/init-nodeport; + echo "EXTERNAL_IP=$EXTERNAL_IP" >> /env/init-nodeport; + cat /env/init-nodeport; + volumeMounts: + - name: env-nodeport + mountPath: /env + {{- end }} + {{- if .Values.initChownData.enabled }} + - name: init-chown-data + image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/data"] + resources: + {{ toYaml .Values.initChownData.resources | nindent 12 }} + volumeMounts: + - name: storage + mountPath: "/data" + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- if gt (len .Values.customCommand) 0 }} + {{- toYaml .Values.customCommand | nindent 12}} + {{- else }} + {{- include "reth.defaultCommand" . | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | nindent 12}} + {{- end }} + {{- if .Values.p2pNodePort.enabled }} + - name: env-nodeport + mountPath: /env + {{- end }} + - name: storage + mountPath: "/data" + - name: jwt + mountPath: "/data/jwt.hex" + subPath: jwt.hex + readOnly: true + ports: + {{- if .Values.extraContainerPorts }} + {{ toYaml .Values.extraContainerPorts | nindent 12}} + {{- end }} + - name: p2p-tcp + containerPort: {{ include "reth.p2pPort" . }} + protocol: TCP + - name: p2p-udp + containerPort: {{ include "reth.p2pPort" . }} + protocol: UDP + - name: http-rpc + containerPort: {{ .Values.httpPort }} + protocol: TCP + - name: ws-rpc + containerPort: {{ .Values.wsPort }} + protocol: TCP + - name: auth-rpc + containerPort: {{ .Values.authPort }} + protocol: TCP + - name: ws-auth-rpc + containerPort: {{ .Values.wsAuthPort }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- range $key, $value := .Values.secretEnv }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ include "reth.fullname" $ }}-env + key: {{ $key }} + {{- end }} + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + {{- if .Values.extraContainers }} + {{ tpl (toYaml .Values.extraContainers | nindent 8) $ }} + {{- end }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: jwt + secret: + secretName: {{ include "reth.fullname" . }}-jwt + {{- if .Values.p2pNodePort.enabled }} + - name: env-nodeport + emptyDir: {} + {{- end }} + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | nindent 8}} + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: storage + emptyDir: {} + {{- else if .Values.persistence.existingClaim }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: storage + annotations: + {{- toYaml .Values.persistence.annotations | nindent 8 }} + spec: + accessModes: + {{- toYaml .Values.persistence.accessModes | nindent 8 }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- if .Values.persistence.selector }} + selector: + {{- toYaml .Values.persistence.selector | nindent 8 }} + {{- end }} + {{- end }} diff --git a/charts/reth/templates/tests/test-connection.yaml b/charts/reth/templates/tests/test-connection.yaml new file mode 100644 index 00000000..e774ca95 --- /dev/null +++ b/charts/reth/templates/tests/test-connection.yaml @@ -0,0 +1,24 @@ + +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "reth.fullname" . }}-test-connection" + labels: + {{- include "reth.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: curl + image: curlimages/curl + command: ['curl'] + args: + - --location + - --request + - POST + - '{{ include "reth.fullname" . }}:{{ .Values.httpPort }}/' + - --header + - 'Content-Type: application/json' + - --data-raw + - '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}' + restartPolicy: Never diff --git a/charts/reth/values.yaml b/charts/reth/values.yaml new file mode 100644 index 00000000..7c7a03ff --- /dev/null +++ b/charts/reth/values.yaml @@ -0,0 +1,334 @@ +# -- Overrides the chart's name +nameOverride: "" + +# -- Overrides the chart's computed fullname +fullnameOverride: "" + +# -- Number of replicas +replicas: 1 + +image: + # -- reth container image repository + repository: ethpandaops/reth + # -- reth container image tag + tag: main + # -- reth container pull policy + pullPolicy: IfNotPresent + +# -- Extra args for the reth container +extraArgs: [] + #- --network=goerli + +# -- JWT secret is attached as a secret object. Change this value. +jwt: ecb22bc24e7d4061f7ed690ccd5846d7d73f5d2b9733267e12f56790398d908a + +# -- Template used for the default command +# @default -- See `values.yaml` +defaultCommandTemplate: | + - sh + - -ac + - > + {{- if .Values.p2pNodePort.enabled }} + . /env/init-nodeport; + {{- end }} + /usr/local/bin/reth node + --datadir=/data + --config=/data/config.toml + {{- if .Values.p2pNodePort.enabled }} + {{- if not (contains "--nat=" (.Values.extraArgs | join ",")) }} + --nat=extip:$EXTERNAL_IP + {{- end }} + {{- if not (contains "--port=" (.Values.extraArgs | join ",")) }} + --port=$EXTERNAL_PORT + {{- end }} + {{- else }} + {{- if not (contains "--nat=" (.Values.extraArgs | join ",")) }} + --nat=extip:$(POD_IP) + {{- end }} + {{- if not (contains "--port=" (.Values.extraArgs | join ",")) }} + --port={{ include "reth.p2pPort" . }} + {{- end }} + {{- end }} + --http + --http.addr=0.0.0.0 + --http.port={{ .Values.httpPort }} + --http.corsdomain=* + --ws + --ws.addr=0.0.0.0 + --ws.port={{ .Values.wsPort }} + --ws.origins=* + --authrpc.jwtsecret=/data/jwt.hex + --authrpc.addr=0.0.0.0 + --authrpc.port={{ .Values.authPort }} + {{- range .Values.extraArgs }} + {{ tpl . $ }} + {{- end }} + +# -- Legacy way of overwriting the default command. You may prefer to change defaultCommandTemplate instead. +customCommand: [] + +# When p2pNodePort is enabled, your P2P port will be exposed via service type NodePort. +# This is useful if you want to expose and announce your node to the Internet. +# Limitation: You can only one have one replica when exposing via NodePort. +# Check the chart README.md for more details +p2pNodePort: + # -- Expose P2P port via NodePort + enabled: false + # -- NodePort to be used + port: 31000 + initContainer: + image: + # -- Container image to fetch nodeport information + repository: lachlanevenson/k8s-kubectl + # -- Container tag + tag: v1.21.3 + # -- Container pull policy + pullPolicy: IfNotPresent + portForwardContainer: + image: + # -- Container image for the port forwarder + repository: alpine/socat + # -- Container tag + tag: latest + # -- Container pull policy + pullPolicy: IfNotPresent + +ingress: + # -- Ingress resource for the HTTP API + enabled: false + # -- Annotations for Ingress + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # -- Ingress host + hosts: + - host: chart-example.local + paths: [] + # -- Ingress TLS + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- Affinity configuration for pods +affinity: {} + +# -- Image pull secrets for Docker images +imagePullSecrets: [] + +# -- Annotations for the StatefulSet +annotations: {} + +# -- Liveness probe +# @default -- See `values.yaml` +livenessProbe: + tcpSocket: + port: http-rpc + initialDelaySeconds: 60 + periodSeconds: 120 + +# -- Readiness probe +# @default -- See `values.yaml` +readinessProbe: + tcpSocket: + port: http-rpc + initialDelaySeconds: 10 + periodSeconds: 10 + +# -- HTTP Port +httpPort: 8545 + +# -- WS Port +wsPort: 8545 + +# -- Engine Port (Auth Port) +authPort: 8551 + +# -- WS Engine Auth Port +wsAuthPort: 8551 + +# -- Node selector for pods +nodeSelector: {} + +persistence: + # -- Uses an EmptyDir when not enabled + enabled: false + # -- Use an existing PVC when persistence.enabled + existingClaim: null + # -- Access mode for the volume claim template + accessModes: + - ReadWriteOnce + # -- Requested size for volume claim template + size: 20Gi + # -- Use a specific storage class + # E.g 'local-path' for local storage to achieve best performance + # Read more (https://github.com/rancher/local-path-provisioner) + storageClassName: null + # -- Annotations for volume claim template + annotations: {} + # -- Selector for volume claim template + selector: {} + # matchLabels: + # app.kubernetes.io/name: something + +# -- Pod labels +podLabels: {} + +# -- Pod annotations +podAnnotations: {} + +# -- Pod management policy +podManagementPolicy: OrderedReady + +# -- Pod priority class +priorityClassName: null + +rbac: + # -- Specifies whether RBAC resources are to be created + create: true + # -- Required ClusterRole rules + # @default -- See `values.yaml` + clusterRules: + # Required to obtain the nodes external IP + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # -- Required ClusterRole rules + # @default -- See `values.yaml` + rules: + # Required to get information about the serices nodePort. + - apiGroups: [""] + resources: + - services + verbs: + - get + - list + - watch + +# -- Resource requests and limits +resources: {} +# limits: +# cpu: 500m +# memory: 2Gi +# requests: +# cpu: 300m +# memory: 1Gi + +# -- The security context for pods +# @default -- See `values.yaml` +securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + +# -- The security context for containers +# @default -- See `values.yaml` +containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- How long to wait until the pod is forcefully terminated +terminationGracePeriodSeconds: 300 + +# -- Tolerations for pods +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# -- Define the PodDisruptionBudget spec +# If not set then a PodDisruptionBudget will not be created +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +# -- Update stategy for the Statefulset +updateStrategy: + # -- Update stategy type + type: RollingUpdate + +# -- Additional init containers +initContainers: [] +# - name: my-init-container +# image: busybox:latest +# command: ['sh', '-c', 'echo hello'] + +# -- Additional containers +extraContainers: [] + +# -- Additional volumes +extraVolumes: [] + +# -- Additional volume mounts +extraVolumeMounts: [] + +# -- Additional ports. Useful when using extraContainers or extraContainerPorts +extraPorts: [] + +# -- Additional ports for the main container +extraContainerPorts: [] + +# -- Additional env variables +extraEnv: [] + +# -- Additional env variables injected via a created secret +secretEnv: {} +# MY_PASSWORD: supersecret + +initChownData: + # -- Init container to set the correct permissions to access data directories + enabled: true + image: + # -- Container repository + repository: busybox + # -- Container tag + tag: 1.34.0 + # -- Container pull policy + pullPolicy: IfNotPresent + # -- Resource requests and limits + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +serviceMonitor: + # -- If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + enabled: false + # -- Path to scrape + path: /debug/metrics/prometheus + # -- Alternative namespace for ServiceMonitor + namespace: null + # -- Additional ServiceMonitor labels + labels: {} + # -- Additional ServiceMonitor annotations + annotations: {} + # -- ServiceMonitor scrape interval + interval: 1m + # -- ServiceMonitor scheme + scheme: http + # -- ServiceMonitor TLS configuration + tlsConfig: {} + # -- ServiceMonitor scrape timeout + scrapeTimeout: 30s + # -- ServiceMonitor relabelings + relabelings: []