diff --git a/helm/tableland/Chart.yaml b/helm/tableland/Chart.yaml new file mode 100644 index 00000000..390e3bc8 --- /dev/null +++ b/helm/tableland/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +description: Official Tableland helm chart for +home: https://github.com/tablelandnetwork/go-tableland +maintainers: + - email: developer@tableland.com + name: Tableland +name: tableland +version: 0.5.0 +appVersion: v1.8.1 diff --git a/helm/tableland/NOTES.txt b/helm/tableland/NOTES.txt new file mode 100755 index 00000000..88adb3ca --- /dev/null +++ b/helm/tableland/NOTES.txt @@ -0,0 +1,6 @@ +1. Watch the tableland node come up . + $ kubectl get pods --namespace={{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "tableland.name" . }} -w +2. Watch the node logs . + $ kubectl logs --namespace={{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "tableland.name" . }} -c tableland -f +2. Port forward the pod to your local pc . + $ kubectl port-forward --namespace={{ .Release.Namespace }} svc/{{ template "tableland.uname" . }} {{ .Values.httpPort }} \ No newline at end of file diff --git a/helm/tableland/README.md b/helm/tableland/README.md new file mode 100644 index 00000000..48b18ccf --- /dev/null +++ b/helm/tableland/README.md @@ -0,0 +1,108 @@ +# Tableland Validator Node Helm Chart + +This Helm chart installs a Tableland Validator Node in a Kubernetes cluster. + +## Prerequisites + +- Kubernetes 1.18+ +- Helm 3.0+ + +## Get Repo Info + +```shell +helm repo add [repo-name] [repo-url] +helm repo update +``` + + +# Install Chart + +```shell +helm install [release-name] [chart] -f values.yaml +``` + + +# Uninstall Chart +```shell +helm uninstall [release-name] +``` + +Configuration +------------- + +The following table lists the configurable parameters of the Tableland Validator Node chart and their default values, specified in `values.yaml`. + +| Parameter | Description | Default | +| --- | --- | --- | +| `fullnameOverride` | Override the full resource names | `""` | +| `image` | Tableland image | `textile/tableland` | +| `imageTag` | Image tag | `"v1.8.1-beta-3"` | +| `imagePullPolicy` | Image pull policy | `"IfNotPresent"` | +| `imagePullSecrets` | Specify image pull secrets | `[]` | +| `httpPort` | Http port of the application | `8080` | +| `httpsPort` | Https port of the application | `8443` | +| `metricsPort` | Metrics port of the application | `8888` | +| `...` | ... | ... | + +You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```shell +helm install [release-name] [repo-name]/tableland-validator-node --set imagePullPolicy=Always +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + + +```shell +helm install [release-name] [repo-name]/tableland-validator-node -f values.yaml +`````` + +### Image + +| Parameter | Description | Default | +| --- | --- | --- | +| `image.repository` | Tableland image name | `textile/tableland` | +| `image.tag` | Image tag | `v1.8.1-beta-3` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `imagePullSecrets` | Specify image pull secrets | `[]` | + +### Pod Settings + +| Parameter | Description | Default | +| --- | --- | --- | +| `podAnnotations` | Annotations for pods | `{}` | +| `resources` | Resource limits and requests | `{}` | +| `terminationGracePeriod` | Time to wait for clean shutdown | `120` | +| `...` | ... | ... | + +### Configurations + +Specify configurations for Tableland in `config` key. You can edit the configuration provided to the node under the values.yaml config key. + +### Configurations + +### Extra Environment Variables + +`extraEnvs` provides a way to add extra environment variables. Use this to insert additional secret environment variables. + +### Ingress + +| Parameter | Description | Default | +| --- | --- | --- | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.className` | Ingress Class Name | `nginx` | +| `ingress.hosts` | Ingress accepted hostnames | `[]` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.tls` | Ingress TLS configuration | `[]` | + +### RBAC settings, Persistence, etc. + +The rest of the parameters (RBAC settings, Persistence, Extra Containers, etc.) can be found in the provided `values.yaml` file. Ensure to review and tailor them according to your use-case. + +### Note + +Ensure to review and customize the `values.yaml` file as per your deployment strategy to provide specific settings for environment variables, resources, etc. + +# Configuration + +The following table lists the configurable parameters of the Tableland Validator Node chart and their default values, specified in values.yaml. \ No newline at end of file diff --git a/helm/tableland/_helpers.tpl b/helm/tableland/_helpers.tpl new file mode 100644 index 00000000..60fe3635 --- /dev/null +++ b/helm/tableland/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "tableland.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "tableland.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "tableland.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "tableland.uname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "tableland.labels" -}} +helm.sh/chart: {{ include "tableland.chart" . }} +{{ include "tableland.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "tableland.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tableland.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "tableland.endpoints" -}} +{{- $replicas := int (toString (.Values.replicas)) }} +{{- $uname := (include "tableland.uname" .) }} + {{- range $i, $e := untilStep 0 $replicas 1 -}} +{{ $uname }}-{{ $i }}, + {{- end -}} +{{- end -}} + +{{/* +Use the fullname if the serviceAccount value is not set +*/}} +{{- define "tableland.serviceAccount" -}} +{{- .Values.rbac.serviceAccountName | default (include "tableland.uname" .) -}} +{{- end -}} diff --git a/helm/tableland/configmap.yaml b/helm/tableland/configmap.yaml new file mode 100644 index 00000000..1a9e0a8d --- /dev/null +++ b/helm/tableland/configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tableland.uname" . }}-config + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "tableland.uname" . }}" +data: +{{- range $path, $config := .Values.config }} + {{ $path }}: |- +{{ $config | indent 4 -}} +{{- end -}} \ No newline at end of file diff --git a/helm/tableland/ingress.yaml b/helm/tableland/ingress.yaml new file mode 100644 index 00000000..ebf3253b --- /dev/null +++ b/helm/tableland/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "tableland.uname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "tableland.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: 8080 + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/tableland/poddisruptionbudget.yaml b/helm/tableland/poddisruptionbudget.yaml new file mode 100644 index 00000000..11a84f6a --- /dev/null +++ b/helm/tableland/poddisruptionbudget.yaml @@ -0,0 +1,11 @@ +{{- if .Values.maxUnavailable }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "tableland.uname" . }}-pdb" +spec: + maxUnavailable: {{ .Values.maxUnavailable }} + selector: + matchLabels: + app: "{{ template "tableland.uname" . }}" +{{- end }} diff --git a/helm/tableland/service.yaml b/helm/tableland/service.yaml new file mode 100644 index 00000000..993c272b --- /dev/null +++ b/helm/tableland/service.yaml @@ -0,0 +1,22 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + publishNotReadyAddresses: true + selector: + {{- include "tableland.selectorLabels" . | nindent 4 }} + ports: + - name: {{ .Values.service.httpPortName | default "http" }} + port: {{ .Values.httpPort }} + - name: {{ .Values.service.httpsPortName | default "https" }} + port: {{ .Values.httpsPort }} + - name: {{ .Values.service.monHttpsPortName | default "mon-http" }} + port: {{ .Values.metricsPort }} \ No newline at end of file diff --git a/helm/tableland/serviceaccount.yaml b/helm/tableland/serviceaccount.yaml new file mode 100644 index 00000000..236a2572 --- /dev/null +++ b/helm/tableland/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "tableland.uname" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "tableland.serviceAccount" . }}" + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +{{- end -}} diff --git a/helm/tableland/servicemonitor.yaml b/helm/tableland/servicemonitor.yaml new file mode 100644 index 00000000..70ac7e21 --- /dev/null +++ b/helm/tableland/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tableland.uname" . }}-monitor + namespace: {{ .Release.Namespace }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "tableland.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: {{ .Values.serviceMonitor.port }} + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + path: {{ .Values.serviceMonitor.path | quote }} +{{- end }} \ No newline at end of file diff --git a/helm/tableland/statefulset.yaml b/helm/tableland/statefulset.yaml new file mode 100644 index 00000000..4515658c --- /dev/null +++ b/helm/tableland/statefulset.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 4 }} + annotations: +spec: + serviceName: {{ template "tableland.uname" . }} + selector: + matchLabels: + {{- include "tableland.selectorLabels" . | nindent 6 }} + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 8 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: +{{ toYaml .Values.volumeClaimTemplate | indent 6 }} + {{- end }} + template: + metadata: + name: "{{ template "tableland.uname" . }}" + labels: + {{- include "tableland.labels" . | nindent 8 }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.config }} + configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + spec: + securityContext: +{{ toYaml .Values.podSecurityContext | indent 8 }} + {{- if or .Values.rbac.create .Values.rbac.serviceAccountName }} + serviceAccountName: "{{ template "tableland.serviceAccount" . }}" + {{- end }} + automountServiceAccountToken: {{ .Values.rbac.automountToken }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + volumes: + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} + {{- end }} + {{- if .Values.config }} + - name: config + configMap: + name: {{ template "tableland.uname" . }}-config + {{- end }} + {{- if .Values.createCert }} + - name: tableland-certs + secret: + secretName: {{ template "tableland.uname" . }}-certs + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} + containers: + - name: "{{ template "tableland.name" . }}" + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + ports: + - name: http + containerPort: {{ .Values.httpPort }} + - name: https + containerPort: {{ .Values.httpsPort }} + - name: mon-http + containerPort: {{ .Values.metricsPort }} + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + httpGet: + path: /api/v1/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 5 + livenessProbe: + httpGet: + path: /api/v1/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 5 + env: + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name +{{- if .Values.extraEnvs }} +{{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} +{{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: "{{ template "tableland.uname" . }}" + mountPath: /.tableland + {{- end }} + {{- if .Values.createCert }} + - name: tableland-certs + mountPath: /.tableland/certs + readOnly: true + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.config }} + - name: config + mountPath: /.tableland/{{ $path }} + subPath: {{ $path }} + readOnly: true + {{- end -}} + {{- if .Values.extraVolumeMounts }} + {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} +{{ tpl .Values.extraVolumeMounts . | indent 10 }} + {{- else }} +{{ toYaml .Values.extraVolumeMounts | indent 10 }} + {{- end }} + {{- end }} +{{- if .Values.lifecycle }} + lifecycle: +{{ toYaml .Values.lifecycle | indent 10 }} +{{- end }} + {{- if .Values.extraContainers }} + {{- if eq "string" (printf "%T" .Values.extraContainers) }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} + {{- end }} diff --git a/helm/tableland/templates/NOTES.txt b/helm/tableland/templates/NOTES.txt new file mode 100755 index 00000000..88adb3ca --- /dev/null +++ b/helm/tableland/templates/NOTES.txt @@ -0,0 +1,6 @@ +1. Watch the tableland node come up . + $ kubectl get pods --namespace={{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "tableland.name" . }} -w +2. Watch the node logs . + $ kubectl logs --namespace={{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "tableland.name" . }} -c tableland -f +2. Port forward the pod to your local pc . + $ kubectl port-forward --namespace={{ .Release.Namespace }} svc/{{ template "tableland.uname" . }} {{ .Values.httpPort }} \ No newline at end of file diff --git a/helm/tableland/templates/_helpers.tpl b/helm/tableland/templates/_helpers.tpl new file mode 100644 index 00000000..60fe3635 --- /dev/null +++ b/helm/tableland/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "tableland.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "tableland.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "tableland.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "tableland.uname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "tableland.labels" -}} +helm.sh/chart: {{ include "tableland.chart" . }} +{{ include "tableland.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "tableland.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tableland.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "tableland.endpoints" -}} +{{- $replicas := int (toString (.Values.replicas)) }} +{{- $uname := (include "tableland.uname" .) }} + {{- range $i, $e := untilStep 0 $replicas 1 -}} +{{ $uname }}-{{ $i }}, + {{- end -}} +{{- end -}} + +{{/* +Use the fullname if the serviceAccount value is not set +*/}} +{{- define "tableland.serviceAccount" -}} +{{- .Values.rbac.serviceAccountName | default (include "tableland.uname" .) -}} +{{- end -}} diff --git a/helm/tableland/templates/configmap.yaml b/helm/tableland/templates/configmap.yaml new file mode 100644 index 00000000..1a9e0a8d --- /dev/null +++ b/helm/tableland/templates/configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tableland.uname" . }}-config + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "tableland.uname" . }}" +data: +{{- range $path, $config := .Values.config }} + {{ $path }}: |- +{{ $config | indent 4 -}} +{{- end -}} \ No newline at end of file diff --git a/helm/tableland/templates/ingress.yaml b/helm/tableland/templates/ingress.yaml new file mode 100644 index 00000000..ebf3253b --- /dev/null +++ b/helm/tableland/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "tableland.uname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "tableland.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: 8080 + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/tableland/templates/poddisruptionbudget.yaml b/helm/tableland/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..11a84f6a --- /dev/null +++ b/helm/tableland/templates/poddisruptionbudget.yaml @@ -0,0 +1,11 @@ +{{- if .Values.maxUnavailable }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "tableland.uname" . }}-pdb" +spec: + maxUnavailable: {{ .Values.maxUnavailable }} + selector: + matchLabels: + app: "{{ template "tableland.uname" . }}" +{{- end }} diff --git a/helm/tableland/templates/service.yaml b/helm/tableland/templates/service.yaml new file mode 100644 index 00000000..993c272b --- /dev/null +++ b/helm/tableland/templates/service.yaml @@ -0,0 +1,22 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + publishNotReadyAddresses: true + selector: + {{- include "tableland.selectorLabels" . | nindent 4 }} + ports: + - name: {{ .Values.service.httpPortName | default "http" }} + port: {{ .Values.httpPort }} + - name: {{ .Values.service.httpsPortName | default "https" }} + port: {{ .Values.httpsPort }} + - name: {{ .Values.service.monHttpsPortName | default "mon-http" }} + port: {{ .Values.metricsPort }} \ No newline at end of file diff --git a/helm/tableland/templates/serviceaccount.yaml b/helm/tableland/templates/serviceaccount.yaml new file mode 100644 index 00000000..236a2572 --- /dev/null +++ b/helm/tableland/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "tableland.uname" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "tableland.serviceAccount" . }}" + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +{{- end -}} diff --git a/helm/tableland/templates/servicemonitor.yaml b/helm/tableland/templates/servicemonitor.yaml new file mode 100644 index 00000000..70ac7e21 --- /dev/null +++ b/helm/tableland/templates/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tableland.uname" . }}-monitor + namespace: {{ .Release.Namespace }} + labels: + {{- include "tableland.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "tableland.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: {{ .Values.serviceMonitor.port }} + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + path: {{ .Values.serviceMonitor.path | quote }} +{{- end }} \ No newline at end of file diff --git a/helm/tableland/templates/statefulset.yaml b/helm/tableland/templates/statefulset.yaml new file mode 100644 index 00000000..4515658c --- /dev/null +++ b/helm/tableland/templates/statefulset.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 4 }} + annotations: +spec: + serviceName: {{ template "tableland.uname" . }} + selector: + matchLabels: + {{- include "tableland.selectorLabels" . | nindent 6 }} + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ template "tableland.uname" . }} + labels: + {{- include "tableland.labels" . | nindent 8 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: +{{ toYaml .Values.volumeClaimTemplate | indent 6 }} + {{- end }} + template: + metadata: + name: "{{ template "tableland.uname" . }}" + labels: + {{- include "tableland.labels" . | nindent 8 }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.config }} + configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + spec: + securityContext: +{{ toYaml .Values.podSecurityContext | indent 8 }} + {{- if or .Values.rbac.create .Values.rbac.serviceAccountName }} + serviceAccountName: "{{ template "tableland.serviceAccount" . }}" + {{- end }} + automountServiceAccountToken: {{ .Values.rbac.automountToken }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + volumes: + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} + {{- end }} + {{- if .Values.config }} + - name: config + configMap: + name: {{ template "tableland.uname" . }}-config + {{- end }} + {{- if .Values.createCert }} + - name: tableland-certs + secret: + secretName: {{ template "tableland.uname" . }}-certs + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} + containers: + - name: "{{ template "tableland.name" . }}" + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + ports: + - name: http + containerPort: {{ .Values.httpPort }} + - name: https + containerPort: {{ .Values.httpsPort }} + - name: mon-http + containerPort: {{ .Values.metricsPort }} + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + httpGet: + path: /api/v1/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 5 + livenessProbe: + httpGet: + path: /api/v1/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 5 + env: + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name +{{- if .Values.extraEnvs }} +{{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} +{{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: "{{ template "tableland.uname" . }}" + mountPath: /.tableland + {{- end }} + {{- if .Values.createCert }} + - name: tableland-certs + mountPath: /.tableland/certs + readOnly: true + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.config }} + - name: config + mountPath: /.tableland/{{ $path }} + subPath: {{ $path }} + readOnly: true + {{- end -}} + {{- if .Values.extraVolumeMounts }} + {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} +{{ tpl .Values.extraVolumeMounts . | indent 10 }} + {{- else }} +{{ toYaml .Values.extraVolumeMounts | indent 10 }} + {{- end }} + {{- end }} +{{- if .Values.lifecycle }} + lifecycle: +{{ toYaml .Values.lifecycle | indent 10 }} +{{- end }} + {{- if .Values.extraContainers }} + {{- if eq "string" (printf "%T" .Values.extraContainers) }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} + {{- end }} diff --git a/helm/tableland/values.yaml b/helm/tableland/values.yaml new file mode 100644 index 00000000..e97ee679 --- /dev/null +++ b/helm/tableland/values.yaml @@ -0,0 +1,300 @@ +fullnameOverride: "" +image: textile/tableland +imageTag: "v1.8.1-beta-3" +imagePullPolicy: "IfNotPresent" +imagePullSecrets: [] + +podAnnotations: {} +resources: {} + # requests: + # cpu: "1000m" + # memory: "2Gi" + # limits: + # cpu: "1000m" + # memory: "2Gi" +volumeClaimTemplate: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 30Gi + +config: + config.json: |- + { + "Impl": "mesa", + "HTTP": { + "Port": "8080", + "RateLimInterval": "1s", + "MaxRequestPerInterval": 10, + "ApiKey": "${HTTP_RATE_LIMITER_API_KEY}" + }, + "Gateway": { + "ExternalURIPrefix": "https://tableland.network", + "MetadataRendererURI": "https://tables.tableland.xyz", + "AnimationRendererURI": "https://tables.tableland.xyz" + }, + "DB": { + "Port": "5432" + }, + "TableConstraints": { + "MaxRowCount": 500000 + }, + "QueryConstraints": { + "MaxWriteQuerySize": 35000, + "MaxReadQuerySize": 35000 + }, + "Metrics": { + "Port": "9090" + }, + "Log": { + "Human": false, + "Debug": true + }, + "Analytics": { + "FetchExtraBlockInfo": true + }, + "Backup": { + "Enabled": true, + "Dir": "backups", + "Frequency": 240, + "EnableVacuum": true, + "EnableCompression": true, + "Pruning": { + "Enabled": true, + "KeepFiles": 5 + } + }, + "TelemetryPublisher": { + "Enabled": true, + "MetricsHubURL": "https://metricshub-mainnet-mrgr43cf5q-uw.a.run.app", + "MetricsHubApiKey": "${METRICS_HUB_API_KEY}", + "PublishingInterval": "10s", + "ChainStackCollectFrequency": "15m" + }, + "Chains": [ + { + "Name": "Ethereum Mainnet", + "ChainID": 1, + "Registry": { + "EthEndpoint": "wss://eth-mainnet.g.alchemy.com/v2/${VALIDATOR_ALCHEMY_ETHEREUM_MAINNET_API_KEY}", + "ContractAddress": "0x012969f7e3439a9B04025b5a049EB9BAD82A8C12" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "10s", + "MinBlockDepth": 1, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 150 + }, + { + "Name": "Arbitrum Mainnet", + "ChainID": 42161, + "Registry": { + "EthEndpoint": "https://arb-mainnet.g.alchemy.com/v2/${VALIDATOR_ALCHEMY_ARBITRUM_MAINNET_API_KEY}", + "ContractAddress": "0x9aBd75E8640871A5a20d3B4eE6330a04c962aFfd" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "5s", + "MinBlockDepth": 0, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 450 + }, + { + "Name": "Arbitrum Nova Mainnet", + "ChainID": 42170, + "Registry": { + "EthEndpoint": "https://skilled-yolo-mountain.nova-mainnet.discover.quiknode.pro/${VALIDATOR_QUICKNODE_ARBITRUM_NOVA_MAINNET_API_KEY}", + "ContractAddress": "0x1A22854c5b1642760a827f20137a67930AE108d2" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "5s", + "MinBlockDepth": 0, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 450 + }, + { + "Name": "Polygon Mainnet", + "ChainID": 137, + "Registry": { + "EthEndpoint": "wss://polygon-mainnet.g.alchemy.com/v2/${VALIDATOR_ALCHEMY_POLYGON_MAINNET_API_KEY}", + "ContractAddress": "0x5c4e6A9e5C1e1BF445A062006faF19EA6c49aFeA" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "5s", + "MinBlockDepth": 1, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 360 + }, + { + "Name": "Optimism Mainnet", + "ChainID": 10, + "Registry": { + "EthEndpoint": "wss://opt-mainnet.g.alchemy.com/v2/${VALIDATOR_ALCHEMY_OPTIMISM_MAINNET_API_KEY}", + "ContractAddress": "0xfad44BF5B843dE943a09D4f3E84949A11d3aa3e6" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "5s", + "MinBlockDepth": 0, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 1800 + }, + { + "Name": "Filecoin Mainnet", + "ChainID": 314, + "Registry": { + "EthEndpoint": "https://node.glif.io/fvm-archive/lotus/rpc/v1", + "ContractAddress": "0x59EF8Bf2d6c102B4c42AEf9189e1a9F0ABfD652d", + "ProviderAuthToken": "${VALIDATOR_GLIF_FILECOIN_MAINNET_API_KEY}" + }, + "EventFeed": { + "ChainAPIBackoff": "15s", + "NewBlockPollFreq": "15s", + "MinBlockDepth": 5, + "PersistEvents": true + }, + "EventProcessor": { + "BlockFailedExecutionBackoff": "10s", + "DedupExecutedTxns": true, + "WebhookURL": "https://discord.com/api/webhooks/${VALIDATOR_DISCORD_WEBHOOK_ID}/${VALIDATOR_DISCORD_WEBHOOK_TOKEN}" + }, + "HashCalculationStep": 60 + } + ] + } + + +extraEnvs: + - name: VALIDATOR_ALCHEMY_ARBITRUM_MAINNET_API_KEY + value: secret-value + - name: VALIDATOR_ALCHEMY_ETHEREUM_MAINNET_API_KEY + value: secret-value + - name: VALIDATOR_ALCHEMY_POLYGON_MAINNET_API_KEY + value: secret-value + - name: VALIDATOR_ALCHEMY_OPTIMISM_MAINNET_API_KEY + value: secret-value + - name: VALIDATOR_GLIF_FILECOIN_MAINNET_API_KEY + value: secret-value + - name: VALIDATOR_QUICKNODE_ARBITRUM_NOVA_MAINNET_API_KEY + value: secret-value + - name: HTTP_RATE_LIMITER_API_KEY + value: very-secret + - name: METRICS_HUB_API_KEY + value: api-key + +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + +secretMounts: [] +# - name: tls-certificates +# secretName: tls-certificates +# path: /.tableland//certs +# defaultMode: 0755 + +rbac: + create: true + serviceAccountAnnotations: {} + serviceAccountName: "" + automountToken: true + +persistence: + enabled: true + annotations: {} + +extraVolumeMounts: [] +# - name: extras +# mountPath: /usr/share/extras +# readOnly: true + +extraContainers: [] +# - name: do-something +# image: busybox +# command: ['do', 'something'] + +priorityClassName: "" +enableServiceLinks: false + +# Http port of the application +httpPort: 8080 +# Https port of the application +httpsPort: 8443 +# Metrics port of the application +metricsPort: 8888 + +service: + annotations: {} + httpPortName: http + httpsPortName: https + monHttpsPortName: mon-http + +updateStrategy: RollingUpdate + +#if you change this number to 0, rolling upgrades will no longer be possible. +maxUnavailable: 1 + +podSecurityContext: + fsGroup: 1000 + runAsUser: 1000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +terminationGracePeriod: 120 + +nodeSelector: {} + +tolerations: [] + +ingress: + enabled: false + className: nginx + annotations: {} + hosts: + - host: tableland.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + +lifecycle: {} \ No newline at end of file