From 3825be24c56953169faa3f8cf8cc5b5c77165e28 Mon Sep 17 00:00:00 2001 From: Diego Date: Mon, 13 May 2024 09:56:10 -0300 Subject: [PATCH 1/4] feat: Indexer chart --- charts/indexer/templates/deployment.yaml | 8 +- charts/indexer/values.yaml | 95 +++++++++--------------- 2 files changed, 41 insertions(+), 62 deletions(-) diff --git a/charts/indexer/templates/deployment.yaml b/charts/indexer/templates/deployment.yaml index f6103ef..c74c562 100644 --- a/charts/indexer/templates/deployment.yaml +++ b/charts/indexer/templates/deployment.yaml @@ -33,10 +33,10 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: - - name: http - containerPort: 80 - protocol: TCP + - containerPort: 8080 + - containerPort: 3030 livenessProbe: httpGet: path: / @@ -44,7 +44,7 @@ spec: readinessProbe: httpGet: path: / - port: http + port: 8080 resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/indexer/values.yaml b/charts/indexer/values.yaml index 9901a61..647c880 100644 --- a/charts/indexer/values.yaml +++ b/charts/indexer/values.yaml @@ -1,82 +1,61 @@ -# Default values for indexer. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 +# Application name used in resource names +app: + name: indexer +# Image configuration image: - repository: nginx + repository: ghcr.io/composablefi/composable-ibc-private/evm-indexer + tag: latest pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# Number of replicas +replicaCount: 2 +# Service configuration service: type: ClusterIP port: 80 +# Ingress configuration ingress: enabled: false - className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 +# Resource limits and requests +#resources: +# limits: +# cpu: "100m" +# memory: "128Mi" +# requests: +# cpu: "100m" +# memory: "128Mi" +# +# Pod affinity +affinity: {} +# Node labels for pod assignment nodeSelector: {} +# Pod tolerations tolerations: [] -affinity: {} +# Environment variables +env: + DB_HOST: "localhost" + DB_PASSWORD: "pwd" + DB_PORT: "5432" + DB_DATABASE: "indexer_db" + DB_USERNAME: "postgres" + NODE_ENV: "production" + +# Security context for the deployment +securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 From 706e8139ca800c09066f1d509d141d1ac0f4639c Mon Sep 17 00:00:00 2001 From: Diego Date: Mon, 13 May 2024 09:57:57 -0300 Subject: [PATCH 2/4] feat: Indexer chart --- charts/indexer/values.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/indexer/values.yaml b/charts/indexer/values.yaml index 647c880..2615b11 100644 --- a/charts/indexer/values.yaml +++ b/charts/indexer/values.yaml @@ -9,13 +9,19 @@ image: pullPolicy: IfNotPresent # Number of replicas -replicaCount: 2 +replicaCount: 1 # Service configuration service: type: ClusterIP - port: 80 - + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: custom + port: 3030 + targetPort: 3030 + # Ingress configuration ingress: enabled: false From 6461fda112101fb95fae54289770c5ccae5b7372 Mon Sep 17 00:00:00 2001 From: Diego Date: Tue, 14 May 2024 14:43:25 -0300 Subject: [PATCH 3/4] feat: missing manifests. Review template helpers --- charts/indexer/templates/deployment.yaml | 63 ++++++++------------ charts/indexer/templates/secrets.yaml | 8 +++ charts/indexer/templates/service.yaml | 2 +- charts/indexer/values.yaml | 75 ++++++++---------------- 4 files changed, 55 insertions(+), 93 deletions(-) create mode 100644 charts/indexer/templates/secrets.yaml diff --git a/charts/indexer/templates/deployment.yaml b/charts/indexer/templates/deployment.yaml index c74c562..fc060e5 100644 --- a/charts/indexer/templates/deployment.yaml +++ b/charts/indexer/templates/deployment.yaml @@ -5,57 +5,40 @@ metadata: labels: {{- include "indexer.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} - {{- end }} selector: matchLabels: {{- include "indexer.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} labels: {{- include "indexer.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} serviceAccountName: {{ include "indexer.serviceAccountName" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml .Values.securityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + - name: {{ include "indexer.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 8080 - - containerPort: 3030 - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: 8080 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + - containerPort: {{ .Values.service.targetPort }} + env: + - name: DB_HOST + value: {{ .Values.env.DB_HOST }} + - name: DB_PORT + value: {{ .Values.env.DB_PORT }} + - name: DB_DATABASE + value: {{ .Values.env.DB_DATABASE }} + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: db-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: db-secrets + key: password + - name: NODE_ENV + value: {{ .Values.env.NODE_ENV }} diff --git a/charts/indexer/templates/secrets.yaml b/charts/indexer/templates/secrets.yaml new file mode 100644 index 0000000..df963f4 --- /dev/null +++ b/charts/indexer/templates/secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: db-secrets +type: Opaque +data: + username: {{ .Values.env.DB_USERNAME | b64enc }} + password: {{ .Values.env.DB_PASSWORD | b64enc }} diff --git a/charts/indexer/templates/service.yaml b/charts/indexer/templates/service.yaml index 580790e..6ad4d2e 100644 --- a/charts/indexer/templates/service.yaml +++ b/charts/indexer/templates/service.yaml @@ -8,7 +8,7 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: http + targetPort: {{ .Values.service.targetPort }} protocol: TCP name: http selector: diff --git a/charts/indexer/values.yaml b/charts/indexer/values.yaml index 2615b11..a9d261c 100644 --- a/charts/indexer/values.yaml +++ b/charts/indexer/values.yaml @@ -1,66 +1,37 @@ -# Application name used in resource names -app: - name: indexer +# General application settings +replicaCount: 1 + +# Optional name and fullname overrides +nameOverride: "" +fullnameOverride: "" + +# Service Account +serviceAccount: + create: true + name: "" # Image configuration image: - repository: ghcr.io/composablefi/composable-ibc-private/evm-indexer + repository: ghcr.io/composablefi/composable-indexer tag: latest pullPolicy: IfNotPresent -# Number of replicas -replicaCount: 1 - # Service configuration service: type: ClusterIP - ports: - - name: http - port: 8080 - targetPort: 8080 - - name: custom - port: 3030 - targetPort: 3030 - -# Ingress configuration -ingress: - enabled: false - annotations: {} - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] + port: 8080 + targetPort: 8080 -# Resource limits and requests -#resources: -# limits: -# cpu: "100m" -# memory: "128Mi" -# requests: -# cpu: "100m" -# memory: "128Mi" -# -# Pod affinity -affinity: {} - -# Node labels for pod assignment -nodeSelector: {} - -# Pod tolerations -tolerations: [] - -# Environment variables +# Environment variables env: - DB_HOST: "localhost" - DB_PASSWORD: "pwd" - DB_PORT: "5432" - DB_DATABASE: "indexer_db" - DB_USERNAME: "postgres" - NODE_ENV: "production" - -# Security context for the deployment + DB_HOST: localhost + DB_PORT: 5432 + DB_DATABASE: mydatabase + DB_USERNAME: secretKeyRefName + DB_PASSWORD: secretKeyRefName + NODE_ENV: production + +# Security context for the deployments securityContext: runAsUser: 1000 runAsGroup: 3000 From b8a587baa79b418c9954cf8f6d9b655d440ff279 Mon Sep 17 00:00:00 2001 From: lbd-cloud Date: Mon, 20 May 2024 13:28:43 -0300 Subject: [PATCH 4/4] feat: Proper env handling, affinity and alike parameters restored --- charts/indexer/templates/configmap.yaml | 10 ++++++ charts/indexer/templates/deployment.yaml | 42 +++++++++++++----------- charts/indexer/templates/secrets.yaml | 9 +++-- charts/indexer/values.yaml | 36 +++++++++++++++----- 4 files changed, 67 insertions(+), 30 deletions(-) create mode 100644 charts/indexer/templates/configmap.yaml diff --git a/charts/indexer/templates/configmap.yaml b/charts/indexer/templates/configmap.yaml new file mode 100644 index 0000000..c21668a --- /dev/null +++ b/charts/indexer/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }} + labels: + {{- include "autocompounder.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.appConfig.env }} + {{ $key | quote }}: {{ $value | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/indexer/templates/deployment.yaml b/charts/indexer/templates/deployment.yaml index fc060e5..a1fb2c4 100644 --- a/charts/indexer/templates/deployment.yaml +++ b/charts/indexer/templates/deployment.yaml @@ -11,34 +11,38 @@ spec: {{- include "indexer.selectorLabels" . | nindent 6 }} template: metadata: + annotations: {{- toYaml .Values.podAnnotations | nindent 8 }} labels: {{- include "indexer.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "indexer.serviceAccountName" . }} securityContext: - {{- toYaml .Values.securityContext | nindent 8 }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ include "indexer.name" . }} + - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - containerPort: {{ .Values.service.targetPort }} + - containerPort: {{ .Values.service.port }} env: - - name: DB_HOST - value: {{ .Values.env.DB_HOST }} - - name: DB_PORT - value: {{ .Values.env.DB_PORT }} - - name: DB_DATABASE - value: {{ .Values.env.DB_DATABASE }} - - name: DB_USERNAME + {{- range $key, $value := .Values.appConfig.env }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- if .Values.appSecret.enabled }} + {{- range $key, $value := .Values.appSecret.env }} + - name: {{ $key }} valueFrom: secretKeyRef: - name: db-secrets - key: username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: db-secrets - key: password - - name: NODE_ENV - value: {{ .Values.env.NODE_ENV }} + name: {{ $value }} + key: {{ $key | lower }} + {{- end }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} diff --git a/charts/indexer/templates/secrets.yaml b/charts/indexer/templates/secrets.yaml index df963f4..7ae2c55 100644 --- a/charts/indexer/templates/secrets.yaml +++ b/charts/indexer/templates/secrets.yaml @@ -1,8 +1,11 @@ +{{- if .Values.appSecret.enabled }} apiVersion: v1 kind: Secret metadata: - name: db-secrets + name: {{ .Release.Name }} type: Opaque data: - username: {{ .Values.env.DB_USERNAME | b64enc }} - password: {{ .Values.env.DB_PASSWORD | b64enc }} +{{- range $key, $value := .Values.appSecret.env }} + {{ $key | quote }}: {{ $value | b64enc | quote }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/indexer/values.yaml b/charts/indexer/values.yaml index a9d261c..b27d67d 100644 --- a/charts/indexer/values.yaml +++ b/charts/indexer/values.yaml @@ -22,17 +22,37 @@ service: port: 8080 targetPort: 8080 -# Environment variables -env: - DB_HOST: localhost - DB_PORT: 5432 - DB_DATABASE: mydatabase - DB_USERNAME: secretKeyRefName - DB_PASSWORD: secretKeyRefName - NODE_ENV: production +# Application configuration environment variables +appConfig: + env: + NODE_ENV: production +# Application secret environment variables +appSecret: + enabled: true + env: + DB_HOST: localhost + DB_PORT: 5432 + DB_DATABASE: mydatabase + DB_USERNAME: secretKeyRefName + DB_PASSWORD: secretKeyRefName + # Security context for the deployments securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} \ No newline at end of file