From 1eb56b6e82d0ea1200bc7f96c0422b89e3ba3a47 Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Wed, 12 Jun 2024 13:05:14 +0200 Subject: [PATCH 1/8] feat: add helm charts Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- .github/workflows/lint-test.yaml | 37 + .github/workflows/releaser.yaml | 34 + .github/workflows/snyk-security.yaml | 54 + .gitignore | 196 +++ README.md | 39 + charts/README.md | 223 +++ charts/celestia-app/.helmignore | 21 + charts/celestia-app/Chart.lock | 6 + charts/celestia-app/Chart.yaml | 24 + charts/celestia-app/NOTICE | 3 + charts/celestia-app/README.md | 384 ++++++ charts/celestia-app/templates/NOTES.txt | 31 + charts/celestia-app/templates/_helpers.tpl | 56 + .../templates/clusterrolebinding.yaml | 17 + charts/celestia-app/templates/configmap.yaml | 236 ++++ .../celestia-app/templates/networkpolicy.yaml | 63 + charts/celestia-app/templates/pdb.yaml | 24 + charts/celestia-app/templates/role.yaml | 23 + .../templates/service-account.yaml | 14 + charts/celestia-app/templates/service.yaml | 185 +++ .../templates/servicemonitor.yaml | 42 + .../celestia-app/templates/statefulset.yaml | 374 +++++ charts/celestia-app/values.yaml | 1200 +++++++++++++++++ charts/celestia-node/.helmignore | 21 + charts/celestia-node/Chart.lock | 6 + charts/celestia-node/Chart.yaml | 24 + charts/celestia-node/NOTICE | 3 + charts/celestia-node/README.md | 276 ++++ charts/celestia-node/templates/NOTES.txt | 31 + charts/celestia-node/templates/_helpers.tpl | 56 + .../templates/clusterrolebinding.yaml | 17 + charts/celestia-node/templates/configmap.yaml | 117 ++ .../templates/networkpolicy.yaml | 63 + charts/celestia-node/templates/pdb.yaml | 24 + charts/celestia-node/templates/role.yaml | 23 + .../templates/service-account.yaml | 14 + charts/celestia-node/templates/service.yaml | 166 +++ .../templates/servicemonitor.yaml | 42 + .../celestia-node/templates/statefulset.yaml | 369 +++++ charts/celestia-node/values.yaml | 1084 +++++++++++++++ charts/template/.helmignore | 23 + charts/template/CHART_NAME/.helmignore | 21 + charts/template/CHART_NAME/Chart.yaml | 34 + charts/template/CHART_NAME/README.md | 223 +++ .../template/CHART_NAME/templates/NOTES.txt | 33 + .../CHART_NAME/templates/_helpers.tpl | 61 + .../templates/clusterrolebinding.yaml | 22 + .../CHART_NAME/templates/configmap.yaml | 18 + .../CHART_NAME/templates/daemonset.yaml | 172 +++ .../CHART_NAME/templates/deployment.yaml | 189 +++ .../CHART_NAME/templates/extra-list.yaml | 9 + charts/template/CHART_NAME/templates/hpa.yaml | 49 + .../CHART_NAME/templates/ingress.yaml | 60 + .../CHART_NAME/templates/networkpolicy.yaml | 68 + charts/template/CHART_NAME/templates/pdb.yaml | 29 + charts/template/CHART_NAME/templates/pvc.yaml | 33 + .../template/CHART_NAME/templates/role.yaml | 28 + .../template/CHART_NAME/templates/secret.yaml | 18 + .../CHART_NAME/templates/service-account.yaml | 19 + .../CHART_NAME/templates/service.yaml | 54 + .../CHART_NAME/templates/servicemonitor.yaml | 47 + .../CHART_NAME/templates/statefulset.yaml | 217 +++ .../CHART_NAME/templates/tls-secret.yaml | 46 + charts/template/CHART_NAME/values.yaml | 838 ++++++++++++ charts/template/README.md | 42 + examples/README.md | 5 + examples/celestia-app/mocha.yaml | 58 + examples/celestia-node/mocha.yaml | 64 + scripts/README.md | 31 + scripts/config/app/v1.10.1/app.toml | 252 ++++ scripts/config/app/v1.10.1/client.toml | 17 + scripts/config/app/v1.10.1/config.toml | 519 +++++++ scripts/config/node/v0.13.6/config.toml | 77 ++ scripts/convert_toml_to_template.sh | 97 ++ scripts/convert_toml_to_yaml.sh | 41 + scripts/extract_configs.sh | 62 + 76 files changed, 9198 insertions(+) create mode 100644 .github/workflows/lint-test.yaml create mode 100644 .github/workflows/releaser.yaml create mode 100644 .github/workflows/snyk-security.yaml create mode 100644 .gitignore create mode 100644 charts/README.md create mode 100644 charts/celestia-app/.helmignore create mode 100644 charts/celestia-app/Chart.lock create mode 100644 charts/celestia-app/Chart.yaml create mode 100644 charts/celestia-app/NOTICE create mode 100644 charts/celestia-app/README.md create mode 100644 charts/celestia-app/templates/NOTES.txt create mode 100644 charts/celestia-app/templates/_helpers.tpl create mode 100644 charts/celestia-app/templates/clusterrolebinding.yaml create mode 100644 charts/celestia-app/templates/configmap.yaml create mode 100644 charts/celestia-app/templates/networkpolicy.yaml create mode 100644 charts/celestia-app/templates/pdb.yaml create mode 100644 charts/celestia-app/templates/role.yaml create mode 100644 charts/celestia-app/templates/service-account.yaml create mode 100644 charts/celestia-app/templates/service.yaml create mode 100644 charts/celestia-app/templates/servicemonitor.yaml create mode 100644 charts/celestia-app/templates/statefulset.yaml create mode 100644 charts/celestia-app/values.yaml create mode 100644 charts/celestia-node/.helmignore create mode 100644 charts/celestia-node/Chart.lock create mode 100644 charts/celestia-node/Chart.yaml create mode 100644 charts/celestia-node/NOTICE create mode 100644 charts/celestia-node/README.md create mode 100644 charts/celestia-node/templates/NOTES.txt create mode 100644 charts/celestia-node/templates/_helpers.tpl create mode 100644 charts/celestia-node/templates/clusterrolebinding.yaml create mode 100644 charts/celestia-node/templates/configmap.yaml create mode 100644 charts/celestia-node/templates/networkpolicy.yaml create mode 100644 charts/celestia-node/templates/pdb.yaml create mode 100644 charts/celestia-node/templates/role.yaml create mode 100644 charts/celestia-node/templates/service-account.yaml create mode 100644 charts/celestia-node/templates/service.yaml create mode 100644 charts/celestia-node/templates/servicemonitor.yaml create mode 100644 charts/celestia-node/templates/statefulset.yaml create mode 100644 charts/celestia-node/values.yaml create mode 100644 charts/template/.helmignore create mode 100644 charts/template/CHART_NAME/.helmignore create mode 100644 charts/template/CHART_NAME/Chart.yaml create mode 100644 charts/template/CHART_NAME/README.md create mode 100644 charts/template/CHART_NAME/templates/NOTES.txt create mode 100644 charts/template/CHART_NAME/templates/_helpers.tpl create mode 100644 charts/template/CHART_NAME/templates/clusterrolebinding.yaml create mode 100644 charts/template/CHART_NAME/templates/configmap.yaml create mode 100644 charts/template/CHART_NAME/templates/daemonset.yaml create mode 100644 charts/template/CHART_NAME/templates/deployment.yaml create mode 100644 charts/template/CHART_NAME/templates/extra-list.yaml create mode 100644 charts/template/CHART_NAME/templates/hpa.yaml create mode 100644 charts/template/CHART_NAME/templates/ingress.yaml create mode 100644 charts/template/CHART_NAME/templates/networkpolicy.yaml create mode 100644 charts/template/CHART_NAME/templates/pdb.yaml create mode 100644 charts/template/CHART_NAME/templates/pvc.yaml create mode 100644 charts/template/CHART_NAME/templates/role.yaml create mode 100644 charts/template/CHART_NAME/templates/secret.yaml create mode 100644 charts/template/CHART_NAME/templates/service-account.yaml create mode 100644 charts/template/CHART_NAME/templates/service.yaml create mode 100644 charts/template/CHART_NAME/templates/servicemonitor.yaml create mode 100644 charts/template/CHART_NAME/templates/statefulset.yaml create mode 100644 charts/template/CHART_NAME/templates/tls-secret.yaml create mode 100644 charts/template/CHART_NAME/values.yaml create mode 100644 charts/template/README.md create mode 100644 examples/README.md create mode 100644 examples/celestia-app/mocha.yaml create mode 100644 examples/celestia-node/mocha.yaml create mode 100644 scripts/README.md create mode 100644 scripts/config/app/v1.10.1/app.toml create mode 100644 scripts/config/app/v1.10.1/client.toml create mode 100644 scripts/config/app/v1.10.1/config.toml create mode 100644 scripts/config/node/v0.13.6/config.toml create mode 100755 scripts/convert_toml_to_template.sh create mode 100755 scripts/convert_toml_to_yaml.sh create mode 100755 scripts/extract_configs.sh diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml new file mode 100644 index 0000000..3162d2a --- /dev/null +++ b/.github/workflows/lint-test.yaml @@ -0,0 +1,37 @@ +name: Lint and Test Charts + +on: pull_request + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.12.1 + + - uses: actions/setup-python@v4 + with: + python-version: '3.9' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.4.0 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/releaser.yaml b/.github/workflows/releaser.yaml new file mode 100644 index 0000000..ec829e8 --- /dev/null +++ b/.github/workflows/releaser.yaml @@ -0,0 +1,34 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v4 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + with: + charts_dir: "charts" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/snyk-security.yaml b/.github/workflows/snyk-security.yaml new file mode 100644 index 0000000..d261359 --- /dev/null +++ b/.github/workflows/snyk-security.yaml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which checks out your Infrastructure as Code Configuration files, +# such as Kubernetes, Helm & Terraform and scans them for any security issues. +# The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Infrastructure as Code + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '24 8 * * 4' + +permissions: + contents: read + +jobs: + snyk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run Snyk to check configuration files for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/iac@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + #with: + # Add the path to the configuration file that you would like to test. + # For example `deployment.yaml` for a Kubernetes deployment manifest + # or `main.tf` for a Terraform configuration file + # file: your-file-to-test.yaml + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..448aae9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,196 @@ +# Created by https://www.toptal.com/developers/gitignore/api/helm,linux,macos,windows,intellij +# Edit at https://www.toptal.com/developers/gitignore?templates=helm,linux,macos,windows,intellij + +### Helm ### +# Chart dependencies +**/charts/*.tgz + +### Intellij ### +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +### Intellij Patch ### +# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 + +# *.iml +# modules.xml +# .idea/misc.xml +# *.ipr + +# Sonarlint plugin +# https://plugins.jetbrains.com/plugin/7973-sonarlint +.idea/**/sonarlint/ + +# SonarQube Plugin +# https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin +.idea/**/sonarIssues.xml + +# Markdown Navigator plugin +# https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced +.idea/**/markdown-navigator.xml +.idea/**/markdown-navigator-enh.xml +.idea/**/markdown-navigator/ + +# Cache file creation bug +# See https://youtrack.jetbrains.com/issue/JBR-2257 +.idea/$CACHE_FILE$ + +# CodeStream plugin +# https://plugins.jetbrains.com/plugin/12206-codestream +.idea/codestream.xml + +# Azure Toolkit for IntelliJ plugin +# https://plugins.jetbrains.com/plugin/8053-azure-toolkit-for-intellij +.idea/**/azureSettings.xml + +### Linux ### +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### macOS ### +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### macOS Patch ### +# iCloud generated files +*.icloud + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# End of https://www.toptal.com/developers/gitignore/api/helm,linux,macos,windows,intellij + diff --git a/README.md b/README.md index 4ab2424..1d9a716 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,41 @@ # helm-charts + Celestia Helm Charts + +## Add the celestiaorg helm repository + +```bash +helm repo add celestiaorg https://celestiaorg.github.io/celestia-helm-charts/ +``` + +## Versions + +Please check the helm repository to check which version you need to deploy. + +```bash +helm search repo celestiaorg +``` + +## Installation + +Please make sure you have created the namespace before installing the chart. + +```bash +kubectl create namespace celestia +``` + +### Install the celestia-app chart + +Install a celestia consensus full node against the mocha testnet. + +```bash +helm install celestia-app celestiaorg/celestia-app --namespace celestia --values examples/celestia-node/mocha.yaml +``` + +### Install the celestia-node chart + +Install a celestia bridge node against the mocha testnet. + +```bash +helm install celestia-node-bridge celestiaorg/celestia-node --namespace celestia --values examples/celestia-node/mocha.yaml +``` diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..5a7b55b --- /dev/null +++ b/charts/README.md @@ -0,0 +1,223 @@ + + +# celestia-app + +Celestia App + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/celestia-app +``` + +Looking to use celestia-app in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +%%INTRODUCTION%% (check existing examples) + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys celestia-app on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### External database support + +%%IF NEEDED%% + +You may want to have celestia-app connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: + +```console +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=3306 +``` + +### Ingress + +%%IF NEEDED%% + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### TLS secrets + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. +- `tls.certCAFilename`: CA Certificate filename. No defaults. + +For example: + +First, create the secret with the certificates files: + +```console +kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem +``` + +Then, use the following parameters: + +```console +tls.enabled="true" +tls.existingSecret="certificates-tls-secret" +tls.certFilename="cert.pem" +tls.certKeyFilename="cert.key" +tls.certCAFilename="ca.pem" +``` + +### %%OTHER_SECTIONS%% + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +celestia-app: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as celestia-app (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app) image stores the celestia-app data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Parameters + +See to create the table + +The above parameters map to the env variables defined in [bitnami/celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app). For more information please refer to the [bitnami/celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set celestia-appUsername=admin \ + --set celestia-appPassword=password \ + --set mariadb.auth.rootPassword=secretpassword \ + oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the celestia-app administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/celestia-app/.helmignore b/charts/celestia-app/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/celestia-app/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/celestia-app/Chart.lock b/charts/celestia-app/Chart.lock new file mode 100644 index 0000000..7ce8b2f --- /dev/null +++ b/charts/celestia-app/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.19.2 +digest: sha256:e670e1075bfafffe040fae1158f1fa1f592585f394b48704ba137d2d083b1571 +generated: "2024-05-15T14:28:35.990088925+02:00" diff --git a/charts/celestia-app/Chart.yaml b/charts/celestia-app/Chart.yaml new file mode 100644 index 0000000..7eb3753 --- /dev/null +++ b/charts/celestia-app/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: celestia + licenses: Apache-2.0 +apiVersion: v2 +appVersion: v1.10.1 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Celestia App +home: https://celestia.org +icon: https://celestia.org/static/celestia-logo-29451ae35d3bb72cc4b0f17712d44c3a.svg +keywords: + - celestia + - celestia-app +maintainers: + - name: Celestia Labs + url: https://github.com/celestiaorg/celestia-helm-charts +name: celestia-app +sources: + - https://github.com/celestiaorg/celestia-app +version: 0.1.0 diff --git a/charts/celestia-app/NOTICE b/charts/celestia-app/NOTICE new file mode 100644 index 0000000..70f1a2e --- /dev/null +++ b/charts/celestia-app/NOTICE @@ -0,0 +1,3 @@ +This product includes code from Broadcom, Inc. All Rights Reserved. +Original source: https://github.com/bitnami/charts/tree/main/template +SPDX-License-Identifier: APACHE-2.0 diff --git a/charts/celestia-app/README.md b/charts/celestia-app/README.md new file mode 100644 index 0000000..7f64db7 --- /dev/null +++ b/charts/celestia-app/README.md @@ -0,0 +1,384 @@ +# celestia-app + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v1.9.0](https://img.shields.io/badge/AppVersion-v1.9.0-informational?style=flat-square) + +Celestia App + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Celestia Labs | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| oci://registry-1.docker.io/bitnamicharts | common | 2.x.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| app.affinity | object | `{}` | | +| app.args[0] | string | `"start"` | | +| app.args[1] | string | `"--home"` | | +| app.args[2] | string | `"$(CELESTIA_HOME)"` | | +| app.automountServiceAccountToken | bool | `false` | mount service account token in app pods | +| app.command | list | `["celestia-appd"]` | command for the celestia-app | +| app.config.apptoml.api.address | string | `"tcp://0.0.0.0:1317"` | | +| app.config.apptoml.api.enable | bool | `false` | | +| app.config.apptoml.api.enabled_unsafe_cors | bool | `false` | | +| app.config.apptoml.api.max_open_connections | int | `1000` | | +| app.config.apptoml.api.rpc_max_body_bytes | int | `1000000` | | +| app.config.apptoml.api.rpc_read_timeout | int | `10` | | +| app.config.apptoml.api.rpc_write_timeout | int | `0` | | +| app.config.apptoml.api.swagger | bool | `false` | | +| app.config.apptoml.app_db_backend | string | `""` | | +| app.config.apptoml.grpc.address | string | `"0.0.0.0:9090"` | | +| app.config.apptoml.grpc.enable | bool | `false` | | +| app.config.apptoml.grpc.max_recv_msg_size | string | `"10485760"` | | +| app.config.apptoml.grpc.max_send_msg_size | string | `"2147483647"` | | +| app.config.apptoml.grpc_web.address | string | `"0.0.0.0:9091"` | | +| app.config.apptoml.grpc_web.enable | bool | `false` | | +| app.config.apptoml.grpc_web.enable_unsafe_cors | bool | `false` | | +| app.config.apptoml.halt_height | int | `0` | | +| app.config.apptoml.halt_time | int | `0` | | +| app.config.apptoml.iavl_cache_size | int | `781250` | | +| app.config.apptoml.iavl_disable_fastnode | bool | `false` | | +| app.config.apptoml.iavl_lazy_loading | bool | `false` | | +| app.config.apptoml.index_events | list | `[]` | | +| app.config.apptoml.inter_block_cache | bool | `true` | | +| app.config.apptoml.min_retain_blocks | int | `0` | | +| app.config.apptoml.minimum_gas_prices | string | `"0.002utia"` | | +| app.config.apptoml.pruning | string | `"default"` | | +| app.config.apptoml.pruning_interval | string | `"0"` | | +| app.config.apptoml.pruning_keep_recent | string | `"0"` | | +| app.config.apptoml.rosetta.address | string | `":8080"` | | +| app.config.apptoml.rosetta.blockchain | string | `"app"` | | +| app.config.apptoml.rosetta.denom_to_suggest | string | `"uatom"` | | +| app.config.apptoml.rosetta.enable | bool | `false` | | +| app.config.apptoml.rosetta.enable_fee_suggestion | bool | `false` | | +| app.config.apptoml.rosetta.gas_to_suggest | int | `210000` | | +| app.config.apptoml.rosetta.network | string | `"network"` | | +| app.config.apptoml.rosetta.offline | bool | `false` | | +| app.config.apptoml.rosetta.retries | int | `3` | | +| app.config.apptoml.state_sync.snapshot_interval | int | `1500` | | +| app.config.apptoml.state_sync.snapshot_keep_recent | int | `2` | | +| app.config.apptoml.store.streamers | list | `[]` | | +| app.config.apptoml.streamers.file.fsync | string | `"false"` | | +| app.config.apptoml.streamers.file.keys[0] | string | `"*"` | | +| app.config.apptoml.streamers.file.output_metadata | string | `"true"` | | +| app.config.apptoml.streamers.file.prefix | string | `""` | | +| app.config.apptoml.streamers.file.stop_node_on_error | string | `"true"` | | +| app.config.apptoml.streamers.file.write_dir | string | `""` | | +| app.config.apptoml.telemetry.enable_hostname | bool | `false` | | +| app.config.apptoml.telemetry.enable_hostname_label | bool | `false` | | +| app.config.apptoml.telemetry.enable_service_label | bool | `false` | | +| app.config.apptoml.telemetry.enabled | bool | `false` | | +| app.config.apptoml.telemetry.global_labels | list | `[]` | | +| app.config.apptoml.telemetry.prometheus_retention_time | int | `0` | | +| app.config.apptoml.telemetry.service_name | string | `""` | | +| app.config.clienttoml.broadcast_mode | string | `"sync"` | | +| app.config.clienttoml.chain_id | string | `"celestia"` | | +| app.config.clienttoml.keyring_backend | string | `"test"` | | +| app.config.clienttoml.node | string | `"tcp://localhost:26657"` | | +| app.config.clienttoml.output | string | `"text"` | | +| app.config.configtoml.abci | string | `"socket"` | | +| app.config.configtoml.consensus.create_empty_blocks | bool | `true` | | +| app.config.configtoml.consensus.create_empty_blocks_interval | string | `"0s"` | | +| app.config.configtoml.consensus.double_sign_check_height | int | `0` | | +| app.config.configtoml.consensus.peer_gossip_sleep_duration | string | `"100ms"` | | +| app.config.configtoml.consensus.peer_query_maj23_sleep_duration | string | `"2s"` | | +| app.config.configtoml.consensus.skip_timeout_commit | bool | `false` | | +| app.config.configtoml.consensus.timeout_commit | string | `"11s"` | | +| app.config.configtoml.consensus.timeout_precommit | string | `"1s"` | | +| app.config.configtoml.consensus.timeout_precommit_delta | string | `"500ms"` | | +| app.config.configtoml.consensus.timeout_prevote | string | `"1s"` | | +| app.config.configtoml.consensus.timeout_prevote_delta | string | `"500ms"` | | +| app.config.configtoml.consensus.timeout_propose | string | `"10s"` | | +| app.config.configtoml.consensus.timeout_propose_delta | string | `"500ms"` | | +| app.config.configtoml.consensus.wal_file | string | `"data/cs.wal/wal"` | | +| app.config.configtoml.db_backend | string | `"goleveldb"` | | +| app.config.configtoml.db_dir | string | `"data"` | | +| app.config.configtoml.fast_sync | bool | `true` | | +| app.config.configtoml.fastsync.version | string | `"v0"` | | +| app.config.configtoml.filter_peers | bool | `false` | | +| app.config.configtoml.genesis_file | string | `"config/genesis.json"` | | +| app.config.configtoml.instrumentation.influx_batch_size | int | `20` | | +| app.config.configtoml.instrumentation.influx_bucket | string | `"e2e"` | | +| app.config.configtoml.instrumentation.influx_org | string | `"celestia"` | | +| app.config.configtoml.instrumentation.influx_tables[0] | string | `"mempool_tx"` | | +| app.config.configtoml.instrumentation.influx_tables[1] | string | `"mempool_peer_state"` | | +| app.config.configtoml.instrumentation.influx_tables[2] | string | `"mempool_rejected"` | | +| app.config.configtoml.instrumentation.influx_tables[3] | string | `"consensus_round_state"` | | +| app.config.configtoml.instrumentation.influx_tables[4] | string | `"consensus_block_parts"` | | +| app.config.configtoml.instrumentation.influx_tables[5] | string | `"consensus_block"` | | +| app.config.configtoml.instrumentation.influx_tables[6] | string | `"consensus_vote"` | | +| app.config.configtoml.instrumentation.influx_token | string | `""` | | +| app.config.configtoml.instrumentation.influx_url | string | `""` | | +| app.config.configtoml.instrumentation.max_open_connections | int | `3` | | +| app.config.configtoml.instrumentation.namespace | string | `"cometbft"` | | +| app.config.configtoml.instrumentation.prometheus | bool | `false` | | +| app.config.configtoml.instrumentation.prometheus_listen_addr | string | `":26660"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[0] | string | `"cpu"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[1] | string | `"alloc_objects"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[2] | string | `"inuse_objects"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[3] | string | `"goroutines"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[4] | string | `"mutex_count"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[5] | string | `"mutex_duration"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[6] | string | `"block_count"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[7] | string | `"block_duration"` | | +| app.config.configtoml.instrumentation.pyroscope_trace | bool | `false` | | +| app.config.configtoml.instrumentation.pyroscope_url | string | `""` | | +| app.config.configtoml.log_format | string | `"plain"` | | +| app.config.configtoml.log_level | string | `"info"` | | +| app.config.configtoml.mempool.broadcast | bool | `true` | | +| app.config.configtoml.mempool.cache_size | int | `10000` | | +| app.config.configtoml.mempool.keep_invalid_txs_in_cache | bool | `false` | | +| app.config.configtoml.mempool.max_batch_bytes | int | `0` | | +| app.config.configtoml.mempool.max_gossip_delay | string | `"0s"` | | +| app.config.configtoml.mempool.max_tx_bytes | int | `7897088` | | +| app.config.configtoml.mempool.max_txs_bytes | int | `39485440` | | +| app.config.configtoml.mempool.recheck | bool | `true` | | +| app.config.configtoml.mempool.size | int | `5000` | | +| app.config.configtoml.mempool.ttl_duration | string | `"1m15s"` | | +| app.config.configtoml.mempool.ttl_num_blocks | int | `5` | | +| app.config.configtoml.mempool.version | string | `"v1"` | | +| app.config.configtoml.mempool.wal_dir | string | `""` | | +| app.config.configtoml.moniker | string | `"app"` | | +| app.config.configtoml.node_key_file | string | `"config/node_key.json"` | | +| app.config.configtoml.p2p.addr_book_file | string | `"config/addrbook.json"` | | +| app.config.configtoml.p2p.addr_book_strict | bool | `true` | | +| app.config.configtoml.p2p.allow_duplicate_ip | bool | `false` | | +| app.config.configtoml.p2p.dial_timeout | string | `"3s"` | | +| app.config.configtoml.p2p.external_address | string | `""` | | +| app.config.configtoml.p2p.flush_throttle_timeout | string | `"100ms"` | | +| app.config.configtoml.p2p.handshake_timeout | string | `"20s"` | | +| app.config.configtoml.p2p.laddr | string | `"tcp://0.0.0.0:26656"` | | +| app.config.configtoml.p2p.max_num_inbound_peers | int | `40` | | +| app.config.configtoml.p2p.max_num_outbound_peers | int | `10` | | +| app.config.configtoml.p2p.max_packet_msg_payload_size | int | `1024` | | +| app.config.configtoml.p2p.persistent_peers | string | `""` | | +| app.config.configtoml.p2p.persistent_peers_max_dial_period | string | `"0s"` | | +| app.config.configtoml.p2p.pex | bool | `true` | | +| app.config.configtoml.p2p.private_peer_ids | string | `""` | | +| app.config.configtoml.p2p.recv_rate | int | `5120000` | | +| app.config.configtoml.p2p.seed_mode | bool | `false` | | +| app.config.configtoml.p2p.seeds | string | `""` | | +| app.config.configtoml.p2p.send_rate | int | `5120000` | | +| app.config.configtoml.p2p.unconditional_peer_ids | string | `""` | | +| app.config.configtoml.p2p.upnp | bool | `false` | | +| app.config.configtoml.priv_validator_key_file | string | `"config/priv_validator_key.json"` | | +| app.config.configtoml.priv_validator_laddr | string | `""` | | +| app.config.configtoml.priv_validator_state_file | string | `"data/priv_validator_state.json"` | | +| app.config.configtoml.proxy_app | string | `"tcp://127.0.0.1:26658"` | | +| app.config.configtoml.rpc.cors_allowed_headers[0] | string | `"Origin"` | | +| app.config.configtoml.rpc.cors_allowed_headers[1] | string | `"Accept"` | | +| app.config.configtoml.rpc.cors_allowed_headers[2] | string | `"Content-Type"` | | +| app.config.configtoml.rpc.cors_allowed_headers[3] | string | `"X-Requested-With"` | | +| app.config.configtoml.rpc.cors_allowed_headers[4] | string | `"X-Server-Time"` | | +| app.config.configtoml.rpc.cors_allowed_methods[0] | string | `"HEAD"` | | +| app.config.configtoml.rpc.cors_allowed_methods[1] | string | `"GET"` | | +| app.config.configtoml.rpc.cors_allowed_methods[2] | string | `"POST"` | | +| app.config.configtoml.rpc.cors_allowed_origins | list | `[]` | | +| app.config.configtoml.rpc.experimental_close_on_slow_client | bool | `false` | | +| app.config.configtoml.rpc.experimental_subscription_buffer_size | int | `200` | | +| app.config.configtoml.rpc.experimental_websocket_write_buffer_size | int | `200` | | +| app.config.configtoml.rpc.grpc_laddr | string | `""` | | +| app.config.configtoml.rpc.grpc_max_open_connections | int | `900` | | +| app.config.configtoml.rpc.laddr | string | `"tcp://127.0.0.1:26657"` | | +| app.config.configtoml.rpc.max_body_bytes | int | `8388608` | | +| app.config.configtoml.rpc.max_header_bytes | int | `1048576` | | +| app.config.configtoml.rpc.max_open_connections | int | `900` | | +| app.config.configtoml.rpc.max_subscription_clients | int | `100` | | +| app.config.configtoml.rpc.max_subscriptions_per_client | int | `5` | | +| app.config.configtoml.rpc.pprof_laddr | string | `"localhost:6060"` | | +| app.config.configtoml.rpc.timeout_broadcast_tx_commit | string | `"50s"` | | +| app.config.configtoml.rpc.tls_cert_file | string | `""` | | +| app.config.configtoml.rpc.tls_key_file | string | `""` | | +| app.config.configtoml.rpc.unsafe | bool | `false` | | +| app.config.configtoml.statesync.chunk_fetchers | string | `"4"` | | +| app.config.configtoml.statesync.chunk_request_timeout | string | `"10s"` | | +| app.config.configtoml.statesync.discovery_time | string | `"15s"` | | +| app.config.configtoml.statesync.enable | bool | `false` | | +| app.config.configtoml.statesync.rpc_servers | string | `""` | | +| app.config.configtoml.statesync.temp_dir | string | `""` | | +| app.config.configtoml.statesync.trust_hash | string | `""` | | +| app.config.configtoml.statesync.trust_height | int | `0` | | +| app.config.configtoml.statesync.trust_period | string | `"168h0m0s"` | | +| app.config.configtoml.storage.discard_abci_responses | bool | `true` | | +| app.config.configtoml.tx_index.indexer | string | `"null"` | | +| app.config.configtoml.tx_index.psql_conn | string | `""` | | +| app.containerPorts | object | `{"api":1317,"grpc":9090,"p2p":26656,"prometheus":26660,"rpc":26657,"tracing":26661}` | container ports for the app | +| app.containerPorts.api | int | `1317` | API container port, 1317 by default | +| app.containerPorts.grpc | int | `9090` | gRPC container port, 9090 by default | +| app.containerPorts.p2p | int | `26656` | P2P container port, 26656 by default | +| app.containerPorts.prometheus | int | `26660` | Prometheus container port, 26660 by default | +| app.containerPorts.rpc | int | `26657` | RPC container port, 26657 by default | +| app.containerPorts.tracing | int | `26661` | Tracing container port, 26661 by default | +| app.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"enabled":true,"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10001,"seLinuxOptions":{},"seccompProfile":{"type":"RuntimeDefault"}}` | container security context for the app | +| app.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | allowPrivilegeEscalation in app container, false by default | +| app.containerSecurityContext.capabilities | object | `{"drop":["ALL"]}` | capabilities to be dropped in app container, ["ALL"] by default | +| app.containerSecurityContext.enabled | bool | `true` | enable container security context for the app, true by default | +| app.containerSecurityContext.privileged | bool | `false` | privileged in app container, false by default | +| app.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | readOnlyRootFilesystem in app container, true by default | +| app.containerSecurityContext.runAsGroup | int | `10001` | runAsGroup in app container, 10001 by default | +| app.containerSecurityContext.runAsNonRoot | bool | `true` | runAsNonRoot in app container, true by default | +| app.containerSecurityContext.runAsUser | int | `10001` | runAsUser in app container, 10001 by default | +| app.containerSecurityContext.seLinuxOptions | object | `{}` | SELinux options in app container, {} by default | +| app.containerSecurityContext.seccompProfile | object | `{"type":"RuntimeDefault"}` | seccomp profile in app container, RuntimeDefault by default | +| app.customLivenessProbe | object | `{}` | | +| app.customReadinessProbe | object | `{}` | | +| app.customStartupProbe | object | `{}` | | +| app.daemonsetAnnotations | object | `{}` | | +| app.deploymentAnnotations | object | `{}` | | +| app.existingConfigmap | string | `nil` | | +| app.extraEnvVars | list | `[]` | | +| app.extraEnvVarsCM | string | `""` | | +| app.extraEnvVarsSecret | string | `""` | | +| app.extraVolumeMounts | list | `[]` | | +| app.extraVolumes | list | `[]` | | +| app.hostAliases | list | `[]` | | +| app.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-app","tag":"v1.9.0"}` | image parameters for the image | +| app.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image, IfNotPresent by default | +| app.image.registry | string | `"ghcr.io"` | registry for the image, GitHub Container Registry by default | +| app.image.repository | string | `"celestiaorg/celestia-app"` | repository for the image, celestiaorg/celestia-app by default | +| app.image.tag | string | `"v1.9.0"` | tag for the image, v1.9.0 by default | +| app.initContainers | list | `[]` | | +| app.lifecycleHooks | object | `{}` | | +| app.livenessProbe | object | `{"enabled":false,"failureThreshold":3,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | liveness probe for the app | +| app.livenessProbe.enabled | bool | `false` | enable liveness probe on app containers, false by default | +| app.livenessProbe.failureThreshold | int | `3` | failure threshold for livenessProbe, 3 by default | +| app.livenessProbe.initialDelaySeconds | int | `0` | initial delay seconds for livenessProbe, 0 by default | +| app.livenessProbe.periodSeconds | int | `10` | period seconds for livenessProbe, 10 by default | +| app.livenessProbe.successThreshold | int | `1` | success threshold for livenessProbe, 1 by default | +| app.livenessProbe.timeoutSeconds | int | `1` | timeout seconds for livenessProbe, 1 by default | +| app.nodeAffinityPreset.key | string | `""` | | +| app.nodeAffinityPreset.type | string | `""` | | +| app.nodeAffinityPreset.values | list | `[]` | | +| app.nodeSelector | object | `{}` | | +| app.otelAgent.config | object | `{"exporters":{"otlphttp":{"auth":{"authenticator":"basicauth/otlp"},"endpoint":"https://otlp-gateway-prod-us-central-0.grafana.net/otlp"},"prometheus":{"endpoint":"localhost:8889"}},"extensions":{"basicauth/otlp":{"client_auth":{"password":"${GRAFANA_OTEL_TOKEN}","username":"${GRAFANA_OTEL_USERNAME}"}}},"receivers":{"otlp":{"protocols":{"grpc":{"endpoint":"localhost:4317"},"http":{"endpoint":"localhost:4318"}}},"prometheus":{"config":{"scrape_configs":[{"job_name":"${JOB_NAME}","scrape_interval":"10s","static_configs":[{"targets":["localhost:26660"]}]}]}}},"service":{"extensions":["basicauth/otlp"],"pipelines":{"metrics":{"exporters":["otlphttp","prometheus"],"receivers":["otlp","prometheus"]}},"telemetry":{"logs":{"level":"INFO"},"metrics":{"address":"localhost:8888","level":"basic"}}}}` | config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) | +| app.otelAgent.enabled | bool | `false` | enable otel agent for the app, false by default | +| app.otelAgent.grafanaOtelSecret | object | `{"name":"SET_IT"}` | grafana otel secret for the app | +| app.otelAgent.grafanaOtelSecret.name | string | `"SET_IT"` | name of the grafana otel secret, it must be set | +| app.otelAgent.image | object | `{"digest":"","pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib","tag":"0.102.0"}` | image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default | +| app.otelAgent.resources | object | `{}` | | +| app.otelAgent.resourcesPreset | string | `"nano"` | | +| app.pdb.create | bool | `false` | | +| app.pdb.maxUnavailable | string | `""` | | +| app.pdb.minAvailable | int | `1` | | +| app.podAffinityPreset | string | `""` | | +| app.podAnnotations | object | `{}` | | +| app.podAntiAffinityPreset | string | `"soft"` | | +| app.podLabels | object | `{}` | | +| app.podManagementPolicy | string | `"OrderedReady"` | | +| app.podSecurityContext | object | `{"enabled":true,"fsGroup":10001,"fsGroupChangePolicy":"Always","supplementalGroups":[],"sysctls":[]}` | pod security context for the app | +| app.podSecurityContext.enabled | bool | `true` | enable pod security context for the app, true by default | +| app.podSecurityContext.fsGroup | int | `10001` | fsGroup in app pods' Security Context, 10001 by default | +| app.podSecurityContext.fsGroupChangePolicy | string | `"Always"` | filesystem group change policy for app pods, Always by default | +| app.podSecurityContext.supplementalGroups | list | `[]` | filesystem extra groups for app pods, [] by default | +| app.podSecurityContext.sysctls | list | `[]` | kernel settings using the sysctl interface for app pods, [] by default | +| app.priorityClassName | string | `""` | | +| app.readinessProbe.enabled | bool | `false` | enable readiness probe on app containers, false by default | +| app.readinessProbe.failureThreshold | int | `3` | failure threshold for readinessProbe, 3 by default | +| app.readinessProbe.initialDelaySeconds | int | `0` | initial delay seconds for readinessProbe, 0 by default | +| app.readinessProbe.periodSeconds | int | `10` | period seconds for readinessProbe, 10 by default | +| app.readinessProbe.successThreshold | int | `1` | success threshold for readinessProbe, 1 by default | +| app.readinessProbe.timeoutSeconds | int | `1` | timeout seconds for readinessProbe, 1 by default | +| app.replicaCount | int | `1` | number of app replicas to deploy, 1 by default | +| app.resources.limits | object | `{"cpu":2,"memory":"8Gi"}` | limits for the app | +| app.resources.limits.cpu | int | `2` | cpu limits for the app, 2 by default | +| app.resources.limits.memory | string | `"8Gi"` | memory limits for the app, 8Gi by default | +| app.resources.requests | object | `{"cpu":2,"memory":"8Gi"}` | requests for the app | +| app.resources.requests.cpu | int | `2` | cpu requests for the app, 2 by default | +| app.resources.requests.memory | string | `"8Gi"` | memory requests for the app, 8Gi by default | +| app.resourcesPreset | string | `"nano"` | more information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | +| app.schedulerName | string | `""` | | +| app.settings.genesisURL | string | `"SET_IT"` | genesis URL for the celestia-app, it must be set | +| app.settings.home | string | `"/home/celestia"` | home directory for the celestia-app, defaults to /home/celestia | +| app.settings.secret.name | string | `"SET_IT"` | name of the secret, it must be set | +| app.sidecars | list | `[]` | | +| app.startupProbe | object | `{"enabled":false,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | startup probe for the app | +| app.startupProbe.enabled | bool | `false` | enable startup probe on app containers, false by default | +| app.startupProbe.initialDelaySeconds | int | `0` | initial delay seconds for startupProbe, 0 by default | +| app.startupProbe.periodSeconds | int | `10` | period seconds for startupProbe, 10 by default | +| app.startupProbe.successThreshold | int | `1` | failure threshold for startupProbe, 3 by default | +| app.startupProbe.timeoutSeconds | int | `1` | timeout seconds for startupProbe, 1 by default | +| app.statefulsetAnnotations | object | `{}` | | +| app.terminationGracePeriodSeconds | string | `""` | | +| app.tolerations | list | `[]` | | +| app.topologySpreadConstraints | list | `[]` | | +| app.updateStrategy.type | string | `"RollingUpdate"` | | +| clusterDomain | string | `"cluster.local"` | | +| commonAnnotations | object | `{}` | | +| commonLabels | object | `{}` | | +| diagnosticMode.args[0] | string | `"infinity"` | | +| diagnosticMode.command[0] | string | `"sleep"` | | +| diagnosticMode.enabled | bool | `false` | | +| extraDeploy | list | `[]` | | +| fullnameOverride | string | `""` | | +| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | | +| global.imagePullSecrets | list | `[]` | | +| global.imageRegistry | string | `""` | | +| global.storageClass | string | `""` | | +| kubeVersion | string | `""` | | +| metrics.enabled | bool | `false` | | +| metrics.serviceMonitor.annotations | object | `{}` | | +| metrics.serviceMonitor.enabled | bool | `false` | | +| metrics.serviceMonitor.honorLabels | bool | `false` | | +| metrics.serviceMonitor.interval | string | `""` | | +| metrics.serviceMonitor.jobLabel | string | `""` | | +| metrics.serviceMonitor.labels | object | `{}` | | +| metrics.serviceMonitor.metricRelabelings | list | `[]` | | +| metrics.serviceMonitor.namespace | string | `""` | | +| metrics.serviceMonitor.relabelings | list | `[]` | | +| metrics.serviceMonitor.scrapeTimeout | string | `""` | | +| metrics.serviceMonitor.selector | object | `{}` | | +| nameOverride | string | `""` | | +| namespaceOverride | string | `""` | | +| networkPolicy | with the correct destination port | `{"allowExternal":true,"allowExternalEgress":true,"enabled":true,"extraEgress":[],"extraIngress":[],"ingressNSMatchLabels":{},"ingressNSPodMatchLabels":{}}` | . | +| networkPolicy.enabled | bool | `true` | enable network policy, true by default | +| persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"dataSource":{},"enabled":true,"existingClaim":"","mountPath":"/bitnami/app/data","selector":{},"size":"250Gi","storageClass":"","subPath":""}` | persistence parameters | +| rbac.create | bool | `false` | | +| rbac.rules | list | `[]` | | +| service.external | object | `{"annotations":{},"enabled":true,"externalTrafficPolicy":"Cluster","extraPorts":[],"loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":{"api":"","grpc":"","p2p":"","prometheus":"","rpc":"","tracing":""},"ports":{"api":1317,"grpc":9090,"p2p":26656,"rpc":26657},"sessionAffinity":"None","sessionAffinityConfig":{},"type":"LoadBalancer"}` | external service parameters | +| service.external.enabled | bool | `true` | enable external service, true by default | +| service.external.ports.api | int | `1317` | api port, 1317 by default | +| service.external.ports.grpc | int | `9090` | grpc port, 9090 by default | +| service.external.type | string | `"LoadBalancer"` | external service type, LoadBalancer by default | +| service.internal.annotations | object | `{}` | | +| service.internal.clusterIP | string | `""` | | +| service.internal.ports.api | int | `1317` | | +| service.internal.ports.grpc | int | `9090` | | +| service.internal.ports.p2p | int | `26656` | | +| service.internal.ports.prometheus | int | `26660` | | +| service.internal.ports.rpc | int | `26657` | | +| service.internal.ports.tracing | int | `26661` | | +| service.internal.sessionAffinity | string | `"None"` | | +| service.internal.sessionAffinityConfig | object | `{}` | | +| service.internal.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| volumePermissions.containerSecurityContext.enabled | bool | `true` | | +| volumePermissions.containerSecurityContext.runAsUser | int | `0` | | +| volumePermissions.containerSecurityContext.seLinuxOptions | object | `{}` | | +| volumePermissions.enabled | bool | `false` | | +| volumePermissions.image.pullPolicy | string | `"IfNotPresent"` | | +| volumePermissions.image.pullSecrets | list | `[]` | | +| volumePermissions.image.registry | string | `"docker.io"` | | +| volumePermissions.image.repository | string | `"bitnami/os-shell"` | | +| volumePermissions.image.tag | string | `"12-debian-12-r22"` | | +| volumePermissions.resources | object | `{}` | | +| volumePermissions.resourcesPreset | string | `"nano"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/celestia-app/templates/NOTES.txt b/charts/celestia-app/templates/NOTES.txt new file mode 100644 index 0000000..8e51023 --- /dev/null +++ b/charts/celestia-app/templates/NOTES.txt @@ -0,0 +1,31 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + %%ENTRYPOINT and CMD from main container%% + +{{- else }} + +%%Instructions to access the application depending on the serviceType and other considerations%% + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.app.image }} diff --git a/charts/celestia-app/templates/_helpers.tpl b/charts/celestia-app/templates/_helpers.tpl new file mode 100644 index 0000000..b507d07 --- /dev/null +++ b/charts/celestia-app/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Return the proper app image name +*/}} +{{- define "app.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.app.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "app.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "app.imagePullSecrets" -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.app.image .Values.volumePermissions.image) "context" $) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "app.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper image name for the otel agent +*/}} +{{- define "app.otelAgent.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.app.otelAgent.image "global" .Values.global) -}} +{{- end -}} + +# TODO: add validations for values +# Remember to add the validation message to NOTES.txt at the end ({{- include "app.validateValues" . }}) +{{/* +Compile all warnings into a single message. +*/}} +{{- define "app.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "app.validateValues.foo" .) -}} +{{- $messages := append $messages (include "app.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} diff --git a/charts/celestia-app/templates/clusterrolebinding.yaml b/charts/celestia-app/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..5c780e3 --- /dev/null +++ b/charts/celestia-app/templates/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +kind: ClusterRoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "app.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} diff --git a/charts/celestia-app/templates/configmap.yaml b/charts/celestia-app/templates/configmap.yaml new file mode 100644 index 0000000..391c7d3 --- /dev/null +++ b/charts/celestia-app/templates/configmap.yaml @@ -0,0 +1,236 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-apptoml + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + app.toml: | + minimum-gas-prices = "{{ .Values.app.config.apptoml.minimum_gas_prices }}" + pruning = "{{ .Values.app.config.apptoml.pruning }}" + pruning-keep-recent = "{{ .Values.app.config.apptoml.pruning_keep_recent }}" + pruning-interval = "{{ .Values.app.config.apptoml.pruning_interval }}" + halt-height = {{ printf "%.0f" .Values.app.config.apptoml.halt_height }} + halt-time = {{ printf "%.0f" .Values.app.config.apptoml.halt_time }} + min-retain-blocks = {{ printf "%.0f" .Values.app.config.apptoml.min_retain_blocks }} + inter-block-cache = {{ .Values.app.config.apptoml.inter_block_cache }} + index-events = {{ .Values.app.config.apptoml.index_events }} + iavl-cache-size = {{ printf "%.0f" .Values.app.config.apptoml.iavl_cache_size }} + iavl-disable-fastnode = {{ .Values.app.config.apptoml.iavl_disable_fastnode }} + iavl-lazy-loading = {{ .Values.app.config.apptoml.iavl_lazy_loading }} + app-db-backend = "{{ .Values.app.config.apptoml.app_db_backend }}" + [telemetry] + service-name = "{{ .Values.app.config.apptoml.telemetry.service_name }}" + enabled = {{ .Values.app.config.apptoml.telemetry.enabled }} + enable-hostname = {{ .Values.app.config.apptoml.telemetry.enable_hostname }} + enable-hostname-label = {{ .Values.app.config.apptoml.telemetry.enable_hostname_label }} + enable-service-label = {{ .Values.app.config.apptoml.telemetry.enable_service_label }} + prometheus-retention-time = {{ printf "%.0f" .Values.app.config.apptoml.telemetry.prometheus_retention_time }} + global-labels = {{ .Values.app.config.apptoml.telemetry.global_labels }} + [api] + enable = {{ .Values.app.config.apptoml.api.enable }} + swagger = {{ .Values.app.config.apptoml.api.swagger }} + address = "{{ .Values.app.config.apptoml.api.address }}" + max-open-connections = {{ printf "%.0f" .Values.app.config.apptoml.api.max_open_connections }} + rpc-read-timeout = {{ printf "%.0f" .Values.app.config.apptoml.api.rpc_read_timeout }} + rpc-write-timeout = {{ printf "%.0f" .Values.app.config.apptoml.api.rpc_write_timeout }} + rpc-max-body-bytes = {{ printf "%.0f" .Values.app.config.apptoml.api.rpc_max_body_bytes }} + enabled-unsafe-cors = {{ .Values.app.config.apptoml.api.enabled_unsafe_cors }} + [rosetta] + enable = {{ .Values.app.config.apptoml.rosetta.enable }} + address = "{{ .Values.app.config.apptoml.rosetta.address }}" + blockchain = "{{ .Values.app.config.apptoml.rosetta.blockchain }}" + network = "{{ .Values.app.config.apptoml.rosetta.network }}" + retries = {{ printf "%.0f" .Values.app.config.apptoml.rosetta.retries }} + offline = {{ .Values.app.config.apptoml.rosetta.offline }} + enable-fee-suggestion = {{ .Values.app.config.apptoml.rosetta.enable_fee_suggestion }} + gas-to-suggest = {{ printf "%.0f" .Values.app.config.apptoml.rosetta.gas_to_suggest }} + denom-to-suggest = "{{ .Values.app.config.apptoml.rosetta.denom_to_suggest }}" + [grpc] + enable = {{ .Values.app.config.apptoml.grpc.enable }} + address = "{{ .Values.app.config.apptoml.grpc.address }}" + max-recv-msg-size = "{{ .Values.app.config.apptoml.grpc.max_recv_msg_size }}" + max-send-msg-size = "{{ .Values.app.config.apptoml.grpc.max_send_msg_size }}" + [grpc_web] + enable = {{ .Values.app.config.apptoml.grpc_web.enable }} + address = "{{ .Values.app.config.apptoml.grpc_web.address }}" + enable-unsafe-cors = {{ .Values.app.config.apptoml.grpc_web.enable_unsafe_cors }} + [state_sync] + snapshot-interval = {{ printf "%.0f" .Values.app.config.apptoml.state_sync.snapshot_interval }} + snapshot-keep-recent = {{ printf "%.0f" .Values.app.config.apptoml.state_sync.snapshot_keep_recent }} + [store] + streamers = {{ .Values.app.config.apptoml.store.streamers }} + [streamers] + [streamers.file] + keys = [{{ range $index, $element := .Values.app.config.apptoml.streamers.file.keys }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] + write_dir = "{{ .Values.app.config.apptoml.streamers.file.write_dir }}" + prefix = "{{ .Values.app.config.apptoml.streamers.file.prefix }}" + output-metadata = "{{ .Values.app.config.apptoml.streamers.file.output_metadata }}" + stop-node-on-error = "{{ .Values.app.config.apptoml.streamers.file.stop_node_on_error }}" + fsync = "{{ .Values.app.config.apptoml.streamers.file.fsync }}" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-clienttoml + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + client.toml: | + chain-id = "{{ .Values.app.config.clienttoml.chain_id }}" + keyring-backend = "{{ .Values.app.config.clienttoml.keyring_backend }}" + output = "{{ .Values.app.config.clienttoml.output }}" + node = "{{ .Values.app.config.clienttoml.node }}" + broadcast-mode = "{{ .Values.app.config.clienttoml.broadcast_mode }}" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-configtoml + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.toml: | + proxy_app = "{{ .Values.app.config.configtoml.proxy_app }}" + moniker = "{{ .Values.app.config.configtoml.moniker }}" + fast_sync = {{ .Values.app.config.configtoml.fast_sync }} + db_backend = "{{ .Values.app.config.configtoml.db_backend }}" + db_dir = "{{ .Values.app.config.configtoml.db_dir }}" + log_level = "{{ .Values.app.config.configtoml.log_level }}" + log_format = "{{ .Values.app.config.configtoml.log_format }}" + genesis_file = "{{ .Values.app.config.configtoml.genesis_file }}" + priv_validator_key_file = "{{ .Values.app.config.configtoml.priv_validator_key_file }}" + priv_validator_state_file = "{{ .Values.app.config.configtoml.priv_validator_state_file }}" + priv_validator_laddr = "{{ .Values.app.config.configtoml.priv_validator_laddr }}" + node_key_file = "{{ .Values.app.config.configtoml.node_key_file }}" + abci = "{{ .Values.app.config.configtoml.abci }}" + filter_peers = {{ .Values.app.config.configtoml.filter_peers }} + [rpc] + laddr = "{{ .Values.app.config.configtoml.rpc.laddr }}" + cors_allowed_origins = {{ .Values.app.config.configtoml.rpc.cors_allowed_origins }} + cors_allowed_methods = [{{ range $index, $element := .Values.app.config.configtoml.rpc.cors_allowed_methods }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] + cors_allowed_headers = [{{ range $index, $element := .Values.app.config.configtoml.rpc.cors_allowed_headers }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] + grpc_laddr = "{{ .Values.app.config.configtoml.rpc.grpc_laddr }}" + grpc_max_open_connections = {{ printf "%.0f" .Values.app.config.configtoml.rpc.grpc_max_open_connections }} + unsafe = {{ .Values.app.config.configtoml.rpc.unsafe }} + max_open_connections = {{ printf "%.0f" .Values.app.config.configtoml.rpc.max_open_connections }} + max_subscription_clients = {{ printf "%.0f" .Values.app.config.configtoml.rpc.max_subscription_clients }} + max_subscriptions_per_client = {{ printf "%.0f" .Values.app.config.configtoml.rpc.max_subscriptions_per_client }} + experimental_subscription_buffer_size = {{ printf "%.0f" .Values.app.config.configtoml.rpc.experimental_subscription_buffer_size }} + experimental_websocket_write_buffer_size = {{ printf "%.0f" .Values.app.config.configtoml.rpc.experimental_websocket_write_buffer_size }} + experimental_close_on_slow_client = {{ .Values.app.config.configtoml.rpc.experimental_close_on_slow_client }} + timeout_broadcast_tx_commit = "{{ .Values.app.config.configtoml.rpc.timeout_broadcast_tx_commit }}" + max_body_bytes = {{ printf "%.0f" .Values.app.config.configtoml.rpc.max_body_bytes }} + max_header_bytes = {{ printf "%.0f" .Values.app.config.configtoml.rpc.max_header_bytes }} + tls_cert_file = "{{ .Values.app.config.configtoml.rpc.tls_cert_file }}" + tls_key_file = "{{ .Values.app.config.configtoml.rpc.tls_key_file }}" + pprof_laddr = "{{ .Values.app.config.configtoml.rpc.pprof_laddr }}" + [p2p] + laddr = "{{ .Values.app.config.configtoml.p2p.laddr }}" + external_address = "{{ .Values.app.config.configtoml.p2p.external_address }}" + seeds = "{{ .Values.app.config.configtoml.p2p.seeds }}" + persistent_peers = "{{ .Values.app.config.configtoml.p2p.persistent_peers }}" + upnp = {{ .Values.app.config.configtoml.p2p.upnp }} + addr_book_file = "{{ .Values.app.config.configtoml.p2p.addr_book_file }}" + addr_book_strict = {{ .Values.app.config.configtoml.p2p.addr_book_strict }} + max_num_inbound_peers = {{ printf "%.0f" .Values.app.config.configtoml.p2p.max_num_inbound_peers }} + max_num_outbound_peers = {{ printf "%.0f" .Values.app.config.configtoml.p2p.max_num_outbound_peers }} + unconditional_peer_ids = "{{ .Values.app.config.configtoml.p2p.unconditional_peer_ids }}" + persistent_peers_max_dial_period = "{{ .Values.app.config.configtoml.p2p.persistent_peers_max_dial_period }}" + flush_throttle_timeout = "{{ .Values.app.config.configtoml.p2p.flush_throttle_timeout }}" + max_packet_msg_payload_size = {{ printf "%.0f" .Values.app.config.configtoml.p2p.max_packet_msg_payload_size }} + send_rate = {{ printf "%.0f" .Values.app.config.configtoml.p2p.send_rate }} + recv_rate = {{ printf "%.0f" .Values.app.config.configtoml.p2p.recv_rate }} + pex = {{ .Values.app.config.configtoml.p2p.pex }} + seed_mode = {{ .Values.app.config.configtoml.p2p.seed_mode }} + private_peer_ids = "{{ .Values.app.config.configtoml.p2p.private_peer_ids }}" + allow_duplicate_ip = {{ .Values.app.config.configtoml.p2p.allow_duplicate_ip }} + handshake_timeout = "{{ .Values.app.config.configtoml.p2p.handshake_timeout }}" + dial_timeout = "{{ .Values.app.config.configtoml.p2p.dial_timeout }}" + [mempool] + version = "{{ .Values.app.config.configtoml.mempool.version }}" + recheck = {{ .Values.app.config.configtoml.mempool.recheck }} + broadcast = {{ .Values.app.config.configtoml.mempool.broadcast }} + wal_dir = "{{ .Values.app.config.configtoml.mempool.wal_dir }}" + size = {{ printf "%.0f" .Values.app.config.configtoml.mempool.size }} + max_txs_bytes = {{ printf "%.0f" .Values.app.config.configtoml.mempool.max_txs_bytes }} + cache_size = {{ printf "%.0f" .Values.app.config.configtoml.mempool.cache_size }} + keep-invalid-txs-in-cache = {{ .Values.app.config.configtoml.mempool.keep_invalid_txs_in_cache }} + max_tx_bytes = {{ printf "%.0f" .Values.app.config.configtoml.mempool.max_tx_bytes }} + max_batch_bytes = {{ printf "%.0f" .Values.app.config.configtoml.mempool.max_batch_bytes }} + ttl-duration = "{{ .Values.app.config.configtoml.mempool.ttl_duration }}" + ttl-num-blocks = {{ printf "%.0f" .Values.app.config.configtoml.mempool.ttl_num_blocks }} + max-gossip-delay = "{{ .Values.app.config.configtoml.mempool.max_gossip_delay }}" + [statesync] + enable = {{ .Values.app.config.configtoml.statesync.enable }} + rpc_servers = "{{ .Values.app.config.configtoml.statesync.rpc_servers }}" + trust_height = {{ printf "%.0f" .Values.app.config.configtoml.statesync.trust_height }} + trust_hash = "{{ .Values.app.config.configtoml.statesync.trust_hash }}" + trust_period = "{{ .Values.app.config.configtoml.statesync.trust_period }}" + discovery_time = "{{ .Values.app.config.configtoml.statesync.discovery_time }}" + temp_dir = "{{ .Values.app.config.configtoml.statesync.temp_dir }}" + chunk_request_timeout = "{{ .Values.app.config.configtoml.statesync.chunk_request_timeout }}" + chunk_fetchers = "{{ .Values.app.config.configtoml.statesync.chunk_fetchers }}" + [fastsync] + version = "{{ .Values.app.config.configtoml.fastsync.version }}" + [consensus] + only_internal_wal = "{{ .Values.app.config.configtoml.consensus.only_internal_wal }}" + wal_file = "{{ .Values.app.config.configtoml.consensus.wal_file }}" + timeout_propose = "{{ .Values.app.config.configtoml.consensus.timeout_propose }}" + timeout_propose_delta = "{{ .Values.app.config.configtoml.consensus.timeout_propose_delta }}" + timeout_prevote = "{{ .Values.app.config.configtoml.consensus.timeout_prevote }}" + timeout_prevote_delta = "{{ .Values.app.config.configtoml.consensus.timeout_prevote_delta }}" + timeout_precommit = "{{ .Values.app.config.configtoml.consensus.timeout_precommit }}" + timeout_precommit_delta = "{{ .Values.app.config.configtoml.consensus.timeout_precommit_delta }}" + timeout_commit = "{{ .Values.app.config.configtoml.consensus.timeout_commit }}" + double_sign_check_height = {{ printf "%.0f" .Values.app.config.configtoml.consensus.double_sign_check_height }} + skip_timeout_commit = {{ .Values.app.config.configtoml.consensus.skip_timeout_commit }} + create_empty_blocks = {{ .Values.app.config.configtoml.consensus.create_empty_blocks }} + create_empty_blocks_interval = "{{ .Values.app.config.configtoml.consensus.create_empty_blocks_interval }}" + peer_gossip_sleep_duration = "{{ .Values.app.config.configtoml.consensus.peer_gossip_sleep_duration }}" + peer_query_maj23_sleep_duration = "{{ .Values.app.config.configtoml.consensus.peer_query_maj23_sleep_duration }}" + [storage] + discard_abci_responses = {{ .Values.app.config.configtoml.storage.discard_abci_responses }} + [tx_index] + indexer = "{{ .Values.app.config.configtoml.tx_index.indexer }}" + psql-conn = "{{ .Values.app.config.configtoml.tx_index.psql_conn }}" + [instrumentation] + prometheus = {{ .Values.app.config.configtoml.instrumentation.prometheus }} + prometheus_listen_addr = "{{ .Values.app.config.configtoml.instrumentation.prometheus_listen_addr }}" + max_open_connections = {{ printf "%.0f" .Values.app.config.configtoml.instrumentation.max_open_connections }} + namespace = "{{ .Values.app.config.configtoml.instrumentation.namespace }}" + trace_push_config = "{{ .Values.app.config.configtoml.instrumentation.trace_push_config }}" + trace_pull_address = "{{ .Values.app.config.configtoml.instrumentation.trace_pull_address }}" + trace_type = "{{ .Values.app.config.configtoml.instrumentation.trace_type }}" + trace_push_batch_size = {{ printf "%.0f" .Values.app.config.configtoml.instrumentation.trace_push_batch_size }} + tracing_tables = "{{ .Values.app.config.configtoml.instrumentation.tracing_tables }}" + pyroscope_url = "{{ .Values.app.config.configtoml.instrumentation.pyroscope_url }}" + pyroscope_trace = {{ .Values.app.config.configtoml.instrumentation.pyroscope_trace }} + pyroscope_profile_types = [{{ range $index, $element := .Values.app.config.configtoml.instrumentation.pyroscope_profile_types }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] +{{- if .Values.app.otelAgent.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-otel-agent + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: otel-agent +data: + config.yaml: | +{{ toYaml .Values.app.otelAgent.config | indent 4 }} +{{- end }} diff --git a/charts/celestia-app/templates/networkpolicy.yaml b/charts/celestia-app/templates/networkpolicy.yaml new file mode 100644 index 0000000..17862e0 --- /dev/null +++ b/charts/celestia-app/templates/networkpolicy.yaml @@ -0,0 +1,63 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.app.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: app + policyTypes: + - Ingress + - Egress + egress: + {{- if .Values.networkPolicy.allowExternalEgress }} + - {} + {{- else }} + - ports: + # Allow dns resolution + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.app.containerPorts.http }} + - port: {{ .Values.app.containerPorts.https }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/celestia-app/templates/pdb.yaml b/charts/celestia-app/templates/pdb.yaml new file mode 100644 index 0000000..966f019 --- /dev/null +++ b/charts/celestia-app/templates/pdb.yaml @@ -0,0 +1,24 @@ +{{- $replicaCount := int .Values.app.replicaCount }} +{{- if and .Values.app.pdb.create (or (gt $replicaCount 1) .Values.app.autoscaling.enabled) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.app.pdb.minAvailable }} + minAvailable: {{ .Values.app.pdb.minAvailable }} + {{- end }} + {{- if .Values.app.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.app.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.app.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: app +{{- end }} diff --git a/charts/celestia-app/templates/role.yaml b/charts/celestia-app/templates/role.yaml new file mode 100644 index 0000000..3a79cad --- /dev/null +++ b/charts/celestia-app/templates/role.yaml @@ -0,0 +1,23 @@ +{{ if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # TODO: Update resources and verbs to the proper values for the application cases + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/celestia-app/templates/service-account.yaml b/charts/celestia-app/templates/service-account.yaml new file mode 100644 index 0000000..c9c4f62 --- /dev/null +++ b/charts/celestia-app/templates/service-account.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "app.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/celestia-app/templates/service.yaml b/charts/celestia-app/templates/service.yaml new file mode 100644 index 0000000..5d629dc --- /dev/null +++ b/charts/celestia-app/templates/service.yaml @@ -0,0 +1,185 @@ +{{- if .Values.service.external.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-external + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if or .Values.service.external.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.external.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.external.type }} + {{- if and .Values.service.external.clusterIP (eq .Values.service.external.type "ClusterIP") }} + clusterIP: {{ .Values.service.external.clusterIP }} + {{- end }} + {{- if .Values.service.external.sessionAffinity }} + sessionAffinity: {{ .Values.service.external.sessionAffinity }} + {{- end }} + {{- if .Values.service.external.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.external.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.external.type "LoadBalancer") (eq .Values.service.external.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.external.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.external.type "LoadBalancer") (not (empty .Values.service.external.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.external.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.external.type "LoadBalancer") (not (empty .Values.service.external.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.external.loadBalancerIP }} + {{- end }} + ports: + {{- if .Values.service.external.ports.api }} + - name: api + port: {{ .Values.service.external.ports.api }} + {{- if not (eq .Values.service.external.ports.api .Values.app.containerPorts.api) }} + targetPort: {{ .Values.app.containerPorts.api }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.api)) }} + nodePort: {{ .Values.service.external.nodePorts.api }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.grpc }} + - name: grpc + port: {{ .Values.service.external.ports.grpc }} + {{- if not (eq .Values.service.external.ports.grpc .Values.app.containerPorts.grpc) }} + targetPort: {{ .Values.app.containerPorts.grpc }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.grpc)) }} + nodePort: {{ .Values.service.external.nodePorts.grpc }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.p2p }} + - name: p2p + port: {{ .Values.service.external.ports.p2p }} + {{- if not (eq .Values.service.external.ports.p2p .Values.app.containerPorts.p2p) }} + targetPort: {{ .Values.app.containerPorts.p2p }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.p2p)) }} + nodePort: {{ .Values.service.external.nodePorts.p2p }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.rpc }} + - name: rpc + port: {{ .Values.service.external.ports.rpc }} + {{- if not (eq .Values.service.external.ports.rpc .Values.app.containerPorts.rpc) }} + targetPort: {{ .Values.app.containerPorts.rpc }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.rpc)) }} + nodePort: {{ .Values.service.external.nodePorts.rpc }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.prometheus }} + - name: prometheus + port: {{ .Values.service.external.ports.prometheus }} + {{- if not (eq .Values.service.external.ports.prometheus .Values.app.containerPorts.prometheus) }} + targetPort: {{ .Values.app.containerPorts.prometheus }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.prometheus)) }} + nodePort: {{ .Values.service.external.nodePorts.prometheus }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.tracing }} + - name: tracing + port: {{ .Values.service.external.ports.tracing }} + {{- if not (eq .Values.service.external.ports.tracing .Values.app.containerPorts.tracing) }} + targetPort: {{ .Values.app.containerPorts.tracing }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.tracing)) }} + nodePort: {{ .Values.service.external.nodePorts.tracing }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.external.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.app.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app +--- +{{- end }} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-internal + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if or .Values.service.internal.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.internal.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.internal.type }} + {{- if and .Values.service.internal.clusterIP (eq .Values.service.internal.type "ClusterIP") }} + clusterIP: {{ .Values.service.internal.clusterIP }} + {{- end }} + {{- if .Values.service.internal.sessionAffinity }} + sessionAffinity: {{ .Values.service.internal.sessionAffinity }} + {{- end }} + {{- if .Values.service.internal.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.internal.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: api + port: {{ .Values.service.internal.ports.api }} + {{- if not (eq .Values.service.internal.ports.api .Values.app.containerPorts.api) }} + targetPort: {{ .Values.app.containerPorts.api }} + {{- end }} + protocol: TCP + - name: grpc + port: {{ .Values.service.internal.ports.grpc }} + {{- if not (eq .Values.service.internal.ports.grpc .Values.app.containerPorts.grpc) }} + targetPort: {{ .Values.app.containerPorts.grpc }} + {{- end }} + protocol: TCP + - name: p2p + port: {{ .Values.service.internal.ports.p2p }} + {{- if not (eq .Values.service.internal.ports.p2p .Values.app.containerPorts.p2p) }} + targetPort: {{ .Values.app.containerPorts.p2p }} + {{- end }} + protocol: TCP + - name: rpc + port: {{ .Values.service.internal.ports.rpc }} + {{- if not (eq .Values.service.internal.ports.rpc .Values.app.containerPorts.rpc) }} + targetPort: {{ .Values.app.containerPorts.rpc }} + {{- end }} + protocol: TCP + - name: prometheus + port: {{ .Values.service.internal.ports.prometheus }} + {{- if not (eq .Values.service.internal.ports.prometheus .Values.app.containerPorts.prometheus) }} + targetPort: {{ .Values.app.containerPorts.prometheus }} + {{- end }} + protocol: TCP + - name: tracing + port: {{ .Values.service.internal.ports.tracing }} + {{- if not (eq .Values.service.internal.ports.tracing .Values.app.containerPorts.tracing) }} + targetPort: {{ .Values.app.containerPorts.tracing }} + {{- end }} + protocol: TCP + {{- if .Values.service.internal.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.internal.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.app.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app diff --git a/charts/celestia-app/templates/servicemonitor.yaml b/charts/celestia-app/templates/servicemonitor.yaml new file mode 100644 index 0000000..6af3136 --- /dev/null +++ b/charts/celestia-app/templates/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: prometheus + path: "" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/celestia-app/templates/statefulset.yaml b/charts/celestia-app/templates/statefulset.yaml new file mode 100644 index 0000000..293ec02 --- /dev/null +++ b/charts/celestia-app/templates/statefulset.yaml @@ -0,0 +1,374 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: app + {{- if or .Values.app.statefulsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.app.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.app.replicaCount }} + podManagementPolicy: {{ .Values.app.podManagementPolicy | quote }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.app.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: app + serviceName: {{ template "common.names.fullname" . }} + {{- if .Values.app.updateStrategy }} + updateStrategy: {{- toYaml .Values.app.updateStrategy | nindent 4 }} + {{- end }} + {{- if .Values.app.persistentVolumeClaimRetentionPolicy }} + persistentVolumeClaimRetentionPolicy: + {{- if .Values.app.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenDeleted: {{ .Values.app.persistentVolumeClaimRetentionPolicy.whenDeleted | quote }} + {{- end }} + {{- if .Values.app.persistentVolumeClaimRetentionPolicy.whenScaled }} + whenScaled: {{ .Values.app.persistentVolumeClaimRetentionPolicy.whenScaled | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- if .Values.app.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.app.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: app + spec: + {{- include "app.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ template "app.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.app.automountServiceAccountToken }} + {{- if .Values.app.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.app.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.app.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.app.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.app.podAffinityPreset "component" "app" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.app.podAntiAffinityPreset "component" "app" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.app.nodeAffinityPreset.type "key" .Values.app.nodeAffinityPreset.key "values" .Values.app.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.app.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.app.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.app.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.app.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.app.priorityClassName }} + priorityClassName: {{ .Values.app.priorityClassName | quote }} + {{- end }} + {{- if .Values.app.schedulerName }} + schedulerName: {{ .Values.app.schedulerName | quote }} + {{- end }} + {{- if .Values.app.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.app.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.app.podSecurityContext.enabled }} + securityContext: {{- omit .Values.app.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.app.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "app.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - "chown -R {{ .Values.node.containerSecurityContext.runAsUser }}:{{ .Values.node.containerSecurityContext.runAsGroup }} {{ .Values.app.settings.home }}" + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.app.settings.home }}/data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} + - name: create-priv-validator-state + image: busybox + imagePullPolicy: IfNotPresent + env: + - name: CELESTIA_HOME + value: {{ .Values.app.settings.home }} + command: + - sh + - -c + - | + if [[ ! -f ${CELESTIA_HOME}/data/priv_validator_state.json ]] + then + mkdir -p ${CELESTIA_HOME}/data + cat < ${CELESTIA_HOME}/data/priv_validator_state.json + { + "height": "0", + "round": 0, + "step": 0 + } + EOF + fi + volumeMounts: + - name: data + mountPath: {{ .Values.app.settings.home }}/data + - name: download-genesis + image: busybox + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + mkdir -p /genesis + wget -O /genesis/genesis.json {{ .Values.app.settings.genesisURL }} + if ! command -v jq &> /dev/null; then + echo "jq not found, installing..." + wget -O /bin/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 + chmod +x /bin/jq + fi + if jq -e '.result.genesis' /genesis/genesis.json > /dev/null; then + jq '.result.genesis' /genesis/genesis.json > /genesis/genesis.json.tmp + mv /genesis/genesis.json.tmp /genesis/genesis.json + fi + volumeMounts: + - name: genesis + mountPath: /genesis + {{- if .Values.app.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.app.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: app + image: {{ template "app.image" . }} + imagePullPolicy: {{ .Values.app.image.pullPolicy }} + {{- if .Values.app.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.app.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.app.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.app.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.app.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.app.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: CELESTIA_HOME + value: {{ .Values.app.settings.home }} + {{- if .Values.app.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.app.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.app.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.app.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.app.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.app.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.app.resources }} + resources: {{- toYaml .Values.app.resources | nindent 12 }} + {{- else if ne .Values.app.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.app.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: api + containerPort: {{ .Values.app.containerPorts.api }} + - name: grpc + containerPort: {{ .Values.app.containerPorts.grpc }} + - name: p2p + containerPort: {{ .Values.app.containerPorts.p2p }} + - name: rpc + containerPort: {{ .Values.app.containerPorts.rpc }} + - name: prometheus + containerPort: {{ .Values.app.containerPorts.prometheus }} + - name: tracing + containerPort: {{ .Values.app.containerPorts.tracing }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.app.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.app.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.app.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.app.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: rpc + {{- end }} + {{- if .Values.app.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.app.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.app.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.app.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - '-c' + - > + response=$(wget --timeout=1 -qO- --header="Accept: + application/json" "http://localhost:26657/status"); if [ "$?" -eq + 0 ] && echo "$response" | grep -q '"catching_up":false'; then + echo "Not Catching up"; + exit 0; + else + echo "Catching up"; + exit 1; + fi + {{- end }} + {{- if .Values.app.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.app.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.app.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.app.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: rpc + {{- end }} + {{- end }} + {{- if .Values.app.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.app.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.app.settings.home }}/data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + readOnly: false + {{- if not .Values.app.settings.generateNewKeys }} + - name: node-key + mountPath: {{ .Values.app.settings.home }}/config/node_key.json + subPath: node_key.json + - name: validator-key + mountPath: {{ .Values.app.settings.home }}/config/priv_validator_key.json + subPath: priv_validator_key.json + {{- end }} + - name: genesis + mountPath: {{ .Values.app.settings.home }}/config/genesis.json + subPath: genesis.json + - name: config-dir # This is needed so that the process has permissions to create files in the config directory + mountPath: {{ .Values.app.settings.home }}/config + - name: apptoml + mountPath: {{ .Values.app.settings.home }}/config/app.toml + subPath: app.toml + - name: configtoml + mountPath: {{ .Values.app.settings.home }}/config/config.toml + subPath: config.toml + - name: clienttoml + mountPath: {{ .Values.app.settings.home }}/config/client.toml + subPath: client.toml + {{- if .Values.app.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.app.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.app.otelAgent.enabled }} + - name: otel-agent + image: {{ template "app.otelAgent.image" . }} + imagePullPolicy: {{ .Values.app.otelAgent.image.pullPolicy }} + ports: + - containerPort: 4317 + name: otlp-grpc + - containerPort: 4318 + name: otlp-http + - containerPort: 8888 + name: prom-collector + - containerPort: 8889 + name: prom-exporter + command: + - "/otelcol-contrib" + - "--config=/etc/otelcol-contrib/config.yaml" + env: + - name: JOB_NAME + value: {{ template "common.names.fullname" . }}-{{ .Release.Namespace }} + - name: GRAFANA_OTEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.app.otelAgent.grafanaOtelSecret.name }} + key: username + - name: GRAFANA_OTEL_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.app.otelAgent.grafanaOtelSecret.name }} + key: token + {{- if .Values.app.otelAgent.resources }} + resources: {{- toYaml .Values.app.otelAgent.resources | nindent 12 }} + {{- else if ne .Values.app.otelAgent.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.app.otelAgent.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: otel-agent-config + mountPath: /etc/otelcol-contrib/config.yaml + subPath: config.yaml + {{- end }} + {{- if .Values.app.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.app.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if not .Values.app.settings.generateNewKeys }} + - name: node-key + secret: + secretName: {{ .Values.app.settings.secret.name }} + items: + - key: node_key_json + path: node_key.json + defaultMode: 384 + - name: validator-key + secret: + secretName: {{ .Values.app.settings.secret.name }} + items: + - key: priv_validator_key_json + path: priv_validator_key.json + defaultMode: 384 + {{- end }} + - name: genesis + emptyDir: {} + - name: config-dir + emptyDir: {} + - name: apptoml + configMap: + name: {{ template "common.names.fullname" . }}-apptoml + - name: clienttoml + configMap: + name: {{ template "common.names.fullname" . }}-clienttoml + - name: configtoml + configMap: + name: {{ template "common.names.fullname" . }}-configtoml + {{- if .Values.app.otelAgent.enabled }} + - name: otel-agent-config + configMap: + name: {{ template "common.names.fullname" . }}-otel-agent + items: + - key: config.yaml + path: config.yaml + {{- end }} + {{- if .Values.app.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.app.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} + {{- end }} + {{- if .Values.commonLabels }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/charts/celestia-app/values.yaml b/charts/celestia-app/values.yaml new file mode 100644 index 0000000..be8a66f --- /dev/null +++ b/charts/celestia-app/values.yaml @@ -0,0 +1,1200 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g: + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Diagnostic mode +## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) +## @param diagnosticMode.command Command to override all containers in the chart release +## @param diagnosticMode.args Args to override all containers in the chart release +## +diagnosticMode: + enabled: false + command: + - sleep + args: + - infinity + +## @section celestia-app Parameters +## + +## %%MAIN_CONTAINER/POD_DESCRIPTION%% +## +app: + ## Celestia celestia-app image + ## ref: https://github.com/celestiaorg/celestia-app/pkgs/container/celestia-app/versions?filters%5Bversion_type%5D=tagged + ## @param app.image.registry [default: REGISTRY_NAME] celestia-app image registry + ## @param app.image.repository [default: REPOSITORY_NAME/celestia-app] celestia-app image repository + ## @skip app.image.tag celestia-app image tag (immutable tags are recommended) + ## @param app.image.digest celestia-app image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param app.image.pullPolicy celestia-app image pull policy + ## @param app.image.pullSecrets celestia-app image pull secrets + ## + # -- image parameters for the image + image: + # -- registry for the image, GitHub Container Registry by default + registry: ghcr.io + # -- repository for the image, celestiaorg/celestia-app by default + repository: celestiaorg/celestia-app + # -- tag for the image, v1.9.0 by default + tag: v1.10.1 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + # -- pull policy for the image, IfNotPresent by default + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param app.settings Settings for the celestia-app + settings: + ## @param app.settings.generateNewKeys Generate new keys for the celestia-app + ## + ## If app.settings.secret is used, this must be set to false + generateNewKeys: true + ## @param app.settings.home Home directory for the celestia-app + ## + # -- home directory for the celestia-app, defaults to /home/celestia + home: "/home/celestia" + ## @param app.settings.genesisURL Genesis URL for the celestia-app + ## + # -- genesis URL for the celestia-app, it must be set + genesisURL: "" + ## @param app.settings.secret Secret for the celestia-app + ## + ## A secret must be available in the cluster with the following format: + ## - name: + ## - items: + ## - key: node_key_json + ## - key: priv_validator_key_json + secret: + # -- name of the secret, it must be set + name: "" + ## @param app.config Configuration for the celestia-app + ## + ## @param app.config.apptoml Configuration for the celestia-app app.toml + ## + ## @param app.config.clienttoml Configuration for the celestia-app client.toml + ## + ## @param app.config.configtoml Configuration for the celestia-app config.toml + ## + config: + # -- configuration for the celestia-app app.toml + apptoml: + minimum_gas_prices: 0.002utia + pruning: default + pruning_keep_recent: "0" + pruning_interval: "0" + halt_height: 0 + halt_time: 0 + min_retain_blocks: 0 + inter_block_cache: true + index_events: [] + iavl_cache_size: 781250 + iavl_disable_fastnode: false + iavl_lazy_loading: false + app_db_backend: "" + telemetry: + service_name: "" + enabled: false + enable_hostname: false + enable_hostname_label: false + enable_service_label: false + prometheus_retention_time: 0 + global_labels: [] + api: + enable: false + swagger: false + address: tcp://0.0.0.0:1317 + max_open_connections: 1000 + rpc_read_timeout: 10 + rpc_write_timeout: 0 + rpc_max_body_bytes: 1000000 + enabled_unsafe_cors: false + rosetta: + enable: false + address: :8080 + blockchain: app + network: network + retries: 3 + offline: false + enable_fee_suggestion: false + gas_to_suggest: 210000 + denom_to_suggest: uatom + grpc: + enable: false + address: 0.0.0.0:9090 + max_recv_msg_size: "10485760" + max_send_msg_size: "2147483647" + grpc_web: + enable: false + address: 0.0.0.0:9091 + enable_unsafe_cors: false + state_sync: + snapshot_interval: 1500 + snapshot_keep_recent: 2 + store: + streamers: [] + streamers: + file: + keys: + - '*' + write_dir: "" + prefix: "" + output_metadata: "true" + stop_node_on_error: "true" + fsync: "false" + # -- configuration for the celestia-app client.toml + clienttoml: + chain_id: celestia + keyring_backend: test + output: text + node: tcp://localhost:26657 + broadcast_mode: sync + # -- configuration for the celestia-app config.toml + configtoml: + proxy_app: tcp://127.0.0.1:26658 + moniker: app + fast_sync: true + db_backend: goleveldb + db_dir: data + log_level: info + log_format: plain + genesis_file: config/genesis.json + priv_validator_key_file: config/priv_validator_key.json + priv_validator_state_file: data/priv_validator_state.json + priv_validator_laddr: "" + node_key_file: config/node_key.json + abci: socket + filter_peers: false + rpc: + laddr: tcp://127.0.0.1:26657 + cors_allowed_origins: [] + cors_allowed_methods: + - HEAD + - GET + - POST + cors_allowed_headers: + - Origin + - Accept + - Content-Type + - X-Requested-With + - X-Server-Time + grpc_laddr: "" + grpc_max_open_connections: 900 + unsafe: false + max_open_connections: 900 + max_subscription_clients: 100 + max_subscriptions_per_client: 5 + experimental_subscription_buffer_size: 200 + experimental_websocket_write_buffer_size: 200 + experimental_close_on_slow_client: false + timeout_broadcast_tx_commit: 50s + max_body_bytes: 8388608 + max_header_bytes: 1048576 + tls_cert_file: "" + tls_key_file: "" + pprof_laddr: localhost:6060 + p2p: + laddr: tcp://0.0.0.0:26656 + external_address: "" + seeds: "" + persistent_peers: "" + upnp: false + addr_book_file: config/addrbook.json + addr_book_strict: true + max_num_inbound_peers: 40 + max_num_outbound_peers: 10 + unconditional_peer_ids: "" + persistent_peers_max_dial_period: 0s + flush_throttle_timeout: 100ms + max_packet_msg_payload_size: 1024 + send_rate: 5120000 + recv_rate: 5120000 + pex: true + seed_mode: false + private_peer_ids: "" + allow_duplicate_ip: false + handshake_timeout: 20s + dial_timeout: 3s + mempool: + version: v1 + recheck: true + broadcast: true + wal_dir: "" + size: 5000 + max_txs_bytes: 39485440 + cache_size: 10000 + keep_invalid_txs_in_cache: false + max_tx_bytes: 7897088 + max_batch_bytes: 0 + ttl_duration: 1m15s + ttl_num_blocks: 5 + max_gossip_delay: 0s + statesync: + enable: false + rpc_servers: "" + trust_height: 0 + trust_hash: "" + trust_period: 168h0m0s + discovery_time: 15s + temp_dir: "" + chunk_request_timeout: 10s + chunk_fetchers: "4" + fastsync: + version: v0 + consensus: + only_internal_wal: "true" + wal_file: data/cs.wal/wal + timeout_propose: 10s + timeout_propose_delta: 500ms + timeout_prevote: 1s + timeout_prevote_delta: 500ms + timeout_precommit: 1s + timeout_precommit_delta: 500ms + timeout_commit: 11s + double_sign_check_height: 0 + skip_timeout_commit: false + create_empty_blocks: true + create_empty_blocks_interval: 0s + peer_gossip_sleep_duration: 100ms + peer_query_maj23_sleep_duration: 2s + storage: + discard_abci_responses: true + tx_index: + indexer: "null" + psql_conn: "" + instrumentation: + prometheus: false + prometheus_listen_addr: :26660 + max_open_connections: 3 + namespace: cometbft + trace_push_config: "" + trace_pull_address: "" + trace_type: noop + trace_push_batch_size: 1000 + tracing_tables: mempool_tx,mempool_peer_state,consensus_round_state,consensus_block_parts,consensus_block,consensus_vote + pyroscope_url: "" + pyroscope_trace: false + pyroscope_profile_types: + - cpu + - alloc_objects + - inuse_objects + - goroutines + - mutex_count + - mutex_duration + - block_count + - block_duration + ## @param app.otelAgent OTel agent configuration for the app + ## + otelAgent: + # -- enable otel agent for the app, false by default + enabled: false + # -- image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default + image: + registry: ghcr.io + repository: open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib + tag: 0.102.0 + digest: "" + pullPolicy: IfNotPresent + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param volumePermissions.resources Set init container resources for the otel agent (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 100m + ## memory: 100Mi + ## limits: + ## cpu: 200m + ## memory: 200Mi + resources: {} + ## A secret must be available in the cluster with the following format: + ## - name: + ## - items: + ## - key: token + ## - key: username + # -- grafana otel secret for the app + grafanaOtelSecret: + # -- name of the grafana otel secret, it must be set + name: SET_IT + ## @param app.otelAgent.config Configuration for the otel agent + ## + # -- config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) + config: + extensions: + basicauth/otlp: + client_auth: + username: "${GRAFANA_OTEL_USERNAME}" + password: "${GRAFANA_OTEL_TOKEN}" + receivers: + otlp: + protocols: + grpc: + endpoint: "localhost:4317" + http: + endpoint: "localhost:4318" + prometheus: + config: + scrape_configs: + - job_name: "${JOB_NAME}" + scrape_interval: 10s + static_configs: + - targets: ["localhost:26660"] + exporters: + otlphttp: + auth: + authenticator: basicauth/otlp + endpoint: https://otlp-gateway-prod-us-central-0.grafana.net/otlp + prometheus: + endpoint: "localhost:8889" + service: + extensions: [basicauth/otlp] + pipelines: + metrics: + receivers: [otlp, prometheus] + exporters: [otlphttp, prometheus] + telemetry: + metrics: + address: "localhost:8888" + level: basic + logs: + level: INFO + ## @param app.replicaCount Number of app replicas to deploy + ## + # -- number of app replicas to deploy, 1 by default + replicaCount: 1 + ## @param app.containerPorts.api app API container port + ## @param app.containerPorts.grpc app gRPC container port + ## @param app.containerPorts.p2p app P2P container port + ## @param app.containerPorts.rpc app RPC container port + ## @param app.containerPorts.prometheus app Prometheus container port + ## @param app.containerPorts.tracing app Tracing container port + ## + # -- container ports for the app + containerPorts: + # -- API container port, 1317 by default + api: 1317 + # -- gRPC container port, 9090 by default + grpc: 9090 + # -- P2P container port, 26656 by default + p2p: 26656 + # -- RPC container port, 26657 by default + rpc: 26657 + # -- Prometheus container port, 26660 by default + prometheus: 26660 + # -- Tracing container port, 26661 by default + tracing: 26661 + ## Configure extra options for app containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param app.livenessProbe.enabled Enable livenessProbe on app containers + ## @param app.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param app.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param app.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param app.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param app.livenessProbe.successThreshold Success threshold for livenessProbe + ## + # -- liveness probe for the app + livenessProbe: + # -- enable liveness probe on app containers, false by default + enabled: false + # -- initial delay seconds for livenessProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for livenessProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for livenessProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for livenessProbe, 3 by default + failureThreshold: 3 + # -- success threshold for livenessProbe, 1 by default + successThreshold: 1 + ## @param app.readinessProbe.enabled Enable readinessProbe on app containers + ## @param app.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param app.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param app.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param app.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param app.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + # -- enable readiness probe on app containers, false by default + enabled: false + # -- initial delay seconds for readinessProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for readinessProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for readinessProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for readinessProbe, 3 by default + failureThreshold: 3 + # -- success threshold for readinessProbe, 1 by default + successThreshold: 1 + ## @param app.startupProbe.enabled Enable startupProbe on app containers + ## @param app.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param app.startupProbe.periodSeconds Period seconds for startupProbe + ## @param app.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param app.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param app.startupProbe.successThreshold Success threshold for startupProbe + ## + # -- startup probe for the app + startupProbe: + # -- enable startup probe on app containers, false by default + enabled: false + # -- initial delay seconds for startupProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for startupProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for startupProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for startupProbe, 3 by default + successThreshold: 1 + ## @param app.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param app.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param app.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## app resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param app.resourcesPreset Set app container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if app.resources is set (app.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + # -- set app container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if app.resources is set (app.resources is recommended for production) + # -- more information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + resourcesPreset: "nano" + ## @param app.resources Set app container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + # -- resources for the app + resources: + # -- requests for the app + requests: + # -- cpu requests for the app, 2 by default + cpu: 2 + # -- memory requests for the app, 8Gi by default + memory: 8Gi + # -- limits for the app + limits: + # -- cpu limits for the app, 2 by default + cpu: 2 + # -- memory limits for the app, 8Gi by default + memory: 8Gi + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param app.podSecurityContext.enabled Enable app pods' Security Context + ## @param app.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for app pods + ## @param app.podSecurityContext.sysctls Set kernel settings using the sysctl interface for app pods + ## @param app.podSecurityContext.supplementalGroups Set filesystem extra groups for app pods + ## @param app.podSecurityContext.fsGroup Set fsGroup in app pods' Security Context + ## + # -- pod security context for the app + podSecurityContext: + # -- enable pod security context for the app, true by default + enabled: true + # -- filesystem group change policy for app pods, Always by default + fsGroupChangePolicy: Always + # -- kernel settings using the sysctl interface for app pods, [] by default + sysctls: [] + # -- filesystem extra groups for app pods, [] by default + supplementalGroups: [] + # -- fsGroup in app pods' Security Context, 10001 by default + fsGroup: 10001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param app.containerSecurityContext.enabled Enabled app container' Security Context + ## @param app.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in app container + ## @param app.containerSecurityContext.runAsUser Set runAsUser in app container' Security Context + ## @param app.containerSecurityContext.runAsNonRoot Set runAsNonRoot in app container' Security Context + ## @param app.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in app container' Security Context + ## @param app.containerSecurityContext.privileged Set privileged in app container' Security Context + ## @param app.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in app container' Security Context + ## @param app.containerSecurityContext.capabilities.drop List of capabilities to be dropped in app container + ## @param app.containerSecurityContext.seccompProfile.type Set seccomp profile in app container + ## + # -- container security context for the app + containerSecurityContext: + # -- enable container security context for the app, true by default + enabled: true + # -- SELinux options in app container, {} by default + seLinuxOptions: {} + # -- runAsUser in app container, 10001 by default + runAsUser: 10001 + # -- runAsGroup in app container, 10001 by default + runAsGroup: 10001 + # -- runAsNonRoot in app container, true by default + runAsNonRoot: true + # -- readOnlyRootFilesystem in app container, true by default + readOnlyRootFilesystem: true + # -- privileged in app container, false by default + privileged: false + # -- allowPrivilegeEscalation in app container, false by default + allowPrivilegeEscalation: false + # -- capabilities to be dropped in app container, ["ALL"] by default + capabilities: + drop: ["ALL"] + # -- seccomp profile in app container, RuntimeDefault by default + seccompProfile: + type: "RuntimeDefault" + + ## @param app.existingConfigmap The name of an existing ConfigMap with your custom configuration for app + ## + existingConfigmap: + ## @param app.command Override default app container command (useful when using custom images) + ## + # -- command for the celestia-app + command: + - celestia-appd + ## @param app.args Override default app container args (useful when using custom images) + ## + args: + - start + - --home + - $(CELESTIA_HOME) + ## @param app.automountServiceAccountToken Mount Service Account token in app pods + ## + # -- mount service account token in app pods + automountServiceAccountToken: false + ## @param app.hostAliases app pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param app.daemonsetAnnotations Annotations for app daemonset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + daemonsetAnnotations: {} + ## @param app.deploymentAnnotations Annotations for app deployment + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + deploymentAnnotations: {} + ## @param app.statefulsetAnnotations Annotations for app statefulset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + statefulsetAnnotations: {} + ## @param app.podLabels Extra labels for app pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param app.podAnnotations Annotations for app pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param app.podAffinityPreset Pod affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param app.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node app.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param app.nodeAffinityPreset.type Node affinity preset type. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param app.nodeAffinityPreset.key Node label key to match. Ignored if `app.affinity` is set + ## + key: "" + ## @param app.nodeAffinityPreset.values Node label values to match. Ignored if `app.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param app.affinity Affinity for app pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `app.podAffinityPreset`, `app.podAntiAffinityPreset`, and `app.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param app.nodeSelector Node labels for app pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param app.tolerations Tolerations for app pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## ONLY FOR DEPLOYMENTS: + ## @param app.updateStrategy.type app deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## ONLY FOR STATEFULSETS: + ## @param app.updateStrategy.type app statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## ONLY FOR DEPLOYMENTS: + ## Can be set to RollingUpdate or Recreate + ## ONLY FOR STATEFULSETS: + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## ONLY FOR STATEFULSETS: + ## @param node.persistentVolumeClaimRetentionPolicy Persistent Volume Claim Retention Policy for the node + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#retain + ## + persistentVolumeClaimRetentionPolicy: + ## @param node.persistentVolumeClaimRetentionPolicy.whenDeleted Policy when the StatefulSet is deleted. Allowed values: Retain, Delete + ## + whenDeleted: Retain + ## @param node.persistentVolumeClaimRetentionPolicy.whenScaled Policy when the StatefulSet is scaled down. Allowed values: Retain, Delete + ## + whenScaled: Retain + ## ONLY FOR STATEFULSETS: + ## @param app.podManagementPolicy Pod management policy for app statefulset + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param app.priorityClassName app pods' priorityClassName + ## + priorityClassName: "" + ## @param app.topologySpreadConstraints Topology Spread Constraints for app pod assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param app.schedulerName Name of the k8s scheduler (other than default) for app pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param app.terminationGracePeriodSeconds Seconds app pods need to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param app.lifecycleHooks for app containers to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param app.extraEnvVars Array with extra environment variables to add to app containers + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param app.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for app containers + ## + extraEnvVarsCM: "" + ## @param app.extraEnvVarsSecret Name of existing Secret containing extra env vars for app containers + ## + extraEnvVarsSecret: "" + ## @param app.extraVolumes Optionally specify extra list of additional volumes for the app pods + ## + extraVolumes: [] + ## @param app.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the app containers + ## + extraVolumeMounts: [] + ## @param app.sidecars Add additional sidecar containers to the app pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param app.initContainers Add additional init containers to the app pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + + # TODO: Remove when not needed in the end + # TODO: If you add here something remember to add it to:_helpers.tpl (define "app.imagePullSecrets") and NOTES.txt ({{- include "common.warnings.rollingTag" .Values.%%OTHER_OBJECT_BLOCK%%.image }}) +# ## %%SECONDARY_CONTAINER/POD_DESCRIPTION%% +# ## +# %%SECONDARY_OBJECT_BLOCK%%: +# %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +# ## %%OTHERS_CONTAINER/POD_DESCRIPTION%% +# ## +# %%OTHER_OBJECT_BLOCK%%: +# %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +## @section Traffic Exposure Parameters +## + +## app service parameters +## +# -- service parameters +service: + ## @param service.internal.type app internal service type + ## + # -- service type, ClusterIP by default + internal: + type: ClusterIP + ## @param service.internal.ports.api app internal service API port + ## @param service.internal.ports.grpc app internal service gRPC port + ## @param service.internal.ports.p2p app internal service P2P port + ## @param service.internal.ports.rpc app internal service RPC port + ## @param service.internal.ports.prometheus app internal service Prometheus port + ## @param service.internal.ports.tracing app internal service Tracing port + # -- ports for the celestia-app + ports: + # -- api port, 1317 by default + api: 1317 + # -- grpc port, 9090 by default + grpc: 9090 + # -- p2p port, 26656 by default + p2p: 26656 + # -- rpc port, 26657 by default + rpc: 26657 + # -- prometheus port, 26660 by default + prometheus: 26660 + # -- tracing port, 26661 by default + tracing: 26661 + ## @param service.internal.clusterIP app internal service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.internal.annotations Additional custom annotations for app internal service + ## + annotations: {} + ## @param service.internal.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.internal.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + + ## @param service.external.enabled Enable external service + ## + # -- external service parameters + external: + # -- enable external service, true by default + enabled: true + ## @param service.external.type app external service type + ## + # -- external service type, LoadBalancer by default + type: LoadBalancer + ## @param service.external.ports.api app external service API port + ## @param service.external.ports.grpc app external service gRPC port + ## @param service.external.ports.p2p app external service P2P port + ## @param service.external.ports.rpc app external service RPC port + ## @param service.external.ports.prometheus app external service Prometheus port + ## @param service.external.ports.tracing app external service Tracing port + ports: + # -- api port, 1317 by default + api: 1317 + # -- grpc port, 9090 by default + grpc: 9090 + # -- p2p port, 26656 by default + p2p: 26656 + # -- rpc port, 26657 by default + rpc: 26657 + ## Node ports to expose + ## @param service.external.nodePorts.api Node port for API + ## @param service.external.nodePorts.grpc Node port for gRPC + ## @param service.external.nodePorts.p2p Node port for P2P + ## @param service.external.nodePorts.rpc Node port for RPC + ## @param service.external.nodePorts.prometheus Node port for Prometheus + ## @param service.external.nodePorts.tracing Node port for Tracing + ## NOTE: choose port between <30000-32767> + ## + # -- node ports for the celestia-app + nodePorts: + # -- api port, 1317 by default + api: "" + # -- grpc port, 9090 by default + grpc: "" + # -- p2p port, 26656 by default + p2p: "" + # -- rpc port, 26657 by default + rpc: "" + # -- prometheus port, 26660 by default + prometheus: "" + # -- tracing port, 26661 by default + tracing: "" + ## @param service.external.loadBalancerIP app external service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.external.loadBalancerSourceRanges app external service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.external.externalTrafficPolicy app external service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.external.annotations Additional custom annotations for app external service + ## + annotations: {} + ## @param service.external.extraPorts Extra ports to expose in app external service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.external.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.external.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +# -- network policy, The Policy model to apply. When set to false, only pods with the correct +# -- server label will have network access to the ports server is listening +# -- on. When true, server will accept connections from any source +# -- (with the correct destination port). +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + # -- enable network policy, true by default + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## @section Persistence Parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +# -- persistence parameters +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + # -- enable persistence, true by default + enabled: true + ## @param persistence.mountPath Path to mount the volume at. + ## Note: This value is overridden by 'Values.app.settings.home' in the stateful set. + ## + mountPath: /bitnami/app/data + ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + # -- size of data volume, 250Gi by default + size: 250Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r22 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -fc2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 0 + +## @section Other Parameters +## + +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} diff --git a/charts/celestia-node/.helmignore b/charts/celestia-node/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/celestia-node/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/celestia-node/Chart.lock b/charts/celestia-node/Chart.lock new file mode 100644 index 0000000..7ce8b2f --- /dev/null +++ b/charts/celestia-node/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.19.2 +digest: sha256:e670e1075bfafffe040fae1158f1fa1f592585f394b48704ba137d2d083b1571 +generated: "2024-05-15T14:28:35.990088925+02:00" diff --git a/charts/celestia-node/Chart.yaml b/charts/celestia-node/Chart.yaml new file mode 100644 index 0000000..523e897 --- /dev/null +++ b/charts/celestia-node/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: celestia + licenses: Apache-2.0 +apiVersion: v2 +appVersion: v0.13.6 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Celestia Node +home: https://celestia.org +icon: https://celestia.org/static/celestia-logo-29451ae35d3bb72cc4b0f17712d44c3a.svg +keywords: + - celestia + - celestia-node +maintainers: + - name: Celestia Labs + url: https://github.com/celestiaorg/celestia-helm-charts +name: celestia-node +sources: + - https://github.com/celestiaorg/celestia-node +version: 0.1.0 diff --git a/charts/celestia-node/NOTICE b/charts/celestia-node/NOTICE new file mode 100644 index 0000000..70f1a2e --- /dev/null +++ b/charts/celestia-node/NOTICE @@ -0,0 +1,3 @@ +This product includes code from Broadcom, Inc. All Rights Reserved. +Original source: https://github.com/bitnami/charts/tree/main/template +SPDX-License-Identifier: APACHE-2.0 diff --git a/charts/celestia-node/README.md b/charts/celestia-node/README.md new file mode 100644 index 0000000..8aa6776 --- /dev/null +++ b/charts/celestia-node/README.md @@ -0,0 +1,276 @@ +# celestia-node + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.13.6](https://img.shields.io/badge/AppVersion-v0.13.6-informational?style=flat-square) + +Celestia Node + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Celestia Labs | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| oci://registry-1.docker.io/bitnamicharts | common | 2.x.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusterDomain | string | `"cluster.local"` | | +| commonAnnotations | object | `{}` | | +| commonLabels | object | `{}` | | +| diagnosticMode.args[0] | string | `"infinity"` | | +| diagnosticMode.command[0] | string | `"sleep"` | | +| diagnosticMode.enabled | bool | `false` | | +| extraDeploy | list | `[]` | | +| fullnameOverride | string | `""` | | +| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | | +| global.imagePullSecrets | list | `[]` | | +| global.imageRegistry | string | `""` | | +| global.storageClass | string | `""` | | +| kubeVersion | string | `""` | | +| metrics.enabled | bool | `false` | | +| metrics.serviceMonitor.annotations | object | `{}` | | +| metrics.serviceMonitor.enabled | bool | `false` | | +| metrics.serviceMonitor.honorLabels | bool | `false` | | +| metrics.serviceMonitor.interval | string | `""` | | +| metrics.serviceMonitor.jobLabel | string | `""` | | +| metrics.serviceMonitor.labels | object | `{}` | | +| metrics.serviceMonitor.metricRelabelings | list | `[]` | | +| metrics.serviceMonitor.namespace | string | `""` | | +| metrics.serviceMonitor.relabelings | list | `[]` | | +| metrics.serviceMonitor.scrapeTimeout | string | `""` | | +| metrics.serviceMonitor.selector | object | `{}` | | +| nameOverride | string | `""` | | +| namespaceOverride | string | `""` | | +| networkPolicy | with the correct destination port | `{"allowExternal":true,"allowExternalEgress":true,"enabled":true,"extraEgress":[],"extraIngress":[],"ingressNSMatchLabels":{},"ingressNSPodMatchLabels":{}}` | . | +| networkPolicy.enabled | bool | `true` | enable network policy, true by default | +| node.affinity | object | `{}` | | +| node.args[0] | string | `"bridge"` | | +| node.args[1] | string | `"start"` | | +| node.args[2] | string | `"--node.store=\"$(CELESTIA_HOME)\""` | | +| node.args[3] | string | `"--metrics"` | | +| node.args[4] | string | `"--metrics.tls=false"` | | +| node.args[5] | string | `"--p2p.metrics"` | | +| node.automountServiceAccountToken | bool | `false` | mount service account token in node pods | +| node.command | list | `["/bin/celestia"]` | command for the celestia-node | +| node.config.configtoml.Core.GRPCPort | string | `"9090"` | | +| node.config.configtoml.Core.IP | string | `""` | | +| node.config.configtoml.Core.RPCPort | string | `"26657"` | | +| node.config.configtoml.DASer.BackgroundStoreInterval | string | `"10m0s"` | | +| node.config.configtoml.DASer.ConcurrencyLimit | int | `16` | | +| node.config.configtoml.DASer.SampleFrom | int | `1` | | +| node.config.configtoml.DASer.SampleTimeout | string | `"2m40s"` | | +| node.config.configtoml.DASer.SamplingRange | int | `100` | | +| node.config.configtoml.DASer.SamplingWindow | string | `"0s"` | | +| node.config.configtoml.Gateway.Address | string | `"localhost"` | | +| node.config.configtoml.Gateway.Enabled | bool | `false` | | +| node.config.configtoml.Gateway.Port | string | `"26659"` | | +| node.config.configtoml.Header.Client.MaxHeadersPerRangeRequest | int | `64` | | +| node.config.configtoml.Header.Client.RangeRequestTimeout | string | `"8s"` | | +| node.config.configtoml.Header.Server.RangeRequestTimeout | string | `"10s"` | | +| node.config.configtoml.Header.Server.ReadDeadline | string | `"1m0s"` | | +| node.config.configtoml.Header.Server.WriteDeadline | string | `"8s"` | | +| node.config.configtoml.Header.Store.IndexCacheSize | int | `2048` | | +| node.config.configtoml.Header.Store.StoreCacheSize | int | `512` | | +| node.config.configtoml.Header.Store.WriteBatchSize | int | `512` | | +| node.config.configtoml.Header.Syncer.TrustingPeriod | string | `"336h0m0s"` | | +| node.config.configtoml.Header.TrustedHash | string | `""` | | +| node.config.configtoml.Header.TrustedPeers | list | `[]` | | +| node.config.configtoml.Node.ShutdownTimeout | string | `"20s"` | | +| node.config.configtoml.Node.StartupTimeout | string | `"20s"` | | +| node.config.configtoml.P2P.AnnounceAddresses | list | `[]` | | +| node.config.configtoml.P2P.ConnManager.GracePeriod | string | `"1m0s"` | | +| node.config.configtoml.P2P.ConnManager.High | int | `100` | | +| node.config.configtoml.P2P.ConnManager.Low | int | `50` | | +| node.config.configtoml.P2P.ListenAddresses[0] | string | `"/ip4/0.0.0.0/udp/2121/quic-v1/webtransport"` | | +| node.config.configtoml.P2P.ListenAddresses[1] | string | `"/ip6/::/udp/2121/quic-v1/webtransport"` | | +| node.config.configtoml.P2P.ListenAddresses[2] | string | `"/ip4/0.0.0.0/udp/2121/quic-v1"` | | +| node.config.configtoml.P2P.ListenAddresses[3] | string | `"/ip6/::/udp/2121/quic-v1"` | | +| node.config.configtoml.P2P.ListenAddresses[4] | string | `"/ip4/0.0.0.0/tcp/2121"` | | +| node.config.configtoml.P2P.ListenAddresses[5] | string | `"/ip6/::/tcp/2121"` | | +| node.config.configtoml.P2P.MutualPeers | list | `[]` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[0] | string | `"/ip4/127.0.0.1/udp/2121/quic-v1/webtransport"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[1] | string | `"/ip4/0.0.0.0/udp/2121/quic-v1/webtransport"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[2] | string | `"/ip6/::/udp/2121/quic-v1/webtransport"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[3] | string | `"/ip4/0.0.0.0/udp/2121/quic-v1"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[4] | string | `"/ip4/127.0.0.1/udp/2121/quic-v1"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[5] | string | `"/ip6/::/udp/2121/quic-v1"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[6] | string | `"/ip4/0.0.0.0/tcp/2121"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[7] | string | `"/ip4/127.0.0.1/tcp/2121"` | | +| node.config.configtoml.P2P.NoAnnounceAddresses[8] | string | `"/ip6/::/tcp/2121"` | | +| node.config.configtoml.P2P.PeerExchange | bool | `false` | | +| node.config.configtoml.P2P.RoutingTableRefreshPeriod | string | `"1m0s"` | | +| node.config.configtoml.RPC.Address | string | `"localhost"` | | +| node.config.configtoml.RPC.Port | string | `"26658"` | | +| node.config.configtoml.RPC.SkipAuth | bool | `false` | | +| node.config.configtoml.Share.Discovery.AdvertiseInterval | string | `"1h0m0s"` | | +| node.config.configtoml.Share.Discovery.PeersLimit | int | `5` | | +| node.config.configtoml.Share.EDSStoreParams.BlockstoreCacheSize | int | `128` | | +| node.config.configtoml.Share.EDSStoreParams.GCInterval | string | `"0s"` | | +| node.config.configtoml.Share.EDSStoreParams.RecentBlocksCacheSize | int | `10` | | +| node.config.configtoml.Share.LightAvailability.SampleAmount | int | `16` | | +| node.config.configtoml.Share.PeerManagerParams.EnableBlackListing | bool | `false` | | +| node.config.configtoml.Share.PeerManagerParams.GcInterval | string | `"30s"` | | +| node.config.configtoml.Share.PeerManagerParams.PeerCooldown | string | `"3s"` | | +| node.config.configtoml.Share.PeerManagerParams.PoolValidationTimeout | string | `"2m0s"` | | +| node.config.configtoml.Share.ShrExEDSParams.BufferSize | int | `32768` | | +| node.config.configtoml.Share.ShrExEDSParams.ConcurrencyLimit | int | `10` | | +| node.config.configtoml.Share.ShrExEDSParams.HandleRequestTimeout | string | `"1m0s"` | | +| node.config.configtoml.Share.ShrExEDSParams.ServerReadTimeout | string | `"5s"` | | +| node.config.configtoml.Share.ShrExEDSParams.ServerWriteTimeout | string | `"1m0s"` | | +| node.config.configtoml.Share.ShrExNDParams.ConcurrencyLimit | int | `10` | | +| node.config.configtoml.Share.ShrExNDParams.HandleRequestTimeout | string | `"1m0s"` | | +| node.config.configtoml.Share.ShrExNDParams.ServerReadTimeout | string | `"5s"` | | +| node.config.configtoml.Share.ShrExNDParams.ServerWriteTimeout | string | `"1m0s"` | | +| node.config.configtoml.Share.UseShareExchange | bool | `true` | | +| node.config.configtoml.State.KeyringAccName | string | `""` | | +| node.config.configtoml.State.KeyringBackend | string | `"test"` | | +| node.containerPorts | object | `{"p2p":2121,"profiling":6060,"prometheus":8890,"rest":26659,"rpc":26658}` | Container ports for the node | +| node.containerPorts.p2p | int | `2121` | P2P container port, 2121 by default | +| node.containerPorts.profiling | int | `6060` | Profiling container port, 6060 by default | +| node.containerPorts.prometheus | int | `8890` | Prometheus container port, 8890 by default | +| node.containerPorts.rest | int | `26659` | REST container port, 26659 by default | +| node.containerPorts.rpc | int | `26658` | RPC container port, 26658 by default | +| node.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"enabled":true,"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10001,"seLinuxOptions":{},"seccompProfile":{"type":"RuntimeDefault"}}` | container security context for the node | +| node.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | allowPrivilegeEscalation in node container, false by default | +| node.containerSecurityContext.capabilities | object | `{"drop":["ALL"]}` | capabilities to be dropped in node container, ["ALL"] by default | +| node.containerSecurityContext.enabled | bool | `true` | enable container security context for the node, true by default | +| node.containerSecurityContext.privileged | bool | `false` | privileged in node container, false by default | +| node.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | readOnlyRootFilesystem in node container, true by default | +| node.containerSecurityContext.runAsGroup | int | `10001` | runAsGroup in node container, 10001 by default | +| node.containerSecurityContext.runAsNonRoot | bool | `true` | runAsNonRoot in node container, true by default | +| node.containerSecurityContext.runAsUser | int | `10001` | runAsUser in node container, 10001 by default | +| node.containerSecurityContext.seLinuxOptions | object | `{}` | SELinux options in node container, {} by default | +| node.containerSecurityContext.seccompProfile | object | `{"type":"RuntimeDefault"}` | seccomp profile in node container, RuntimeDefault by default | +| node.customLivenessProbe | object | `{}` | | +| node.customReadinessProbe | object | `{}` | | +| node.customStartupProbe | object | `{}` | | +| node.daemonsetAnnotations | object | `{}` | | +| node.deploymentAnnotations | object | `{}` | | +| node.existingConfigmap | string | `nil` | | +| node.extraEnvVars | list | `[]` | | +| node.extraEnvVarsCM | string | `""` | | +| node.extraEnvVarsSecret | string | `""` | | +| node.extraVolumeMounts | list | `[]` | | +| node.extraVolumes | list | `[]` | | +| node.hostAliases | list | `[]` | | +| node.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-node","tag":"v1.9.0"}` | image parameters for the image | +| node.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image, IfNotPresent by default | +| node.image.registry | string | `"ghcr.io"` | registry for the image, GitHub Container Registry by default | +| node.image.repository | string | `"celestiaorg/celestia-node"` | repository for the image, celestiaorg/celestia-node by default | +| node.image.tag | string | `"v1.9.0"` | tag for the image, v1.9.0 by default | +| node.initContainers | list | `[]` | | +| node.lifecycleHooks | object | `{}` | | +| node.livenessProbe | object | `{"enabled":false,"failureThreshold":3,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | liveness probe for the node | +| node.livenessProbe.enabled | bool | `false` | enable liveness probe on node containers, false by default | +| node.livenessProbe.failureThreshold | int | `3` | failure threshold for livenessProbe, 3 by default | +| node.livenessProbe.initialDelaySeconds | int | `0` | initial delay seconds for livenessProbe, 0 by default | +| node.livenessProbe.periodSeconds | int | `10` | period seconds for livenessProbe, 10 by default | +| node.livenessProbe.successThreshold | int | `1` | success threshold for livenessProbe, 1 by default | +| node.livenessProbe.timeoutSeconds | int | `1` | timeout seconds for livenessProbe, 1 by default | +| node.nodeAffinityPreset.key | string | `""` | | +| node.nodeAffinityPreset.type | string | `""` | | +| node.nodeAffinityPreset.values | list | `[]` | | +| node.nodeSelector | object | `{}` | | +| node.otelAgent.config | object | `{"exporters":{"otlphttp":{"auth":{"authenticator":"basicauth/otlp"},"endpoint":"https://otlp-gateway-prod-us-central-0.grafana.net/otlp"},"prometheus":{"endpoint":"localhost:8889"}},"extensions":{"basicauth/otlp":{"client_auth":{"password":"${GRAFANA_OTEL_TOKEN}","username":"${GRAFANA_OTEL_USERNAME}"}}},"receivers":{"otlp":{"protocols":{"grpc":{"endpoint":"localhost:4317"},"http":{"endpoint":"localhost:4318"}}},"prometheus":{"config":{"scrape_configs":[{"job_name":"${JOB_NAME}","scrape_interval":"10s","static_configs":[{"targets":["localhost:26660"]}]}]}}},"service":{"extensions":["basicauth/otlp"],"pipelines":{"metrics":{"exporters":["otlphttp","prometheus"],"receivers":["otlp","prometheus"]}},"telemetry":{"logs":{"level":"INFO"},"metrics":{"address":"localhost:8888","level":"basic"}}}}` | config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) | +| node.otelAgent.enabled | bool | `false` | enable otel agent for the node, false by default | +| node.otelAgent.grafanaOtelSecret | object | `{"name":"SET_IT"}` | grafana otel secret for the node | +| node.otelAgent.grafanaOtelSecret.name | string | `"SET_IT"` | name of the grafana otel secret, it must be set | +| node.otelAgent.image | object | `{"digest":"","pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib","tag":"0.102.0"}` | image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default | +| node.otelAgent.resources | object | `{}` | | +| node.otelAgent.resourcesPreset | string | `"nano"` | | +| node.pdb.create | bool | `false` | | +| node.pdb.maxUnavailable | string | `""` | | +| node.pdb.minAvailable | int | `1` | | +| node.podAffinityPreset | string | `""` | | +| node.podAnnotations | object | `{}` | | +| node.podAntiAffinityPreset | string | `"soft"` | | +| node.podLabels | object | `{}` | | +| node.podManagementPolicy | string | `"OrderedReady"` | | +| node.podSecurityContext | object | `{"enabled":true,"fsGroup":10001,"fsGroupChangePolicy":"Always","supplementalGroups":[],"sysctls":[]}` | pod security context for the node | +| node.podSecurityContext.enabled | bool | `true` | enable pod security context for the node, true by default | +| node.podSecurityContext.fsGroup | int | `10001` | fsGroup in node pods' Security Context, 10001 by default | +| node.podSecurityContext.fsGroupChangePolicy | string | `"Always"` | filesystem group change policy for node pods, Always by default | +| node.podSecurityContext.supplementalGroups | list | `[]` | filesystem extra groups for node pods, [] by default | +| node.podSecurityContext.sysctls | list | `[]` | kernel settings using the sysctl interface for node pods, [] by default | +| node.priorityClassName | string | `""` | | +| node.readinessProbe.enabled | bool | `false` | enable readiness probe on node containers, false by default | +| node.readinessProbe.failureThreshold | int | `3` | failure threshold for readinessProbe, 3 by default | +| node.readinessProbe.initialDelaySeconds | int | `0` | initial delay seconds for readinessProbe, 0 by default | +| node.readinessProbe.periodSeconds | int | `10` | period seconds for readinessProbe, 10 by default | +| node.readinessProbe.successThreshold | int | `1` | success threshold for readinessProbe, 1 by default | +| node.readinessProbe.timeoutSeconds | int | `1` | timeout seconds for readinessProbe, 1 by default | +| node.replicaCount | int | `1` | number of node replicas to deploy, 1 by default | +| node.resources.limits | object | `{"cpu":6,"memory":"16Gi"}` | limits for the node | +| node.resources.limits.cpu | int | `6` | cpu limits for the node, 2 by default | +| node.resources.limits.memory | string | `"16Gi"` | memory limits for the node, 8Gi by default | +| node.resources.requests | object | `{"cpu":6,"memory":"16Gi"}` | requests for the node | +| node.resources.requests.cpu | int | `6` | cpu requests for the node, 2 by default | +| node.resources.requests.memory | string | `"16Gi"` | memory requests for the node, 8Gi by default | +| node.resourcesPreset | string | `"nano"` | more information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | +| node.schedulerName | string | `""` | | +| node.settings.address | string | `"SET_IT"` | address for the celestia-node, it must be set | +| node.settings.home | string | `"/home/celestia"` | home directory for the celestia-node, defaults to /home/celestia | +| node.settings.node_id | string | `"SET_IT"` | node ID for the celestia-node, it must be set | +| node.settings.secret.name | string | `"SET_IT"` | name of the secret, it must be set | +| node.sidecars | list | `[]` | | +| node.startupProbe | object | `{"enabled":false,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | startup probe for the node | +| node.startupProbe.enabled | bool | `false` | enable startup probe on node containers, false by default | +| node.startupProbe.initialDelaySeconds | int | `0` | initial delay seconds for startupProbe, 0 by default | +| node.startupProbe.periodSeconds | int | `10` | period seconds for startupProbe, 10 by default | +| node.startupProbe.successThreshold | int | `1` | failure threshold for startupProbe, 3 by default | +| node.startupProbe.timeoutSeconds | int | `1` | timeout seconds for startupProbe, 1 by default | +| node.statefulsetAnnotations | object | `{}` | | +| node.terminationGracePeriodSeconds | string | `""` | | +| node.tolerations | list | `[]` | | +| node.topologySpreadConstraints | list | `[]` | | +| node.updateStrategy.type | string | `"RollingUpdate"` | | +| persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"dataSource":{},"enabled":true,"existingClaim":"","mountPath":"/bitnami/app/data","selector":{},"size":"250Gi","storageClass":"","subPath":""}` | persistence parameters | +| rbac.create | bool | `false` | | +| rbac.rules | list | `[]` | | +| service.external | object | `{"annotations":{},"enabled":true,"externalTrafficPolicy":"Cluster","extraPorts":[],"loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":{"p2p":"","profiling":"","prometheus":"","rest":"","rpc":""},"ports":{"p2p":2121,"rest":26659,"rpc":26658},"sessionAffinity":"None","sessionAffinityConfig":{},"type":"LoadBalancer"}` | external service parameters | +| service.external.enabled | bool | `true` | enable external service, true by default | +| service.external.ports.p2p | int | `2121` | P2P container port, 2121 by default | +| service.external.ports.rest | int | `26659` | REST container port, 26659 by default | +| service.external.ports.rpc | int | `26658` | RPC container port, 26658 by default | +| service.external.type | string | `"LoadBalancer"` | external service type, LoadBalancer by default | +| service.internal.annotations | object | `{}` | | +| service.internal.clusterIP | string | `""` | | +| service.internal.ports | object | `{"p2p":2121,"profiling":6060,"prometheus":8890,"rest":26659,"rpc":26658}` | Ports for the celestia-node | +| service.internal.ports.p2p | int | `2121` | P2P container port, 2121 by default | +| service.internal.ports.profiling | int | `6060` | Profiling container port, 6060 by default | +| service.internal.ports.prometheus | int | `8890` | Prometheus container port, 8890 by default | +| service.internal.ports.rest | int | `26659` | REST container port, 26659 by default | +| service.internal.ports.rpc | int | `26658` | RPC container port, 26658 by default | +| service.internal.sessionAffinity | string | `"None"` | | +| service.internal.sessionAffinityConfig | object | `{}` | | +| service.internal.type | string | `"ClusterIP"` | service type, ClusterIP by default | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| volumePermissions.containerSecurityContext.enabled | bool | `true` | | +| volumePermissions.containerSecurityContext.runAsUser | int | `0` | | +| volumePermissions.containerSecurityContext.seLinuxOptions | object | `{}` | | +| volumePermissions.enabled | bool | `false` | | +| volumePermissions.image.pullPolicy | string | `"IfNotPresent"` | | +| volumePermissions.image.pullSecrets | list | `[]` | | +| volumePermissions.image.registry | string | `"docker.io"` | | +| volumePermissions.image.repository | string | `"bitnami/os-shell"` | | +| volumePermissions.image.tag | string | `"12-debian-12-r22"` | | +| volumePermissions.resources | object | `{}` | | +| volumePermissions.resourcesPreset | string | `"nano"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/celestia-node/templates/NOTES.txt b/charts/celestia-node/templates/NOTES.txt new file mode 100644 index 0000000..153ac35 --- /dev/null +++ b/charts/celestia-node/templates/NOTES.txt @@ -0,0 +1,31 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + %%ENTRYPOINT and CMD from main container%% + +{{- else }} + +%%Instructions to access the application depending on the serviceType and other considerations%% + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.node.image }} diff --git a/charts/celestia-node/templates/_helpers.tpl b/charts/celestia-node/templates/_helpers.tpl new file mode 100644 index 0000000..9cac366 --- /dev/null +++ b/charts/celestia-node/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Return the proper app image name +*/}} +{{- define "node.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.node.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "node.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "node.imagePullSecrets" -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.node.image .Values.volumePermissions.image) "context" $) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "node.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper image name for the otel agent +*/}} +{{- define "node.otelAgent.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.node.otelAgent.image "global" .Values.global) -}} +{{- end -}} + +# TODO: add validations for values +# Remember to add the validation message to NOTES.txt at the end ({{- include "node.validateValues" . }}) +{{/* +Compile all warnings into a single message. +*/}} +{{- define "node.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "node.validateValues.foo" .) -}} +{{- $messages := append $messages (include "node.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} diff --git a/charts/celestia-node/templates/clusterrolebinding.yaml b/charts/celestia-node/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..944d59d --- /dev/null +++ b/charts/celestia-node/templates/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +kind: ClusterRoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "node.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} diff --git a/charts/celestia-node/templates/configmap.yaml b/charts/celestia-node/templates/configmap.yaml new file mode 100644 index 0000000..4e1397c --- /dev/null +++ b/charts/celestia-node/templates/configmap.yaml @@ -0,0 +1,117 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-configtoml + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.toml: | + [Node] + StartupTimeout = "{{ .Values.node.config.configtoml.Node.StartupTimeout }}" + ShutdownTimeout = "{{ .Values.node.config.configtoml.Node.ShutdownTimeout }}" + [Core] + IP = "{{ .Values.node.config.configtoml.Core.IP }}" + RPCPort = "{{ .Values.node.config.configtoml.Core.RPCPort }}" + GRPCPort = "{{ .Values.node.config.configtoml.Core.GRPCPort }}" + [State] + KeyringAccName = "{{ .Values.node.config.configtoml.State.KeyringAccName }}" + KeyringBackend = "{{ .Values.node.config.configtoml.State.KeyringBackend }}" + [P2P] + ListenAddresses = [{{ range $index, $element := .Values.node.config.configtoml.P2P.ListenAddresses }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] + AnnounceAddresses = {{ .Values.node.config.configtoml.P2P.AnnounceAddresses }} + NoAnnounceAddresses = [{{ range $index, $element := .Values.node.config.configtoml.P2P.NoAnnounceAddresses }}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}] + MutualPeers = {{ .Values.node.config.configtoml.P2P.MutualPeers }} + PeerExchange = {{ .Values.node.config.configtoml.P2P.PeerExchange }} + RoutingTableRefreshPeriod = "{{ .Values.node.config.configtoml.P2P.RoutingTableRefreshPeriod }}" + [P2P.ConnManager] + Low = {{ printf "%.0f" .Values.node.config.configtoml.P2P.ConnManager.Low }} + High = {{ printf "%.0f" .Values.node.config.configtoml.P2P.ConnManager.High }} + GracePeriod = "{{ .Values.node.config.configtoml.P2P.ConnManager.GracePeriod }}" + [RPC] + Address = "{{ .Values.node.config.configtoml.RPC.Address }}" + Port = "{{ .Values.node.config.configtoml.RPC.Port }}" + SkipAuth = {{ .Values.node.config.configtoml.RPC.SkipAuth }} + [Gateway] + Address = "{{ .Values.node.config.configtoml.Gateway.Address }}" + Port = "{{ .Values.node.config.configtoml.Gateway.Port }}" + Enabled = {{ .Values.node.config.configtoml.Gateway.Enabled }} + [Share] + UseShareExchange = {{ .Values.node.config.configtoml.Share.UseShareExchange }} + [Share.EDSStoreParams] + GCInterval = "{{ .Values.node.config.configtoml.Share.EDSStoreParams.GCInterval }}" + RecentBlocksCacheSize = {{ printf "%.0f" .Values.node.config.configtoml.Share.EDSStoreParams.RecentBlocksCacheSize }} + BlockstoreCacheSize = {{ printf "%.0f" .Values.node.config.configtoml.Share.EDSStoreParams.BlockstoreCacheSize }} + [Share.ShrExEDSParams] + ServerReadTimeout = "{{ .Values.node.config.configtoml.Share.ShrExEDSParams.ServerReadTimeout }}" + ServerWriteTimeout = "{{ .Values.node.config.configtoml.Share.ShrExEDSParams.ServerWriteTimeout }}" + HandleRequestTimeout = "{{ .Values.node.config.configtoml.Share.ShrExEDSParams.HandleRequestTimeout }}" + ConcurrencyLimit = {{ printf "%.0f" .Values.node.config.configtoml.Share.ShrExEDSParams.ConcurrencyLimit }} + BufferSize = {{ printf "%.0f" .Values.node.config.configtoml.Share.ShrExEDSParams.BufferSize }} + [Share.ShrExNDParams] + ServerReadTimeout = "{{ .Values.node.config.configtoml.Share.ShrExNDParams.ServerReadTimeout }}" + ServerWriteTimeout = "{{ .Values.node.config.configtoml.Share.ShrExNDParams.ServerWriteTimeout }}" + HandleRequestTimeout = "{{ .Values.node.config.configtoml.Share.ShrExNDParams.HandleRequestTimeout }}" + ConcurrencyLimit = {{ printf "%.0f" .Values.node.config.configtoml.Share.ShrExNDParams.ConcurrencyLimit }} + [Share.PeerManagerParams] + PoolValidationTimeout = "{{ .Values.node.config.configtoml.Share.PeerManagerParams.PoolValidationTimeout }}" + PeerCooldown = "{{ .Values.node.config.configtoml.Share.PeerManagerParams.PeerCooldown }}" + GcInterval = "{{ .Values.node.config.configtoml.Share.PeerManagerParams.GcInterval }}" + EnableBlackListing = {{ .Values.node.config.configtoml.Share.PeerManagerParams.EnableBlackListing }} + [Share.LightAvailability] + SampleAmount = {{ printf "%.0f" .Values.node.config.configtoml.Share.LightAvailability.SampleAmount }} + [Share.Discovery] + PeersLimit = {{ printf "%.0f" .Values.node.config.configtoml.Share.Discovery.PeersLimit }} + AdvertiseInterval = "{{ .Values.node.config.configtoml.Share.Discovery.AdvertiseInterval }}" + [Header] + TrustedHash = "{{ .Values.node.config.configtoml.Header.TrustedHash }}" + TrustedPeers = {{ .Values.node.config.configtoml.Header.TrustedPeers }} + [Header.Store] + StoreCacheSize = {{ printf "%.0f" .Values.node.config.configtoml.Header.Store.StoreCacheSize }} + IndexCacheSize = {{ printf "%.0f" .Values.node.config.configtoml.Header.Store.IndexCacheSize }} + WriteBatchSize = {{ printf "%.0f" .Values.node.config.configtoml.Header.Store.WriteBatchSize }} + [Header.Syncer] + TrustingPeriod = "{{ .Values.node.config.configtoml.Header.Syncer.TrustingPeriod }}" + [Header.Server] + WriteDeadline = "{{ .Values.node.config.configtoml.Header.Server.WriteDeadline }}" + ReadDeadline = "{{ .Values.node.config.configtoml.Header.Server.ReadDeadline }}" + RangeRequestTimeout = "{{ .Values.node.config.configtoml.Header.Server.RangeRequestTimeout }}" + [Header.Client] + MaxHeadersPerRangeRequest = {{ printf "%.0f" .Values.node.config.configtoml.Header.Client.MaxHeadersPerRangeRequest }} + RangeRequestTimeout = "{{ .Values.node.config.configtoml.Header.Client.RangeRequestTimeout }}" + [DASer] + SamplingRange = {{ printf "%.0f" .Values.node.config.configtoml.DASer.SamplingRange }} + ConcurrencyLimit = {{ printf "%.0f" .Values.node.config.configtoml.DASer.ConcurrencyLimit }} + BackgroundStoreInterval = "{{ .Values.node.config.configtoml.DASer.BackgroundStoreInterval }}" + SampleFrom = {{ printf "%.0f" .Values.node.config.configtoml.DASer.SampleFrom }} + SampleTimeout = "{{ .Values.node.config.configtoml.DASer.SampleTimeout }}" + SamplingWindow = "{{ .Values.node.config.configtoml.DASer.SamplingWindow }}" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-address + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + address: {{ .Values.node.settings.address }} +{{- if .Values.node.otelAgent.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-otel-agent + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: otel-agent +data: + config.yaml: | +{{ toYaml .Values.node.otelAgent.config | indent 4 }} +{{- end }} diff --git a/charts/celestia-node/templates/networkpolicy.yaml b/charts/celestia-node/templates/networkpolicy.yaml new file mode 100644 index 0000000..f9568d6 --- /dev/null +++ b/charts/celestia-node/templates/networkpolicy.yaml @@ -0,0 +1,63 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.node.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: node + policyTypes: + - Ingress + - Egress + egress: + {{- if .Values.networkPolicy.allowExternalEgress }} + - {} + {{- else }} + - ports: + # Allow dns resolution + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.node.containerPorts.http }} + - port: {{ .Values.node.containerPorts.https }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/celestia-node/templates/pdb.yaml b/charts/celestia-node/templates/pdb.yaml new file mode 100644 index 0000000..ef7e02e --- /dev/null +++ b/charts/celestia-node/templates/pdb.yaml @@ -0,0 +1,24 @@ +{{- $replicaCount := int .Values.node.replicaCount }} +{{- if and .Values.node.pdb.create (or (gt $replicaCount 1) .Values.node.autoscaling.enabled) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.node.pdb.minAvailable }} + minAvailable: {{ .Values.node.pdb.minAvailable }} + {{- end }} + {{- if .Values.node.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.node.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.node.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: node +{{- end }} diff --git a/charts/celestia-node/templates/role.yaml b/charts/celestia-node/templates/role.yaml new file mode 100644 index 0000000..86ce127 --- /dev/null +++ b/charts/celestia-node/templates/role.yaml @@ -0,0 +1,23 @@ +{{ if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # TODO: Update resources and verbs to the proper values for the application cases + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/celestia-node/templates/service-account.yaml b/charts/celestia-node/templates/service-account.yaml new file mode 100644 index 0000000..4a331aa --- /dev/null +++ b/charts/celestia-node/templates/service-account.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/celestia-node/templates/service.yaml b/charts/celestia-node/templates/service.yaml new file mode 100644 index 0000000..5e72e6f --- /dev/null +++ b/charts/celestia-node/templates/service.yaml @@ -0,0 +1,166 @@ +{{- if .Values.service.external.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-external + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.service.external.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.external.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.external.type }} + {{- if and .Values.service.external.clusterIP (eq .Values.service.external.type "ClusterIP") }} + clusterIP: {{ .Values.service.external.clusterIP }} + {{- end }} + {{- if .Values.service.external.sessionAffinity }} + sessionAffinity: {{ .Values.service.external.sessionAffinity }} + {{- end }} + {{- if .Values.service.external.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.external.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.external.type "LoadBalancer") (eq .Values.service.external.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.external.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.external.type "LoadBalancer") (not (empty .Values.service.external.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.external.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.external.type "LoadBalancer") (not (empty .Values.service.external.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.external.loadBalancerIP }} + {{- end }} + ports: + {{- if .Values.service.external.ports.p2p }} + - name: p2p + port: {{ .Values.service.external.ports.p2p }} + {{- if not (eq .Values.service.external.ports.p2p .Values.node.containerPorts.p2p) }} + targetPort: {{ .Values.node.containerPorts.p2p }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.p2p)) }} + nodePort: {{ .Values.service.external.nodePorts.p2p }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.rest }} + - name: rest + port: {{ .Values.service.external.ports.rest }} + {{- if not (eq .Values.service.external.ports.rest .Values.node.containerPorts.rest) }} + targetPort: {{ .Values.node.containerPorts.rest }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.rest)) }} + nodePort: {{ .Values.service.external.nodePorts.rest }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.rpc }} + - name: rpc + port: {{ .Values.service.external.ports.rpc }} + {{- if not (eq .Values.service.external.ports.rpc .Values.node.containerPorts.rpc) }} + targetPort: {{ .Values.node.containerPorts.rpc }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.rpc)) }} + nodePort: {{ .Values.service.external.nodePorts.rpc }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.profiling }} + - name: profiling + port: {{ .Values.service.external.ports.profiling }} + {{- if not (eq .Values.service.external.ports.profiling .Values.node.containerPorts.profiling) }} + targetPort: {{ .Values.node.containerPorts.profiling }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.profiling)) }} + nodePort: {{ .Values.service.external.nodePorts.profiling }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.ports.prometheus }} + - name: prometheus + port: {{ .Values.service.external.ports.prometheus }} + {{- if not (eq .Values.service.external.ports.prometheus .Values.node.containerPorts.prometheus) }} + targetPort: {{ .Values.node.containerPorts.prometheus }} + {{- end }} + protocol: TCP + {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.prometheus)) }} + nodePort: {{ .Values.service.external.nodePorts.prometheus }} + {{- else if eq .Values.service.external.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.external.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.external.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.node.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node +--- +{{- end }} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-internal + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.service.internal.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.internal.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.internal.type }} + {{- if and .Values.service.internal.clusterIP (eq .Values.service.internal.type "ClusterIP") }} + clusterIP: {{ .Values.service.internal.clusterIP }} + {{- end }} + {{- if .Values.service.internal.sessionAffinity }} + sessionAffinity: {{ .Values.service.internal.sessionAffinity }} + {{- end }} + {{- if .Values.service.internal.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.internal.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: p2p + port: {{ .Values.service.internal.ports.p2p }} + {{- if not (eq .Values.service.internal.ports.p2p .Values.node.containerPorts.p2p) }} + targetPort: {{ .Values.node.containerPorts.p2p }} + {{- end }} + protocol: TCP + - name: rest + port: {{ .Values.service.internal.ports.rest }} + {{- if not (eq .Values.service.internal.ports.rest .Values.node.containerPorts.rest) }} + targetPort: {{ .Values.node.containerPorts.rest }} + {{- end }} + protocol: TCP + - name: rpc + port: {{ .Values.service.internal.ports.rpc }} + {{- if not (eq .Values.service.internal.ports.rpc .Values.node.containerPorts.rpc) }} + targetPort: {{ .Values.node.containerPorts.rpc }} + {{- end }} + protocol: TCP + - name: profiling + port: {{ .Values.service.internal.ports.profiling }} + {{- if not (eq .Values.service.internal.ports.profiling .Values.node.containerPorts.profiling) }} + targetPort: {{ .Values.node.containerPorts.profiling }} + {{- end }} + protocol: TCP + - name: prometheus + port: {{ .Values.service.internal.ports.prometheus }} + {{- if not (eq .Values.service.internal.ports.prometheus .Values.node.containerPorts.prometheus) }} + targetPort: {{ .Values.node.containerPorts.prometheus }} + {{- end }} + protocol: TCP + {{- if .Values.service.internal.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.internal.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.node.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node diff --git a/charts/celestia-node/templates/servicemonitor.yaml b/charts/celestia-node/templates/servicemonitor.yaml new file mode 100644 index 0000000..7982f9e --- /dev/null +++ b/charts/celestia-node/templates/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: prometheus + path: "" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/celestia-node/templates/statefulset.yaml b/charts/celestia-node/templates/statefulset.yaml new file mode 100644 index 0000000..311d2e5 --- /dev/null +++ b/charts/celestia-node/templates/statefulset.yaml @@ -0,0 +1,369 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.node.statefulsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.node.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.node.replicaCount }} + podManagementPolicy: {{ .Values.node.podManagementPolicy | quote }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.node.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: node + serviceName: {{ template "common.names.fullname" . }} + {{- if .Values.node.updateStrategy }} + updateStrategy: {{- toYaml .Values.node.updateStrategy | nindent 4 }} + {{- end }} + {{- if .Values.node.persistentVolumeClaimRetentionPolicy }} + persistentVolumeClaimRetentionPolicy: + {{- if .Values.node.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenDeleted: {{ .Values.node.persistentVolumeClaimRetentionPolicy.whenDeleted | quote }} + {{- end }} + {{- if .Values.node.persistentVolumeClaimRetentionPolicy.whenScaled }} + whenScaled: {{ .Values.node.persistentVolumeClaimRetentionPolicy.whenScaled | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- if .Values.node.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.node.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: node + spec: + {{- include "node.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ template "node.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.node.automountServiceAccountToken }} + {{- if .Values.node.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.node.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.node.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.node.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.node.podAffinityPreset "component" "app" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.node.podAntiAffinityPreset "component" "app" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.node.nodeAffinityPreset.type "key" .Values.node.nodeAffinityPreset.key "values" .Values.node.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.node.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.node.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.node.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.node.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.node.priorityClassName }} + priorityClassName: {{ .Values.node.priorityClassName | quote }} + {{- end }} + {{- if .Values.node.schedulerName }} + schedulerName: {{ .Values.node.schedulerName | quote }} + {{- end }} + {{- if .Values.node.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.node.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.node.podSecurityContext.enabled }} + securityContext: {{- omit .Values.node.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.node.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "node.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - "sh" + - "-c" + - "chown -R {{ .Values.node.containerSecurityContext.runAsUser }}:{{ .Values.node.containerSecurityContext.runAsGroup }} {{ .Values.node.settings.home }}" + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.node.settings.home }}/data + subPath: data + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/blocks + subPath: blocks + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/index + subPath: index + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/inverted_index + subPath: inverted_index + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/transients + subPath: transients + readOnly: false + {{- end }} + - name: home-permission + image: busybox + command: + - "sh" + - "-c" + - "chown -R {{ .Values.node.containerSecurityContext.runAsUser }}:{{ .Values.node.containerSecurityContext.runAsGroup }} /home" + volumeMounts: + - name: home-dir # This is needed so that the process has permissions to create files in the home directory + mountPath: /home + readOnly: false + - name: keys-permission + image: busybox + command: + - "sh" + - "-c" + - | + mkdir -p /keys-volume/keyring-test && \ + cp /keys/* /keys-volume/ && \ + cp /address/* /keys-volume/keyring-test/ && \ + cp /celes-key/* /keys-volume/keyring-test/ && \ + chown -R {{ .Values.node.containerSecurityContext.runAsUser }}:{{ .Values.node.containerSecurityContext.runAsGroup }} /keys-volume/* /keys-volume/keyring-test/ && \ + find /keys-volume/ -type f -exec chmod 0600 {} \; + volumeMounts: + - name: keys + mountPath: /keys + readOnly: true + - name: address + mountPath: /address + readOnly: true + - name: celes-key + mountPath: /celes-key + readOnly: true + - name: keys-volume + mountPath: /keys-volume + {{- if .Values.node.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: node + image: {{ template "node.image" . }} + imagePullPolicy: {{ .Values.node.image.pullPolicy }} + {{- if .Values.node.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.node.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.node.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.node.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.node.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.node.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: CELESTIA_HOME + value: {{ .Values.node.settings.home }} + {{- if .Values.node.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.node.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.node.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.node.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.node.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.node.resources }} + resources: {{- toYaml .Values.node.resources | nindent 12 }} + {{- else if ne .Values.node.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.node.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: p2p + containerPort: {{ .Values.node.containerPorts.p2p }} + - name: rest + containerPort: {{ .Values.node.containerPorts.rest }} + - name: rpc + containerPort: {{ .Values.node.containerPorts.rpc }} + - name: profiling + containerPort: {{ .Values.node.containerPorts.profiling }} + - name: prometheus + containerPort: {{ .Values.node.containerPorts.prometheus }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.node.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.node.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.node.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: rpc + {{- end }} + {{- if .Values.node.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.node.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.node.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - '-c' + - > + AUTH_TOKEN=$(celestia bridge auth read --node.store=/home/celestia 2>/dev/null); + curl --max-time 0.5 -s -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "Authorization: Bearer $AUTH_TOKEN" -d '{"id":1,"jsonrpc":"2.0","method":"das.WaitCatchUp","params":[]}' "http://localhost:26658"; + if [ "$?" -eq 0 ]; then exit 0; else echo "Catching up"; exit 1; fi + {{- end }} + {{- if .Values.node.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.node.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.node.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: rpc + {{- end }} + {{- end }} + {{- if .Values.node.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.node.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.node.settings.home }}/data + subPath: data + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/blocks + subPath: blocks + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/index + subPath: index + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/inverted_index + subPath: inverted_index + readOnly: false + - name: data + mountPath: {{ .Values.node.settings.home }}/transients + subPath: transients + readOnly: false + - name: keys-volume + mountPath: {{ .Values.node.settings.home }}/keys + readOnly: false + - name: configtoml + mountPath: {{ .Values.node.settings.home }}/config.toml + subPath: config.toml + - name: home-dir # This is needed so that the process has permissions to create files in the home directory + mountPath: {{ .Values.node.settings.home }} + readOnly: false + {{- if .Values.node.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + - name: otel-agent + image: {{ template "node.otelAgent.image" . }} + imagePullPolicy: {{ .Values.node.otelAgent.image.pullPolicy }} + ports: + - containerPort: 4317 + name: otlp-grpc + - containerPort: 4318 + name: otlp-http + - containerPort: 8888 + name: prom-collector + - containerPort: 8889 + name: prom-exporter + command: + - "/otelcol-contrib" + - "--config=/etc/otelcol-contrib/config.yaml" + env: + - name: JOB_NAME + value: {{ template "common.names.fullname" . }}-{{ .Release.Namespace }} + - name: GRAFANA_OTEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.node.otelAgent.grafanaOtelSecret.name }} + key: username + - name: GRAFANA_OTEL_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.node.otelAgent.grafanaOtelSecret.name }} + key: token + {{- if .Values.node.otelAgent.resources }} + resources: {{- toYaml .Values.node.otelAgent.resources | nindent 12 }} + {{- else if ne .Values.node.otelAgent.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.node.otelAgent.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: otel-agent-config + mountPath: /etc/otelcol-contrib/config.yaml + subPath: config.yaml + {{- if .Values.node.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.node.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: keys + secret: + secretName: {{ .Values.node.settings.secret.name }} + items: + - key: NJ3XILLTMVRXEZLUFZVHO5A + path: NJ3XILLTMVRXEZLUFZVHO5A + - key: OAZHALLLMV4Q + path: OAZHALLLMV4Q + - key: my_celes_key_info + path: my_celes_key.info + - name: address + configMap: + name: {{ template "common.names.fullname" . }}-address + items: + - key: address + path: address + - name: celes-key + secret: + secretName: {{ .Values.node.settings.secret.name }} + items: + - key: my_celes_key_info + path: my_celes_key.info + - name: keys-volume + emptyDir: {} + - name: home-dir + emptyDir: {} + - name: configtoml + configMap: + name: {{ template "common.names.fullname" . }}-configtoml + - name: otel-agent-config + configMap: + name: {{ template "common.names.fullname" . }}-otel-agent + items: + - key: config.yaml + path: config.yaml + {{- if .Values.node.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} + {{- end }} + {{- if .Values.commonLabels }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/charts/celestia-node/values.yaml b/charts/celestia-node/values.yaml new file mode 100644 index 0000000..f02d5c1 --- /dev/null +++ b/charts/celestia-node/values.yaml @@ -0,0 +1,1084 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g: + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Diagnostic mode +## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) +## @param diagnosticMode.command Command to override all containers in the chart release +## @param diagnosticMode.args Args to override all containers in the chart release +## +diagnosticMode: + enabled: false + command: + - sleep + args: + - infinity + +## @section celestia-node Parameters +## + +## %%MAIN_CONTAINER/POD_DESCRIPTION%% +## +node: + ## Celestia celestia-node image + ## ref: https://github.com/celestiaorg/celestia-node/pkgs/container/celestia-node/versions?filters%5Bversion_type%5D=tagged + ## @param node.image.registry [default: REGISTRY_NAME] celestia-node image registry + ## @param node.image.repository [default: REPOSITORY_NAME/celestia-node] celestia-node image repository + ## @skip node.image.tag celestia-node image tag (immutable tags are recommended) + ## @param node.image.digest celestia-node image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param node.image.pullPolicy celestia-node image pull policy + ## @param node.image.pullSecrets celestia-node image pull secrets + ## + # -- image parameters for the image + image: + # -- registry for the image, GitHub Container Registry by default + registry: ghcr.io + # -- repository for the image, celestiaorg/celestia-node by default + repository: celestiaorg/celestia-node + # -- tag for the image, v0.13.6 by default + tag: v0.13.6 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + # -- pull policy for the image, IfNotPresent by default + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param node.settings Settings for the celestia-node + settings: + ## @param node.settings.home Home directory for the celestia-node + ## + # -- home directory for the celestia-node, defaults to /home/celestia + home: "/home/celestia" + ## @param node.settings.node_id Node ID for the celestia-node + ## + # -- node ID for the celestia-node, it must be set + node_id: "SET_IT" + ## @param node.settings.address Address for the celestia-node + ## + # -- address for the celestia-node, it must be set + address: "SET_IT" + ## @param node.settings.secret Secret for the celestia-node + ## + ## A secret must be available in the cluster with the following format: + ## - name: + ## - items: + ## - key: NJ3XILLTMVRXEZLUFZVHO5A + ## - key: OAZHALLLMV4Q + ## - key: my_celes_key_info + secret: + # -- name of the secret, it must be set + name: SET_IT + ## @param node.config Configuration for the celestia-node + ## + ## @param node.config.apptoml Configuration for the celestia-node node.toml + ## + ## @param node.config.clienttoml Configuration for the celestia-node client.toml + ## + ## @param node.config.configtoml Configuration for the celestia-node config.toml + ## + config: + configtoml: + Node: + StartupTimeout: 20s + ShutdownTimeout: 20s + Core: + IP: "" + RPCPort: "26657" + GRPCPort: "9090" + State: + KeyringAccName: "" + KeyringBackend: test + P2P: + ListenAddresses: + - /ip4/0.0.0.0/udp/2121/quic-v1/webtransport + - /ip6/::/udp/2121/quic-v1/webtransport + - /ip4/0.0.0.0/udp/2121/quic-v1 + - /ip6/::/udp/2121/quic-v1 + - /ip4/0.0.0.0/tcp/2121 + - /ip6/::/tcp/2121 + AnnounceAddresses: [] + NoAnnounceAddresses: + - /ip4/127.0.0.1/udp/2121/quic-v1/webtransport + - /ip4/0.0.0.0/udp/2121/quic-v1/webtransport + - /ip6/::/udp/2121/quic-v1/webtransport + - /ip4/0.0.0.0/udp/2121/quic-v1 + - /ip4/127.0.0.1/udp/2121/quic-v1 + - /ip6/::/udp/2121/quic-v1 + - /ip4/0.0.0.0/tcp/2121 + - /ip4/127.0.0.1/tcp/2121 + - /ip6/::/tcp/2121 + MutualPeers: [] + PeerExchange: false + RoutingTableRefreshPeriod: 1m0s + ConnManager: + Low: 50 + High: 100 + GracePeriod: 1m0s + RPC: + Address: localhost + Port: "26658" + SkipAuth: false + Gateway: + Address: localhost + Port: "26659" + Enabled: false + Share: + UseShareExchange: true + EDSStoreParams: + GCInterval: 0s + RecentBlocksCacheSize: 10 + BlockstoreCacheSize: 128 + ShrExEDSParams: + ServerReadTimeout: 5s + ServerWriteTimeout: 1m0s + HandleRequestTimeout: 1m0s + ConcurrencyLimit: 10 + BufferSize: 32768 + ShrExNDParams: + ServerReadTimeout: 5s + ServerWriteTimeout: 1m0s + HandleRequestTimeout: 1m0s + ConcurrencyLimit: 10 + PeerManagerParams: + PoolValidationTimeout: 2m0s + PeerCooldown: 3s + GcInterval: 30s + EnableBlackListing: false + LightAvailability: + SampleAmount: 16 + Discovery: + PeersLimit: 5 + AdvertiseInterval: 1h0m0s + Header: + TrustedHash: "" + TrustedPeers: [] + Store: + StoreCacheSize: 512 + IndexCacheSize: 2048 + WriteBatchSize: 512 + Syncer: + TrustingPeriod: 336h0m0s + Server: + WriteDeadline: 8s + ReadDeadline: 1m0s + RangeRequestTimeout: 10s + Client: + MaxHeadersPerRangeRequest: 64 + RangeRequestTimeout: 8s + DASer: + SamplingRange: 100 + ConcurrencyLimit: 16 + BackgroundStoreInterval: 10m0s + SampleFrom: 1 + SampleTimeout: 2m40s + SamplingWindow: 0s + ## @param node.otelAgent OTel agent configuration for the node + ## + otelAgent: + # -- enable otel agent for the node, false by default + enabled: false + # -- image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default + image: + registry: ghcr.io + repository: open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib + tag: 0.102.0 + digest: "" + pullPolicy: IfNotPresent + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param volumePermissions.resources Set init container resources for the otel agent (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 100m + ## memory: 100Mi + ## limits: + ## cpu: 200m + ## memory: 200Mi + resources: {} + ## A secret must be available in the cluster with the following format: + ## - name: + ## - items: + ## - key: token + ## - key: username + # -- grafana otel secret for the node + grafanaOtelSecret: + # -- name of the grafana otel secret, it must be set + name: SET_IT + ## @param node.otelAgent.config Configuration for the otel agent + ## + # -- config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) + config: + extensions: + basicauth/otlp: + client_auth: + username: "${GRAFANA_OTEL_USERNAME}" + password: "${GRAFANA_OTEL_TOKEN}" + receivers: + otlp: + protocols: + grpc: + endpoint: "localhost:4317" + http: + endpoint: "localhost:4318" + prometheus: + config: + scrape_configs: + - job_name: "${JOB_NAME}" + scrape_interval: 10s + static_configs: + - targets: ["localhost:8890"] + exporters: + otlphttp: + auth: + authenticator: basicauth/otlp + endpoint: https://otlp-gateway-prod-us-central-0.grafana.net/otlp + prometheus: + endpoint: "localhost:8889" + service: + extensions: [basicauth/otlp] + pipelines: + metrics: + receivers: [otlp, prometheus] + exporters: [otlphttp, prometheus] + telemetry: + metrics: + address: "localhost:8888" + level: basic + logs: + level: INFO + ## @param node.replicaCount Number of node replicas to deploy + ## + # -- number of node replicas to deploy, 1 by default + replicaCount: 1 + ## @param node.containerPorts.p2p Node P2P container port + ## @param node.containerPorts.rest Node REST container port + ## @param node.containerPorts.rpc Node RPC container port + ## @param node.containerPorts.profiling Node Profiling container port + ## @param node.containerPorts.prometheus Node Prometheus container port + ## + # -- Container ports for the node + containerPorts: + # -- P2P container port, 2121 by default + p2p: 2121 + # -- REST container port, 26659 by default + rest: 26659 + # -- RPC container port, 26658 by default + rpc: 26658 + # -- Profiling container port, 6060 by default + profiling: 6060 + # -- Prometheus container port, 8890 by default + prometheus: 8890 + ## Configure extra options for node containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param node.livenessProbe.enabled Enable livenessProbe on node containers + ## @param node.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param node.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param node.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param node.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param node.livenessProbe.successThreshold Success threshold for livenessProbe + ## + # -- liveness probe for the node + livenessProbe: + # -- enable liveness probe on node containers, false by default + enabled: false + # -- initial delay seconds for livenessProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for livenessProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for livenessProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for livenessProbe, 3 by default + failureThreshold: 3 + # -- success threshold for livenessProbe, 1 by default + successThreshold: 1 + ## @param node.readinessProbe.enabled Enable readinessProbe on node containers + ## @param node.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param node.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param node.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param node.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param node.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + # -- enable readiness probe on node containers, false by default + enabled: false + # -- initial delay seconds for readinessProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for readinessProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for readinessProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for readinessProbe, 3 by default + failureThreshold: 3 + # -- success threshold for readinessProbe, 1 by default + successThreshold: 1 + ## @param node.startupProbe.enabled Enable startupProbe on node containers + ## @param node.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param node.startupProbe.periodSeconds Period seconds for startupProbe + ## @param node.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param node.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param node.startupProbe.successThreshold Success threshold for startupProbe + ## + # -- startup probe for the node + startupProbe: + # -- enable startup probe on node containers, false by default + enabled: false + # -- initial delay seconds for startupProbe, 0 by default + initialDelaySeconds: 0 + # -- period seconds for startupProbe, 10 by default + periodSeconds: 10 + # -- timeout seconds for startupProbe, 1 by default + timeoutSeconds: 1 + # -- failure threshold for startupProbe, 3 by default + successThreshold: 1 + ## @param node.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param node.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param node.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## node resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param node.resourcesPreset Set node container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if node.resources is set (node.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + # -- set node container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if node.resources is set (node.resources is recommended for production) + # -- more information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + resourcesPreset: "nano" + ## @param node.resources Set node container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + # -- resources for the node + resources: + # -- requests for the node + requests: + # -- cpu requests for the node, 2 by default + cpu: 6 + # -- memory requests for the node, 8Gi by default + memory: 16Gi + # -- limits for the node + limits: + # -- cpu limits for the node, 2 by default + cpu: 6 + # -- memory limits for the node, 8Gi by default + memory: 16Gi + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param node.podSecurityContext.enabled Enable node pods' Security Context + ## @param node.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for node pods + ## @param node.podSecurityContext.sysctls Set kernel settings using the sysctl interface for node pods + ## @param node.podSecurityContext.supplementalGroups Set filesystem extra groups for node pods + ## @param node.podSecurityContext.fsGroup Set fsGroup in node pods' Security Context + ## + # -- pod security context for the node + podSecurityContext: + # -- enable pod security context for the node, true by default + enabled: true + # -- filesystem group change policy for node pods, Always by default + fsGroupChangePolicy: Always + # -- kernel settings using the sysctl interface for node pods, [] by default + sysctls: [] + # -- filesystem extra groups for node pods, [] by default + supplementalGroups: [] + # -- fsGroup in node pods' Security Context, 10001 by default + fsGroup: 10001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param node.containerSecurityContext.enabled Enabled node container' Security Context + ## @param node.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in node container + ## @param node.containerSecurityContext.runAsUser Set runAsUser in node container' Security Context + ## @param node.containerSecurityContext.runAsNonRoot Set runAsNonRoot in node container' Security Context + ## @param node.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in node container' Security Context + ## @param node.containerSecurityContext.privileged Set privileged in node container' Security Context + ## @param node.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in node container' Security Context + ## @param node.containerSecurityContext.capabilities.drop List of capabilities to be dropped in node container + ## @param node.containerSecurityContext.seccompProfile.type Set seccomp profile in node container + ## + # -- container security context for the node + containerSecurityContext: + # -- enable container security context for the node, true by default + enabled: true + # -- SELinux options in node container, {} by default + seLinuxOptions: {} + # -- runAsUser in node container, 10001 by default + runAsUser: 10001 + # -- runAsGroup in node container, 10001 by default + runAsGroup: 10001 + # -- runAsNonRoot in node container, true by default + runAsNonRoot: true + # -- readOnlyRootFilesystem in node container, true by default + readOnlyRootFilesystem: true + # -- privileged in node container, false by default + privileged: false + # -- allowPrivilegeEscalation in node container, false by default + allowPrivilegeEscalation: false + # -- capabilities to be dropped in node container, ["ALL"] by default + capabilities: + drop: ["ALL"] + # -- seccomp profile in node container, RuntimeDefault by default + seccompProfile: + type: "RuntimeDefault" + + ## @param node.existingConfigmap The name of an existing ConfigMap with your custom configuration for node + ## + existingConfigmap: + ## @param node.command Override default node container command (useful when using custom images) + ## + # -- command for the celestia-node + command: + # -- celestia + - celestia + ## @param node.args Override default node container args (useful when using custom images) + ## + args: + - bridge + - start + - --node.store=$(CELESTIA_HOME) + - --metrics + - --metrics.tls=false + - --p2p.metrics + ## @param node.automountServiceAccountToken Mount Service Account token in node pods + ## + # -- mount service account token in node pods + automountServiceAccountToken: false + ## @param node.hostAliases node pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param node.daemonsetAnnotations Annotations for node daemonset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + daemonsetAnnotations: {} + ## @param node.deploymentAnnotations Annotations for node deployment + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + deploymentAnnotations: {} + ## @param node.statefulsetAnnotations Annotations for node statefulset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + statefulsetAnnotations: {} + ## @param node.podLabels Extra labels for node pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param node.podAnnotations Annotations for node pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param node.podAffinityPreset Pod affinity preset. Ignored if `node.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param node.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `node.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node node.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param node.nodeAffinityPreset.type Node affinity preset type. Ignored if `node.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param node.nodeAffinityPreset.key Node label key to match. Ignored if `node.affinity` is set + ## + key: "" + ## @param node.nodeAffinityPreset.values Node label values to match. Ignored if `node.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param node.affinity Affinity for node pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `node.podAffinityPreset`, `node.podAntiAffinityPreset`, and `node.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param node.nodeSelector Node labels for node pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param node.tolerations Tolerations for node pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## ONLY FOR DEPLOYMENTS: + ## @param node.updateStrategy.type node deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## ONLY FOR STATEFULSETS: + ## @param node.updateStrategy.type node statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## ONLY FOR DEPLOYMENTS: + ## Can be set to RollingUpdate or Recreate + ## ONLY FOR STATEFULSETS: + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## ONLY FOR STATEFULSETS: + ## @param node.persistentVolumeClaimRetentionPolicy Persistent Volume Claim Retention Policy for the node + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#retain + ## + persistentVolumeClaimRetentionPolicy: + ## @param node.persistentVolumeClaimRetentionPolicy.whenDeleted Policy when the StatefulSet is deleted. Allowed values: Retain, Delete + ## + whenDeleted: Retain + ## @param node.persistentVolumeClaimRetentionPolicy.whenScaled Policy when the StatefulSet is scaled down. Allowed values: Retain, Delete + ## + whenScaled: Retain + ## ONLY FOR STATEFULSETS: + ## @param node.podManagementPolicy Pod management policy for node statefulset + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param node.priorityClassName node pods' priorityClassName + ## + priorityClassName: "" + ## @param node.topologySpreadConstraints Topology Spread Constraints for node pod assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param node.schedulerName Name of the k8s scheduler (other than default) for node pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param node.terminationGracePeriodSeconds Seconds node pods need to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param node.lifecycleHooks for node containers to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param node.extraEnvVars Array with extra environment variables to add to node containers + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param node.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for node containers + ## + extraEnvVarsCM: "" + ## @param node.extraEnvVarsSecret Name of existing Secret containing extra env vars for node containers + ## + extraEnvVarsSecret: "" + ## @param node.extraVolumes Optionally specify extra list of additional volumes for the node pods + ## + extraVolumes: [] + ## @param node.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the node containers + ## + extraVolumeMounts: [] + ## @param node.sidecars Add additional sidecar containers to the node pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param node.initContainers Add additional init containers to the node pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param node.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param node.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param node.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + + # TODO: Remove when not needed in the end + # TODO: If you add here something remember to add it to:_helpers.tpl (define "node.imagePullSecrets") and NOTES.txt ({{- include "common.warnings.rollingTag" .Values.%%OTHER_OBJECT_BLOCK%%.image }}) +# ## %%SECONDARY_CONTAINER/POD_DESCRIPTION%% +# ## +# %%SECONDARY_OBJECT_BLOCK%%: +# %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +# ## %%OTHERS_CONTAINER/POD_DESCRIPTION%% +# ## +# %%OTHER_OBJECT_BLOCK%%: +# %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +## @section Traffic Exposure Parameters +## + +## node service parameters +## +# -- service parameters +service: + ## @param service.internal.type node internal service type + ## + # -- service type, ClusterIP by default + internal: + # -- service type, ClusterIP by default + type: ClusterIP + ## @param service.internal.ports.p2p Node internal service P2P port + ## @param service.internal.ports.rest Node internal service REST port + ## @param service.internal.ports.rpc Node internal service RPC port + ## @param service.internal.ports.profiling Node internal service Profiling port + ## @param service.internal.ports.prometheus Node internal service Prometheus port + # -- Ports for the celestia-node + ports: + # -- P2P container port, 2121 by default + p2p: 2121 + # -- REST container port, 26659 by default + rest: 26659 + # -- RPC container port, 26658 by default + rpc: 26658 + # -- Profiling container port, 6060 by default + profiling: 6060 + # -- Prometheus container port, 8890 by default + prometheus: 8890 + ## @param service.internal.clusterIP node internal service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.internal.annotations Additional custom annotations for node internal service + ## + annotations: {} + ## @param service.internal.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.internal.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + + ## @param service.external.enabled Enable external service + ## + # -- external service parameters + external: + # -- enable external service, true by default + enabled: true + ## @param service.external.type node external service type + ## + # -- external service type, LoadBalancer by default + type: LoadBalancer + ## @param service.external.ports.p2p Node external service P2P port + ## @param service.external.ports.rest Node external service REST port + ## @param service.external.ports.rpc Node external service RPC port + ## @param service.external.ports.profiling Node external service Profiling port + ## @param service.external.ports.prometheus Node external service Prometheus port + ports: + # -- P2P container port, 2121 by default + p2p: 2121 + # -- REST container port, 26659 by default + rest: 26659 + # -- RPC container port, 26658 by default + rpc: 26658 + ## Node ports to expose + ## @param service.external.nodePorts.p2p Node port for P2P + ## @param service.external.nodePorts.rest Node port for REST + ## @param service.external.nodePorts.rpc Node port for RPC + ## @param service.external.nodePorts.profiling Node port for Profiling + ## @param service.external.nodePorts.prometheus Node port for Prometheus + ## NOTE: choose port between <30000-32767> + ## + # -- node ports for the celestia-app + nodePorts: + # -- p2p port, 2121 by default + p2p: "" + # -- rest port, 26659 by default + rest: "" + # -- rpc port, 26658 by default + rpc: "" + # -- profiling port, 6060 by default + profiling: "" + # -- prometheus port, 8890 by default + prometheus: "" + ## @param service.external.loadBalancerIP node external service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.external.loadBalancerSourceRanges node external service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.external.externalTrafficPolicy node external service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.external.annotations Additional custom annotations for node external service + ## + annotations: {} + ## @param service.external.extraPorts Extra ports to expose in node external service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.external.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.external.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +# -- network policy, The Policy model to apply. When set to false, only pods with the correct +# -- server label will have network access to the ports server is listening +# -- on. When true, server will accept connections from any source +# -- (with the correct destination port). +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + # -- enable network policy, true by default + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## @section Persistence Parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +# -- persistence parameters +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + # -- enable persistence, true by default + enabled: true + ## @param persistence.mountPath Path to mount the volume at. + ## Note: This value is overridden by 'Values.node.settings.home' in the stateful set. + ## + mountPath: /bitnami/app/data + ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services + ## Note: This is not used in the stateufulset template + ## + subPath: "" + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + # -- size of data volume, 250Gi by default + size: 250Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r22 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -fc2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 0 + +## @section Other Parameters +## + +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} diff --git a/charts/template/.helmignore b/charts/template/.helmignore new file mode 100644 index 0000000..fb56657 --- /dev/null +++ b/charts/template/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ diff --git a/charts/template/CHART_NAME/.helmignore b/charts/template/CHART_NAME/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/template/CHART_NAME/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/template/CHART_NAME/Chart.yaml b/charts/template/CHART_NAME/Chart.yaml new file mode 100644 index 0000000..876cdcb --- /dev/null +++ b/charts/template/CHART_NAME/Chart.yaml @@ -0,0 +1,34 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: %%CHOOSE_ONE_FROM_CHART_CATEGORIES_FILE%% + licenses: Apache-2.0 +apiVersion: v2 +appVersion: %%UPSTREAM_PROJECT_VERSION%% +dependencies: + - condition: SUBCHART_NAME.enabled + name: SUBCHART_NAME + repository: oci://registry-1.docker.io/bitnamicharts + version: %%MAJOR_SUBCHART_VERSION_(A.X.X)%% + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: %%DESCRIPTION%% +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/%%IMAGE_NAME%%/img/%%IMAGE_NAME%%-stack-220x234.png +keywords: + - %%UPSTREAM_PROJECT_KEYWORD%% + - %%UPSTREAM_PROJECT_KEYWORD%% + - ... +maintainers: + - name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: %%CHART_NAME%% +sources: + - https://github.com/bitnami/containers/tree/main/bitnami/%%IMAGE_NAME%% + - %%UPSTREAM_PROJECT_SOURCE_CODE_URL%% + - ... +version: 0.1.0 diff --git a/charts/template/CHART_NAME/README.md b/charts/template/CHART_NAME/README.md new file mode 100644 index 0000000..d3ed659 --- /dev/null +++ b/charts/template/CHART_NAME/README.md @@ -0,0 +1,223 @@ + + +# %%CHART_NAME%% + +%%DESCRIPTION%% (check existing examples) + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/%%CHART_NAME%% +``` + +Looking to use %%CHART_NAME%% in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + +## Introduction + +%%INTRODUCTION%% (check existing examples) + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys %%CHART_NAME%% on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### External database support + +%%IF NEEDED%% + +You may want to have %%CHART_NAME%% connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: + +```console +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=3306 +``` + +### Ingress + +%%IF NEEDED%% + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### TLS secrets + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. +- `tls.certCAFilename`: CA Certificate filename. No defaults. + +For example: + +First, create the secret with the certificates files: + +```console +kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem +``` + +Then, use the following parameters: + +```console +tls.enabled="true" +tls.existingSecret="certificates-tls-secret" +tls.certFilename="cert.pem" +tls.certKeyFilename="cert.key" +tls.certCAFilename="ca.pem" +``` + +### %%OTHER_SECTIONS%% + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +%%CHART_NAME%%: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as %%CHART_NAME%% (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami %%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image stores the %%CHART_NAME%% data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Parameters + +See to create the table + +The above parameters map to the env variables defined in [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%). For more information please refer to the [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set %%CHART_NAME%%Username=admin \ + --set %%CHART_NAME%%Password=password \ + --set mariadb.auth.rootPassword=secretpassword \ + oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the %%CHART_NAME%% administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/template/CHART_NAME/templates/NOTES.txt b/charts/template/CHART_NAME/templates/NOTES.txt new file mode 100644 index 0000000..1421956 --- /dev/null +++ b/charts/template/CHART_NAME/templates/NOTES.txt @@ -0,0 +1,33 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + %%ENTRYPOINT and CMD from main container%% + +{{- else }} + +%%Instructions to access the application depending on the serviceType and other considerations%% + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.%%MAIN_OBJECT_BLOCK%%.image }} +{{- include "common.warnings.rollingTag" .Values.%%OTHER_OBJECT_BLOCK%%.image }} +{{- include "%%TEMPLATE_NAME%%.validateValues" . }} diff --git a/charts/template/CHART_NAME/templates/_helpers.tpl b/charts/template/CHART_NAME/templates/_helpers.tpl new file mode 100644 index 0000000..eaf8004 --- /dev/null +++ b/charts/template/CHART_NAME/templates/_helpers.tpl @@ -0,0 +1,61 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the proper %%MAIN_OBJECT_BLOCK%% image name +*/}} +{{- define "%%TEMPLATE_NAME%%.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.%%MAIN_OBJECT_BLOCK%%.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "%%TEMPLATE_NAME%%.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "%%TEMPLATE_NAME%%.imagePullSecrets" -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.%%MAIN_OBJECT_BLOCK%%.image .Values.%%SECONDARY_OBJECT_BLOCK%%.image .Values.volumePermissions.image) "context" $) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "%%TEMPLATE_NAME%%.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +*/}} +{{- define "%%TEMPLATE_NAME%%.ingress.certManagerRequest" -}} +{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "%%TEMPLATE_NAME%%.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.foo" .) -}} +{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} diff --git a/charts/template/CHART_NAME/templates/clusterrolebinding.yaml b/charts/template/CHART_NAME/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..07e011c --- /dev/null +++ b/charts/template/CHART_NAME/templates/clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +kind: ClusterRoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} diff --git a/charts/template/CHART_NAME/templates/configmap.yaml b/charts/template/CHART_NAME/templates/configmap.yaml new file mode 100644 index 0000000..bb2fe98 --- /dev/null +++ b/charts/template/CHART_NAME/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + %%CONFIG_FILE_NAME%%: | + # Config file diff --git a/charts/template/CHART_NAME/templates/daemonset.yaml b/charts/template/CHART_NAME/templates/daemonset.yaml new file mode 100644 index 0000000..bbcac35 --- /dev/null +++ b/charts/template/CHART_NAME/templates/daemonset.yaml @@ -0,0 +1,172 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} + updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + template: + metadata: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + spec: + {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} + priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} + securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: %%CONTAINER_NAME%% + image: {{ template "%%TEMPLATE_NAME%%.image" . }} + imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: foo + value: bar + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - containerPort: foo + protocol: bar + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} + resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} + {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + readOnly: true + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/template/CHART_NAME/templates/deployment.yaml b/charts/template/CHART_NAME/templates/deployment.yaml new file mode 100644 index 0000000..939a4ea --- /dev/null +++ b/charts/template/CHART_NAME/templates/deployment.yaml @@ -0,0 +1,189 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} + replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} + strategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + template: + metadata: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + spec: + {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} + priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }} + schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} + securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: %%CONTAINER_NAME%% + image: {{ template "%%TEMPLATE_NAME%%.image" . }} + imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: foo + value: bar + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} + resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} + {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} + - name: https + containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/template/CHART_NAME/templates/extra-list.yaml b/charts/template/CHART_NAME/templates/extra-list.yaml new file mode 100644 index 0000000..329f5c6 --- /dev/null +++ b/charts/template/CHART_NAME/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/hpa.yaml b/charts/template/CHART_NAME/templates/hpa.yaml new file mode 100644 index 0000000..19ece7c --- /dev/null +++ b/charts/template/CHART_NAME/templates/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }} + minReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.minReplicas }} + maxReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.maxReplicas }} + metrics: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.worker.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.worker.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/ingress.yaml b/charts/template/CHART_NAME/templates/ingress.yaml new file mode 100644 index 0000000..3d03fb5 --- /dev/null +++ b/charts/template/CHART_NAME/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.ingress.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/networkpolicy.yaml b/charts/template/CHART_NAME/templates/networkpolicy.yaml new file mode 100644 index 0000000..09ef6f3 --- /dev/null +++ b/charts/template/CHART_NAME/templates/networkpolicy.yaml @@ -0,0 +1,68 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + policyTypes: + - Ingress + - Egress + egress: + {{- if .Values.networkPolicy.allowExternalEgress }} + - {} + {{- else }} + - ports: + # Allow dns resolution + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} + - port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/pdb.yaml b/charts/template/CHART_NAME/templates/pdb.yaml new file mode 100644 index 0000000..7e0b7f1 --- /dev/null +++ b/charts/template/CHART_NAME/templates/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $replicaCount := int .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} +{{- if and .Values.%%MAIN_OBJECT_BLOCK%%.pdb.create (or (gt $replicaCount 1) .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }} + minAvailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% +{{- end }} diff --git a/charts/template/CHART_NAME/templates/pvc.yaml b/charts/template/CHART_NAME/templates/pvc.yaml new file mode 100644 index 0000000..3cc766a --- /dev/null +++ b/charts/template/CHART_NAME/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.persistence.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} +{{- end -}} diff --git a/charts/template/CHART_NAME/templates/role.yaml b/charts/template/CHART_NAME/templates/role.yaml new file mode 100644 index 0000000..31e70b9 --- /dev/null +++ b/charts/template/CHART_NAME/templates/role.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{ if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + # TODO: Update resources and verbs to the proper values for the application cases + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/secret.yaml b/charts/template/CHART_NAME/templates/secret.yaml new file mode 100644 index 0000000..eaf29b5 --- /dev/null +++ b/charts/template/CHART_NAME/templates/secret.yaml @@ -0,0 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + password-key: b64-password-value diff --git a/charts/template/CHART_NAME/templates/service-account.yaml b/charts/template/CHART_NAME/templates/service-account.yaml new file mode 100644 index 0000000..b52fb98 --- /dev/null +++ b/charts/template/CHART_NAME/templates/service-account.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "%%TEMPLATE_NAME%%.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/service.yaml b/charts/template/CHART_NAME/templates/service.yaml new file mode 100644 index 0000000..685a52a --- /dev/null +++ b/charts/template/CHART_NAME/templates/service.yaml @@ -0,0 +1,54 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: %%PORT_NAME%% + port: {{ .Values.service.ports.http }} + {{- if not (eq .Values.service.ports.http .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http) }} + targetPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} + {{- end }} + protocol: bar + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) | fromYaml }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% diff --git a/charts/template/CHART_NAME/templates/servicemonitor.yaml b/charts/template/CHART_NAME/templates/servicemonitor.yaml new file mode 100644 index 0000000..15c8e69 --- /dev/null +++ b/charts/template/CHART_NAME/templates/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: tcp-metrics + path: "/metrics" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/template/CHART_NAME/templates/statefulset.yaml b/charts/template/CHART_NAME/templates/statefulset.yaml new file mode 100644 index 0000000..ecd9e1d --- /dev/null +++ b/charts/template/CHART_NAME/templates/statefulset.yaml @@ -0,0 +1,217 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} + replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} + {{- end }} + podManagementPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.podManagementPolicy | quote }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + serviceName: {{ template "common.names.fullname" . }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} + updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + spec: + {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} + priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }} + schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} + securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: %%CONTAINER_NAME%% + image: {{ template "%%TEMPLATE_NAME%%.image" . }} + imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: foo + value: bar + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} + resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} + {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} + - name: https + containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }} + %%httpGet || command || etc%% + {{- end }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + readOnly: true + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} + {{- end }} + {{- if .Values.commonLabels }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/charts/template/CHART_NAME/templates/tls-secret.yaml b/charts/template/CHART_NAME/templates/tls-secret.yaml new file mode 100644 index 0000000..a7acfe0 --- /dev/null +++ b/charts/template/CHART_NAME/templates/tls-secret.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} +{{- $ca := genCA "%%COMPONENT_NAME%%-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: %%COMPONENT_NAME%% + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/template/CHART_NAME/values.yaml b/charts/template/CHART_NAME/values.yaml new file mode 100644 index 0000000..776f7e3 --- /dev/null +++ b/charts/template/CHART_NAME/values.yaml @@ -0,0 +1,838 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g: + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Diagnostic mode +## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) +## @param diagnosticMode.command Command to override all containers in the chart release +## @param diagnosticMode.args Args to override all containers in the chart release +## +diagnosticMode: + enabled: false + command: + - sleep + args: + - infinity + +## @section %%MAIN_CONTAINER%% Parameters +## + +## %%MAIN_CONTAINER/POD_DESCRIPTION%% +## +%%MAIN_OBJECT_BLOCK%%: + ## Bitnami %%MAIN_CONTAINER%% image + ## ref: https://hub.docker.com/r/bitnami/%%IMAGE_NAME%%/tags/ + ## @param %%MAIN_OBJECT_BLOCK%%.image.registry [default: REGISTRY_NAME] %%MAIN_CONTAINER%% image registry + ## @param %%MAIN_OBJECT_BLOCK%%.image.repository [default: REPOSITORY_NAME/%%IMAGE_NAME%%] %%MAIN_CONTAINER%% image repository + ## @skip %%MAIN_OBJECT_BLOCK%%.image.tag %%MAIN_CONTAINER%% image tag (immutable tags are recommended) + ## @param %%MAIN_OBJECT_BLOCK%%.image.digest %%MAIN_CONTAINER%% image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param %%MAIN_OBJECT_BLOCK%%.image.pullPolicy %%MAIN_CONTAINER%% image pull policy + ## @param %%MAIN_OBJECT_BLOCK%%.image.pullSecrets %%MAIN_CONTAINER%% image pull secrets + ## @param %%MAIN_OBJECT_BLOCK%%.image.debug Enable %%MAIN_CONTAINER%% image debug mode + ## + image: + registry: docker.io + repository: bitnami/%%IMAGE_NAME%% + tag: %%IMAGE_TAG%% + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + debug: false + ## @param %%MAIN_OBJECT_BLOCK%%.replicaCount Number of %%MAIN_CONTAINER_NAME%% replicas to deploy + ## + replicaCount: 1 + ## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.http %%MAIN_CONTAINER_NAME%% HTTP container port + ## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.https %%MAIN_CONTAINER_NAME%% HTTPS container port + ## + containerPorts: + http: 80 + https: 443 + ## Configure extra options for %%MAIN_CONTAINER_NAME%% containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled Enable livenessProbe on %%MAIN_CONTAINER_NAME%% containers + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: foo + periodSeconds: bar + timeoutSeconds: foo + failureThreshold: bar + successThreshold: foo + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled Enable readinessProbe on %%MAIN_CONTAINER_NAME%% containers + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: foo + periodSeconds: bar + timeoutSeconds: foo + failureThreshold: bar + successThreshold: foo + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.enabled Enable startupProbe on %%MAIN_CONTAINER_NAME%% containers + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.periodSeconds Period seconds for startupProbe + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: foo + periodSeconds: bar + timeoutSeconds: foo + failureThreshold: bar + successThreshold: foo + ## @param %%MAIN_OBJECT_BLOCK%%.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param %%MAIN_OBJECT_BLOCK%%.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param %%MAIN_OBJECT_BLOCK%%.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## %%MAIN_CONTAINER_NAME%% resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param %%MAIN_OBJECT_BLOCK%%.resourcesPreset Set %%MAIN_CONTAINER_NAME%% container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if %%MAIN_OBJECT_BLOCK%%.resources is set (%%MAIN_OBJECT_BLOCK%%.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param %%MAIN_OBJECT_BLOCK%%.resources Set %%MAIN_CONTAINER_NAME%% container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled Enable %%MAIN_CONTAINER_NAME%% pods' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for %%MAIN_CONTAINER_NAME%% pods + ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.sysctls Set kernel settings using the sysctl interface for %%MAIN_CONTAINER_NAME%% pods + ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.supplementalGroups Set filesystem extra groups for %%MAIN_CONTAINER_NAME%% pods + ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroup Set fsGroup in %%MAIN_CONTAINER_NAME%% pods' Security Context + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in %%MAIN_CONTAINER_NAME%% container + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsUser Set runAsUser in %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsNonRoot Set runAsNonRoot in %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.privileged Set privileged in %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in %%MAIN_CONTAINER_NAME%% container' Security Context + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.capabilities.drop List of capabilities to be dropped in %%MAIN_CONTAINER_NAME%% container + ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seccompProfile.type Set seccomp profile in %%MAIN_CONTAINER_NAME%% container + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + + %%OTHER_PARAMETERS_RELATED_TO_THIS_CONTAINER/POD%% + + ## @param %%MAIN_OBJECT_BLOCK%%.existingConfigmap The name of an existing ConfigMap with your custom configuration for %%MAIN_CONTAINER_NAME%% + ## + existingConfigmap: + ## @param %%MAIN_OBJECT_BLOCK%%.command Override default %%MAIN_CONTAINER_NAME%% container command (useful when using custom images) + ## + command: [] + ## @param %%MAIN_OBJECT_BLOCK%%.args Override default %%MAIN_CONTAINER_NAME%% container args (useful when using custom images) + ## + args: [] + ## @param %%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken Mount Service Account token in %%MAIN_CONTAINER_NAME%% pods + ## + automountServiceAccountToken: false + ## @param %%MAIN_OBJECT_BLOCK%%.hostAliases %%MAIN_CONTAINER_NAME%% pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param %%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% daemonset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + daemonsetAnnotations: {} + ## @param %%MAIN_OBJECT_BLOCK%%.deploymentAnnotations Annotations for %%MAIN_CONTAINER_NAME%% deployment + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + deploymentAnnotations: {} + ## @param %%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% statefulset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + statefulsetAnnotations: {} + ## @param %%MAIN_OBJECT_BLOCK%%.podLabels Extra labels for %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param %%MAIN_OBJECT_BLOCK%%.podAnnotations Annotations for %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param %%MAIN_OBJECT_BLOCK%%.podAffinityPreset Pod affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param %%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node %%MAIN_OBJECT_BLOCK%%.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type Node affinity preset type. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key Node label key to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set + ## + key: "" + ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values Node label values to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param %%MAIN_OBJECT_BLOCK%%.affinity Affinity for %%MAIN_CONTAINER_NAME%% pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `%%MAIN_OBJECT_BLOCK%%.podAffinityPreset`, `%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset`, and `%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param %%MAIN_OBJECT_BLOCK%%.nodeSelector Node labels for %%MAIN_CONTAINER_NAME%% pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param %%MAIN_OBJECT_BLOCK%%.tolerations Tolerations for %%MAIN_CONTAINER_NAME%% pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## ONLY FOR DEPLOYMENTS: + ## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## ONLY FOR STATEFULSETS: + ## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## ONLY FOR DEPLOYMENTS: + ## Can be set to RollingUpdate or Recreate + ## ONLY FOR STATEFULSETS: + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## ONLY FOR STATEFULSETS: + ## @param %%MAIN_OBJECT_BLOCK%%.podManagementPolicy Pod management policy for %%MAIN_CONTAINER_NAME%% statefulset + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param %%MAIN_OBJECT_BLOCK%%.priorityClassName %%MAIN_CONTAINER_NAME%% pods' priorityClassName + ## + priorityClassName: "" + ## @param %%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints Topology Spread Constraints for %%MAIN_CONTAINER_NAME%% pod assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param %%MAIN_OBJECT_BLOCK%%.schedulerName Name of the k8s scheduler (other than default) for %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param %%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds Seconds %%MAIN_CONTAINER_NAME%% pods need to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param %%MAIN_OBJECT_BLOCK%%.lifecycleHooks for %%MAIN_CONTAINER_NAME%% containers to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVars Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% containers + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% containers + ## + extraEnvVarsCM: "" + ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% containers + ## + extraEnvVarsSecret: "" + ## @param %%MAIN_OBJECT_BLOCK%%.extraVolumes Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pods + ## + extraVolumes: [] + ## @param %%MAIN_OBJECT_BLOCK%%.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% containers + ## + extraVolumeMounts: [] + ## @param %%MAIN_OBJECT_BLOCK%%.sidecars Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param %%MAIN_OBJECT_BLOCK%%.initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param %%MAIN_OBJECT_BLOCK%%.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param %%MAIN_OBJECT_BLOCK%%.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param %%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.enabled Enable autoscaling for %%MAIN_OBJECT_BLOCK%% + ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.minReplicas Minimum number of %%MAIN_OBJECT_BLOCK%% replicas + ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.maxReplicas Maximum number of %%MAIN_OBJECT_BLOCK%% replicas + ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU Target CPU utilization percentage + ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + +## %%SECONDARY_CONTAINER/POD_DESCRIPTION%% +## +%%SECONDARY_OBJECT_BLOCK%%: + %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +## %%OTHERS_CONTAINER/POD_DESCRIPTION%% +## +%%OTHER_OBJECT_BLOCK%%: + %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% + +## @section Traffic Exposure Parameters +## + +## %%MAIN_CONTAINER_NAME%% service parameters +## +service: + ## @param service.type %%MAIN_CONTAINER_NAME%% service type + ## + type: LoadBalancer + ## @param service.ports.http %%MAIN_CONTAINER_NAME%% service HTTP port + ## @param service.ports.https %%MAIN_CONTAINER_NAME%% service HTTPS port + ## + ports: + http: 80 + https: 443 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + https: "" + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in %%MAIN_CONTAINER_NAME%% service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## %%MAIN_CONTAINER_NAME%% ingress parameters +## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%% + ## + enabled: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: %%COMPONENT_NAME%%.local + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: %%COMPONENT_NAME%%.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - %%COMPONENT_NAME%%.local + ## secretName: %%COMPONENT_NAME%%.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: %%COMPONENT_NAME%%.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Persistence Parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.mountPath Path to mount the volume at. + ## + mountPath: /bitnami/%%MAIN_OBJECT_BLOCK%%/data + ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + size: 8Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r%%IMAGE_REVISION%% + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 0 + +## @section Other Parameters +## + +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} +## %%SUBCHART_CONTAINER/POD_DESCRIPTION%% +## +%%SUBCHART_NAME%%: + enabled: false + %%OTHER_PARAMETERS_RELATED_TO_THIS_SUBCHART%% diff --git a/charts/template/README.md b/charts/template/README.md new file mode 100644 index 0000000..c41b2de --- /dev/null +++ b/charts/template/README.md @@ -0,0 +1,42 @@ +# Bitnami Charts Template + +This directory contains a basic scaffolding to serve as the basis for creating a new chart. + +Some of the items that need to be implemented are: + +- commonAnnotations +- commonLabels +- imagePullSecret +- extraDeploy +- resources.requests +- resources.limits +- livenessProbe +- readinessProbe +- customLivenessProbe +- customReadinessProbe +- podLabels +- affinity +- nodeSelector +- tolerations (that would override the default one) +- daemonsetAnnotations +- deploymentAnnotations +- statefulsetAnnotations +- podAnnotations +- priorityClassName +- lifecycleHooks +- sidecars +- initContainers +- extraEnvVars +- extraEnvVarsCM +- extraEnvVarsSecret +- command (which would override the default one) +- args (which would override the default one) +- extraVolumes +- extraVolumeMounts +- updateStrategy +- podSecurityContext +- containerSecurityContext + +Also it is necessary to use the `bitnami/common` chart to standarize some of the above items. + +:warning: Take into account this is just an example to follow, depending on the specific use case you will need to remove, add or modify those templates, beyond replacing the placeholders `%%FOO%%` diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..2dbd375 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,5 @@ +# examples + +These example requires present Kubernetes secrets. + +See docs in the `values.yaml` file in the `app.settings` section. diff --git a/examples/celestia-app/mocha.yaml b/examples/celestia-app/mocha.yaml new file mode 100644 index 0000000..cc265c7 --- /dev/null +++ b/examples/celestia-app/mocha.yaml @@ -0,0 +1,58 @@ +commonLabels: + chain_id: mocha-4 + environment: mocha + network: consensus + type: full +persistence: + size: 1200Gi + dataSource: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: consensus-latest +app: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Retain + otelAgent: + enabled: true + grafanaOtelSecret: + name: grafana-otel-token + resources: + requests: + cpu: 6 + memory: 24Gi + limits: + cpu: 6 + memory: 24Gi + livenessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 3 + readinessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 30 + startupProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 30 + settings: + genesisURL: "https://raw.githubusercontent.com/celestiaorg/networks/master/mocha-4/genesis.json" + secret: + name: keys-consensus-1 + config: + clienttoml: + chain_id: "mocha-4" + configtoml: + p2p: + seeds: "ee9f90974f85c59d3861fc7f7edb10894f6ac3c8@seed-mocha.pops.one:26656,258f523c96efde50d5fe0a9faeea8a3e83be22ca@seed.mocha-4.celestia.aviaone.com:20279,5d0bf034d6e6a8b5ee31a2f42f753f1107b3a00e@celestia-testnet-seed.itrocket.net:11656,7da0fb48d6ef0823bc9770c0c8068dd7c89ed4ee@celest-test-seed.theamsolutions.info:443" + persistent_peers: "34499b1ac473fbb03894c883178ecc83f0d6eaf6@64.227.18.169:26656,43e9da043318a4ea0141259c17fcb06ecff816af@rpc-1.celestia.nodes.guru:43656,f9e950870eccdb40e2386896d7b6a7687a103c99@rpc-2.celestia.nodes.guru:43656,daf2cecee2bd7f1b3bf94839f993f807c6b15fbf@celestia-testnet-peer.itrocket.net:11656" + instrumentation: + prometheus: true + tx_index: + indexer: "kv" + rpc: + laddr: "tcp://0.0.0.0:26657" + max_subscriptions_per_client: 1000 +diagnosticMode: + enabled: false diff --git a/examples/celestia-node/mocha.yaml b/examples/celestia-node/mocha.yaml new file mode 100644 index 0000000..9cf58c8 --- /dev/null +++ b/examples/celestia-node/mocha.yaml @@ -0,0 +1,64 @@ +commonLabels: + chain_id: mocha-4 + environment: mocha + network: da + type: bridge +persistence: + size: 5000Gi + dataSource: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: da-latest +node: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Retain + otelAgent: + enabled: true + grafanaOtelSecret: + name: grafana-otel-token + resources: + requests: + cpu: 6 + memory: 24Gi + limits: + cpu: 6 + memory: 24Gi + livenessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 3 + readinessProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 30 + startupProbe: + enabled: true + periodSeconds: 10 + failureThreshold: 60 + args: + - bridge + - start + - --p2p.network=mocha-4 + - --node.store=$(CELESTIA_HOME) + - --metrics + - --metrics.tls=false + - --p2p.metrics + settings: + address: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjcmVhdGVkIjoiMjAyMy0wOS0wNiAxNDoyOTozNi44NTgyOTk3NTMgKzAwMDAgVVRDIG09KzAuMDcyOTE0OTk4IiwiZW5jIjoiQTI1NkdDTSIsInAyYyI6ODE5MiwicDJzIjoiQVIwenY1UGhFaUMxLXlHZiJ9.I5fV04Ezg" + node_id: "b9b227cd41a7567d270d2c630e40b77167b2539f" + secret: + name: keys-da-bridge-1 + config: + configtoml: + Core: + IP: consensus-full-mocha-4.celestia-mocha.com + RPC: + Address: 0.0.0.0 + Gateway: + Enabled: true + Address: 0.0.0.0 + Node: + StartupTimeout: 2m +diagnosticMode: + enabled: false diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 0000000..983f92d --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,31 @@ +# scripts + +## config + +When a new version of the application is release, put the new version of the config files here. + +### Extracting the config files + +```bash +./scripts/extract_configs.sh +``` + +### Integrating to helm chart + +Compare the new configs with the version of the existing configs. (You can use `git diff` for that) +If the differ then run the following two scripts for all config files. + +app: `app.toml`, `client.toml`, `config.toml` +node: `config.toml` + +Steps with example + +1. Get the template for the `configmap.yaml` +```bash +./scripts/convert_toml_to_yaml.sh scripts/config/app//config.toml app +``` + +2. Get the values for the `values.yaml` +```bash +./scripts/convert_toml_to_yaml.sh scripts/config/node//config.toml +``` diff --git a/scripts/config/app/v1.10.1/app.toml b/scripts/config/app/v1.10.1/app.toml new file mode 100644 index 0000000..7759ce7 --- /dev/null +++ b/scripts/config/app/v1.10.1/app.toml @@ -0,0 +1,252 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +############################################################################### +### Base Configuration ### +############################################################################### + +# The minimum gas prices a validator is willing to accept for processing a +# transaction. A transaction's fees must meet the minimum of any denomination +# specified in this config (e.g. 0.25token1;0.0001token2). +minimum-gas-prices = "0.002utia" + +# default: the last 362880 states are kept, pruning at 10 block intervals +# nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) +# everything: 2 latest states will be kept; pruning at 10 block intervals. +# custom: allow pruning options to be manually specified through 'pruning-keep-recent', and 'pruning-interval' +pruning = "default" + +# These are applied if and only if the pruning strategy is custom. +pruning-keep-recent = "0" +pruning-interval = "0" + +# HaltHeight contains a non-zero block height at which a node will gracefully +# halt and shutdown that can be used to assist upgrades and testing. +# +# Note: Commitment of state will be attempted on the corresponding block. +halt-height = 0 + +# HaltTime contains a non-zero minimum block time (in Unix seconds) at which +# a node will gracefully halt and shutdown that can be used to assist upgrades +# and testing. +# +# Note: Commitment of state will be attempted on the corresponding block. +halt-time = 0 + +# MinRetainBlocks defines the minimum block height offset from the current +# block being committed, such that all blocks past this offset are pruned +# from Tendermint. It is used as part of the process of determining the +# ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates +# that no blocks should be pruned. +# +# This configuration value is only responsible for pruning Tendermint blocks. +# It has no bearing on application state pruning which is determined by the +# "pruning-*" configurations. +# +# Note: Tendermint block pruning is dependant on this parameter in conunction +# with the unbonding (safety threshold) period, state pruning and state sync +# snapshot parameters to determine the correct minimum value of +# ResponseCommit.RetainHeight. +min-retain-blocks = 0 + +# InterBlockCache enables inter-block caching. +inter-block-cache = true + +# IndexEvents defines the set of events in the form {eventType}.{attributeKey}, +# which informs Tendermint what to index. If empty, all events will be indexed. +# +# Example: +# ["message.sender", "message.recipient"] +index-events = [] + +# IavlCacheSize set the size of the iavl tree cache. +# Default cache size is 50mb. +iavl-cache-size = 781250 + +# IavlDisableFastNode enables or disables the fast node feature of IAVL. +# Default is false. +iavl-disable-fastnode = false + +# EXPERIMENTAL: IAVLLazyLoading enable/disable the lazy loading of iavl store. +# Default is false. +iavl-lazy-loading = false + +# AppDBBackend defines the database backend type to use for the application and snapshots DBs. +# An empty string indicates that a fallback will be used. +# First fallback is the deprecated compile-time types.DBBackend value. +# Second fallback (if the types.DBBackend also isn't set), is the db-backend value set in Tendermint's config.toml. +app-db-backend = "" + +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services. +service-name = "" + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = false + +# Enable prefixing gauge values with hostname. +enable-hostname = false + +# Enable adding hostname to labels. +enable-hostname-label = false + +# Enable adding service to labels. +enable-service-label = false + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = 0 + +# GlobalLabels defines a global set of name/value label tuples applied to all +# metrics emitted using the wrapper functions defined in telemetry package. +# +# Example: +# [["chain_id", "cosmoshub-1"]] +global-labels = [ +] + +############################################################################### +### API Configuration ### +############################################################################### + +[api] + +# Enable defines if the API server should be enabled. +enable = false + +# Swagger defines if swagger documentation should automatically be registered. +swagger = false + +# Address defines the API server to listen on. +address = "tcp://0.0.0.0:1317" + +# MaxOpenConnections defines the number of maximum open connections. +max-open-connections = 1000 + +# RPCReadTimeout defines the Tendermint RPC read timeout (in seconds). +rpc-read-timeout = 10 + +# RPCWriteTimeout defines the Tendermint RPC write timeout (in seconds). +rpc-write-timeout = 0 + +# RPCMaxBodyBytes defines the Tendermint maximum response body (in bytes). +rpc-max-body-bytes = 1000000 + +# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk). +enabled-unsafe-cors = false + +############################################################################### +### Rosetta Configuration ### +############################################################################### + +[rosetta] + +# Enable defines if the Rosetta API server should be enabled. +enable = false + +# Address defines the Rosetta API server to listen on. +address = ":8080" + +# Network defines the name of the blockchain that will be returned by Rosetta. +blockchain = "app" + +# Network defines the name of the network that will be returned by Rosetta. +network = "network" + +# Retries defines the number of retries when connecting to the node before failing. +retries = 3 + +# Offline defines if Rosetta server should run in offline mode. +offline = false + +# EnableDefaultSuggestedFee defines if the server should suggest fee by default. +# If 'construction/medata' is called without gas limit and gas price, +# suggested fee based on gas-to-suggest and denom-to-suggest will be given. +enable-fee-suggestion = false + +# GasToSuggest defines gas limit when calculating the fee +gas-to-suggest = 210000 + +# DenomToSuggest defines the defult denom for fee suggestion. +# Price must be in minimum-gas-prices. +denom-to-suggest = "uatom" + +############################################################################### +### gRPC Configuration ### +############################################################################### + +[grpc] + +# Enable defines if the gRPC server should be enabled. +enable = false + +# Address defines the gRPC server address to bind to. +address = "0.0.0.0:9090" + +# MaxRecvMsgSize defines the max message size in bytes the server can receive. +# The default value is 10MB. +max-recv-msg-size = "10485760" + +# MaxSendMsgSize defines the max message size in bytes the server can send. +# The default value is math.MaxInt32. +max-send-msg-size = "2147483647" + +############################################################################### +### gRPC Web Configuration ### +############################################################################### + +[grpc-web] + +# GRPCWebEnable defines if the gRPC-web should be enabled. +# NOTE: gRPC must also be enabled, otherwise, this configuration is a no-op. +enable = false + +# Address defines the gRPC-web server address to bind to. +address = "0.0.0.0:9091" + +# EnableUnsafeCORS defines if CORS should be enabled (unsafe - use it at your own risk). +enable-unsafe-cors = false + +############################################################################### +### State Sync Configuration ### +############################################################################### + +# State sync snapshots allow other nodes to rapidly join the network without replaying historical +# blocks, instead downloading and applying a snapshot of the application state at a given height. +[state-sync] + +# snapshot-interval specifies the block interval at which local state sync snapshots are +# taken (0 to disable). +snapshot-interval = 1500 + +# snapshot-keep-recent specifies the number of recent snapshots to keep and serve (0 to keep all). +snapshot-keep-recent = 2 + +############################################################################### +### Store / State Streaming ### +############################################################################### + +[store] +streamers = [] + +[streamers] +[streamers.file] +keys = ["*", ] +write_dir = "" +prefix = "" + +# output-metadata specifies if output the metadata file which includes the abci request/responses +# during processing the block. +output-metadata = "true" + +# stop-node-on-error specifies if propagate the file streamer errors to consensus state machine. +stop-node-on-error = "true" + +# fsync specifies if call fsync after writing the files. +fsync = "false" diff --git a/scripts/config/app/v1.10.1/client.toml b/scripts/config/app/v1.10.1/client.toml new file mode 100644 index 0000000..15ef7a8 --- /dev/null +++ b/scripts/config/app/v1.10.1/client.toml @@ -0,0 +1,17 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +############################################################################### +### Client Configuration ### +############################################################################### + +# The network chain ID +chain-id = "celestia" +# The keyring's backend, where the keys are stored (os|file|kwallet|pass|test|memory) +keyring-backend = "test" +# CLI output format (text|json) +output = "text" +# : to Tendermint RPC interface for this chain +node = "tcp://localhost:26657" +# Transaction broadcasting mode (sync|async|block) +broadcast-mode = "sync" diff --git a/scripts/config/app/v1.10.1/config.toml b/scripts/config/app/v1.10.1/config.toml new file mode 100644 index 0000000..fdea885 --- /dev/null +++ b/scripts/config/app/v1.10.1/config.toml @@ -0,0 +1,519 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +# NOTE: Any path below can be absolute (e.g. "/var/myawesomeapp/data") or +# relative to the home directory (e.g. "data"). The home directory is +# "$HOME/.cometbft" by default, but could be changed via $CMTHOME env variable +# or --home cmd flag. + +####################################################################### +### Main Base Config Options ### +####################################################################### + +# TCP or UNIX socket address of the ABCI application, +# or the name of an ABCI application compiled in with the CometBFT binary +proxy_app = "tcp://127.0.0.1:26658" + +# A custom human readable name for this node +moniker = "app" + +# If this node is many blocks behind the tip of the chain, FastSync +# allows them to catchup quickly by downloading blocks in parallel +# and verifying their commits +fast_sync = true + +# Database backend: goleveldb | cleveldb | boltdb | rocksdb | badgerdb +# * goleveldb (github.com/syndtr/goleveldb - most popular implementation) +# - pure go +# - stable +# * cleveldb (uses levigo wrapper) +# - fast +# - requires gcc +# - use cleveldb build tag (go build -tags cleveldb) +# * boltdb (uses etcd's fork of bolt - github.com/etcd-io/bbolt) +# - EXPERIMENTAL +# - may be faster is some use-cases (random reads - indexer) +# - use boltdb build tag (go build -tags boltdb) +# * rocksdb (uses github.com/tecbot/gorocksdb) +# - EXPERIMENTAL +# - requires gcc +# - use rocksdb build tag (go build -tags rocksdb) +# * badgerdb (uses github.com/dgraph-io/badger) +# - EXPERIMENTAL +# - use badgerdb build tag (go build -tags badgerdb) +db_backend = "goleveldb" + +# Database directory +db_dir = "data" + +# Output level for logging, including package level options +log_level = "info" + +# Output format: 'plain' (colored text) or 'json' +log_format = "plain" + +##### additional base config options ##### + +# Path to the JSON file containing the initial validator set and other meta data +genesis_file = "config/genesis.json" + +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +priv_validator_state_file = "data/priv_validator_state.json" + +# TCP or UNIX socket address for CometBFT to listen on for +# connections from an external PrivValidator process +priv_validator_laddr = "" + +# Path to the JSON file containing the private key to use for node authentication in the p2p protocol +node_key_file = "config/node_key.json" + +# Mechanism to connect to the ABCI application: socket | grpc +abci = "socket" + +# If true, query the ABCI app on connecting to a new peer +# so the app can decide if we should keep the connection or not +filter_peers = false + + +####################################################################### +### Advanced Configuration Options ### +####################################################################### + +####################################################### +### RPC Server Configuration Options ### +####################################################### +[rpc] + +# TCP or UNIX socket address for the RPC server to listen on +laddr = "tcp://127.0.0.1:26657" + +# A list of origins a cross-domain request can be executed from +# Default value '[]' disables cors support +# Use '["*"]' to allow any origin +cors_allowed_origins = [] + +# A list of methods the client is allowed to use with cross-domain requests +cors_allowed_methods = ["HEAD", "GET", "POST", ] + +# A list of non simple headers the client is allowed to use with cross-domain requests +cors_allowed_headers = ["Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time", ] + +# TCP or UNIX socket address for the gRPC server to listen on +# NOTE: This server only supports /broadcast_tx_commit +grpc_laddr = "" + +# Maximum number of simultaneous connections. +# Does not include RPC (HTTP&WebSocket) connections. See max_open_connections +# If you want to accept a larger number than the default, make sure +# you increase your OS limits. +# 0 - unlimited. +# Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files} +# 1024 - 40 - 10 - 50 = 924 = ~900 +grpc_max_open_connections = 900 + +# Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool +unsafe = false + +# Maximum number of simultaneous connections (including WebSocket). +# Does not include gRPC connections. See grpc_max_open_connections +# If you want to accept a larger number than the default, make sure +# you increase your OS limits. +# 0 - unlimited. +# Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files} +# 1024 - 40 - 10 - 50 = 924 = ~900 +max_open_connections = 900 + +# Maximum number of unique clientIDs that can /subscribe +# If you're using /broadcast_tx_commit, set to the estimated maximum number +# of broadcast_tx_commit calls per block. +max_subscription_clients = 100 + +# Maximum number of unique queries a given client can /subscribe to +# If you're using GRPC (or Local RPC client) and /broadcast_tx_commit, set to +# the estimated # maximum number of broadcast_tx_commit calls per block. +max_subscriptions_per_client = 5 + +# Experimental parameter to specify the maximum number of events a node will +# buffer, per subscription, before returning an error and closing the +# subscription. Must be set to at least 100, but higher values will accommodate +# higher event throughput rates (and will use more memory). +experimental_subscription_buffer_size = 200 + +# Experimental parameter to specify the maximum number of RPC responses that +# can be buffered per WebSocket client. If clients cannot read from the +# WebSocket endpoint fast enough, they will be disconnected, so increasing this +# parameter may reduce the chances of them being disconnected (but will cause +# the node to use more memory). +# +# Must be at least the same as "experimental_subscription_buffer_size", +# otherwise connections could be dropped unnecessarily. This value should +# ideally be somewhat higher than "experimental_subscription_buffer_size" to +# accommodate non-subscription-related RPC responses. +experimental_websocket_write_buffer_size = 200 + +# If a WebSocket client cannot read fast enough, at present we may +# silently drop events instead of generating an error or disconnecting the +# client. +# +# Enabling this experimental parameter will cause the WebSocket connection to +# be closed instead if it cannot read fast enough, allowing for greater +# predictability in subscription behaviour. +experimental_close_on_slow_client = false + +# How long to wait for a tx to be committed during /broadcast_tx_commit. +# WARNING: Using a value larger than 10s will result in increasing the +# global HTTP write timeout, which applies to all connections and endpoints. +# See https://github.com/tendermint/tendermint/issues/3435 +timeout_broadcast_tx_commit = "50s" + +# Maximum size of request body, in bytes +max_body_bytes = 8388608 + +# Maximum size of request header, in bytes +max_header_bytes = 1048576 + +# The path to a file containing certificate that is used to create the HTTPS server. +# Might be either absolute path or path related to CometBFT's config directory. +# If the certificate is signed by a certificate authority, +# the certFile should be the concatenation of the server's certificate, any intermediates, +# and the CA's certificate. +# NOTE: both tls_cert_file and tls_key_file must be present for CometBFT to create HTTPS server. +# Otherwise, HTTP server is run. +tls_cert_file = "" + +# The path to a file containing matching private key that is used to create the HTTPS server. +# Might be either absolute path or path related to CometBFT's config directory. +# NOTE: both tls-cert-file and tls-key-file must be present for CometBFT to create HTTPS server. +# Otherwise, HTTP server is run. +tls_key_file = "" + +# pprof listen address (https://golang.org/pkg/net/http/pprof) +pprof_laddr = "localhost:6060" + +####################################################### +### P2P Configuration Options ### +####################################################### +[p2p] + +# Address to listen for incoming connections +laddr = "tcp://0.0.0.0:26656" + +# Address to advertise to peers for them to dial +# If empty, will use the same port as the laddr, +# and will introspect on the listener or use UPnP +# to figure out the address. ip and port are required +# example: 159.89.10.97:26656 +external_address = "" + +# Comma separated list of seed nodes to connect to +seeds = "" + +# Comma separated list of nodes to keep persistent connections to +persistent_peers = "" + +# UPNP port forwarding +upnp = false + +# Path to address book +addr_book_file = "config/addrbook.json" + +# Set true for strict address routability rules +# Set false for private or local networks +addr_book_strict = true + +# Maximum number of inbound peers +max_num_inbound_peers = 40 + +# Maximum number of outbound peers to connect to, excluding persistent peers +max_num_outbound_peers = 10 + +# List of node IDs, to which a connection will be (re)established ignoring any existing limits +unconditional_peer_ids = "" + +# Maximum pause when redialing a persistent peer (if zero, exponential backoff is used) +persistent_peers_max_dial_period = "0s" + +# Time to wait before flushing messages out on the connection +flush_throttle_timeout = "100ms" + +# Maximum size of a message packet payload, in bytes +max_packet_msg_payload_size = 1024 + +# Rate at which packets can be sent, in bytes/second +send_rate = 5120000 + +# Rate at which packets can be received, in bytes/second +recv_rate = 5120000 + +# Set true to enable the peer-exchange reactor +pex = true + +# Seed mode, in which node constantly crawls the network and looks for +# peers. If another node asks it for addresses, it responds and disconnects. +# +# Does not work if the peer-exchange reactor is disabled. +seed_mode = false + +# Comma separated list of peer IDs to keep private (will not be gossiped to other peers) +private_peer_ids = "" + +# Toggle to disable guard against peers connecting from the same ip. +allow_duplicate_ip = false + +# Peer connection configuration. +handshake_timeout = "20s" +dial_timeout = "3s" + +####################################################### +### Mempool Configuration Option ### +####################################################### +[mempool] + +# Mempool version to use: +# 1) "v0" - FIFO mempool. +# 2) "v1" - (default) prioritized mempool. +# 3) "v2" - content addressable transaction pool +version = "v1" + +# Recheck (default: true) defines whether CometBFT should recheck the +# validity for all remaining transaction in the mempool after a block. +# Since a block affects the application state, some transactions in the +# mempool may become invalid. If this does not apply to your application, +# you can disable rechecking. +recheck = true +broadcast = true +wal_dir = "" + +# Maximum number of transactions in the mempool +size = 5000 + +# Limit the total size of all txs in the mempool. +# This only accounts for raw transactions (e.g. given 1MB transactions and +# max_txs_bytes=5MB, mempool will only accept 5 transactions). +max_txs_bytes = 39485440 + +# Size of the cache (used to filter transactions we saw earlier) in transactions +cache_size = 10000 + +# Do not remove invalid transactions from the cache (default: false) +# Set to true if it's not possible for any invalid transaction to become valid +# again in the future. +keep-invalid-txs-in-cache = false + +# Maximum size of a single transaction. +# NOTE: the max size of a tx transmitted over the network is {max_tx_bytes}. +max_tx_bytes = 7897088 + +# Maximum size of a batch of transactions to send to a peer +# Including space needed by encoding (one varint per transaction). +# XXX: Unused due to https://github.com/tendermint/tendermint/issues/5796 +max_batch_bytes = 0 + +# ttl-duration, if non-zero, defines the maximum amount of time a transaction +# can exist for in the mempool. +# +# Note, if ttl-num-blocks is also defined, a transaction will be removed if it +# has existed in the mempool at least ttl-num-blocks number of blocks or if it's +# insertion time into the mempool is beyond ttl-duration. +ttl-duration = "1m15s" + +# ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction +# can exist for in the mempool. +# +# Note, if ttl-duration is also defined, a transaction will be removed if it +# has existed in the mempool at least ttl-num-blocks number of blocks or if +# it's insertion time into the mempool is beyond ttl-duration. +ttl-num-blocks = 5 + +# max-gossip-delay is the maximum allotted time that the reactor expects a transaction to +# arrive before issuing a new request to a different peer +# Only applicable to the v2 / CAT mempool +# Default is 200ms +max-gossip-delay = "0s" + +####################################################### +### State Sync Configuration Options ### +####################################################### +[statesync] +# State sync rapidly bootstraps a new node by discovering, fetching, and restoring a state machine +# snapshot from peers instead of fetching and replaying historical blocks. Requires some peers in +# the network to take and serve state machine snapshots. State sync is not attempted if the node +# has any local state (LastBlockHeight > 0). The node will have a truncated block history, +# starting from the height of the snapshot. +enable = false + +# RPC servers (comma-separated) for light client verification of the synced state machine and +# retrieval of state data for node bootstrapping. Also needs a trusted height and corresponding +# header hash obtained from a trusted source, and a period during which validators can be trusted. +# +# For Cosmos SDK-based chains, trust_period should usually be about 2/3 of the unbonding time (~2 +# weeks) during which they can be financially punished (slashed) for misbehavior. +rpc_servers = "" +trust_height = 0 +trust_hash = "" +trust_period = "168h0m0s" + +# Time to spend discovering snapshots before initiating a restore. +discovery_time = "15s" + +# Temporary directory for state sync snapshot chunks, defaults to the OS tempdir (typically /tmp). +# Will create a new, randomly named directory within, and remove it when done. +temp_dir = "" + +# The timeout duration before re-requesting a chunk, possibly from a different +# peer (default: 1 minute). +chunk_request_timeout = "10s" + +# The number of concurrent chunk fetchers to run (default: 1). +chunk_fetchers = "4" + +####################################################### +### Fast Sync Configuration Connections ### +####################################################### +[fastsync] + +# Fast Sync version to use: +# 1) "v0" (default) - the legacy fast sync implementation +# "v1" and "v2" are disabled. They have been deprecated and will +# be completely removed in one of the upcoming releases +version = "v0" + +####################################################### +### Consensus Configuration Options ### +####################################################### +[consensus] + +# If set to "true", only internal messages will be +# written to the WAL. External messages like votes, proposal, +# block parts, will not be written. +only_internal_wal = "true" + +wal_file = "data/cs.wal/wal" + +# How long we wait for a proposal block before prevoting nil +timeout_propose = "10s" +# How much timeout_propose increases with each round +timeout_propose_delta = "500ms" +# How long we wait after receiving +2/3 prevotes for “anything” (ie. not a single block or nil) +timeout_prevote = "1s" +# How much the timeout_prevote increases with each round +timeout_prevote_delta = "500ms" +# How long we wait after receiving +2/3 precommits for “anything” (ie. not a single block or nil) +timeout_precommit = "1s" +# How much the timeout_precommit increases with each round +timeout_precommit_delta = "500ms" +# How long we wait after committing a block, before starting on the new +# height (this gives us a chance to receive some more precommits, even +# though we already have +2/3). +timeout_commit = "11s" + +# How many blocks to look back to check existence of the node's consensus votes before joining consensus +# When non-zero, the node will panic upon restart +# if the same consensus key was used to sign {double_sign_check_height} last blocks. +# So, validators should stop the state machine, wait for some blocks, and then restart the state machine to avoid panic. +double_sign_check_height = 0 + +# Make progress as soon as we have all the precommits (as if TimeoutCommit = 0) +skip_timeout_commit = false + +# EmptyBlocks mode and possible interval between empty blocks +create_empty_blocks = true +create_empty_blocks_interval = "0s" + +# Reactor sleep duration parameters +peer_gossip_sleep_duration = "100ms" +peer_query_maj23_sleep_duration = "2s" + +####################################################### +### Storage Configuration Options ### +####################################################### +[storage] + +# Set to true to discard ABCI responses from the state store, which can save a +# considerable amount of disk space. Set to false to ensure ABCI responses are +# persisted. ABCI responses are required for /block_results RPC queries, and to +# reindex events in the command-line tool. +discard_abci_responses = true + +####################################################### +### Transaction Indexer Configuration Options ### +####################################################### +[tx_index] + +# What indexer to use for transactions +# +# The application will set which txs to index. In some cases a node operator will be able +# to decide which txs to index based on configuration set in the application. +# +# Options: +# 1) "null" +# 2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend). +# - When "kv" is chosen "tx.height" and "tx.hash" will always be indexed. +# 3) "psql" - the indexer services backed by PostgreSQL. +# When "kv" or "psql" is chosen "tx.height" and "tx.hash" will always be indexed. +indexer = "null" + +# The PostgreSQL connection configuration, the connection format: +# postgresql://:@:/? +psql-conn = "" + +####################################################### +### Instrumentation Configuration Options ### +####################################################### +[instrumentation] + +# When true, Prometheus metrics are served under /metrics on +# PrometheusListenAddr. +# Check out the documentation for the list of available metrics. +prometheus = false + +# Address to listen for Prometheus collector(s) connections +prometheus_listen_addr = ":26660" + +# Maximum number of simultaneous connections. +# If you want to accept a larger number than the default, make sure +# you increase your OS limits. +# 0 - unlimited. +max_open_connections = 3 + +# Instrumentation namespace +namespace = "cometbft" + +# TracePushConfig is the relative path of the push config. +# This second config contains credentials for where and how often to +# push trace data to. For example, if the config is next to this config, +# it would be "push_config.json". +trace_push_config = "" + +# The tracer pull address specifies which address will be used for pull based +# event collection. If empty, the pull based server will not be started. +trace_pull_address = "" + +# The tracer to use for collecting trace data. +trace_type = "noop" + +# The size of the batches that are sent to the database. +trace_push_batch_size = 1000 + +# The list of tables that are updated when tracing. All available tables and +# their schema can be found in the pkg/trace/schema package. It is represented as a +# comma separate string. For example: "consensus_round_state,mempool_tx". +tracing_tables = "mempool_tx,mempool_peer_state,consensus_round_state,consensus_block_parts,consensus_block,consensus_vote" + +# The URL of the pyroscope instance to use for continuous profiling. +# If empty, continuous profiling is disabled. +pyroscope_url = "" + +# When true, tracing data is added to the continuous profiling +# performed by pyroscope. +pyroscope_trace = false + +# pyroscope_profile_types is a list of profile types to be traced with +# pyroscope. Available profile types are: cpu, alloc_objects, alloc_space, +# inuse_objects, inuse_space, goroutines, mutex_count, mutex_duration, +# block_count, block_duration. +pyroscope_profile_types = ["cpu", "alloc_objects", "inuse_objects", "goroutines", "mutex_count", "mutex_duration", "block_count", "block_duration", ] + diff --git a/scripts/config/node/v0.13.6/config.toml b/scripts/config/node/v0.13.6/config.toml new file mode 100644 index 0000000..3256da3 --- /dev/null +++ b/scripts/config/node/v0.13.6/config.toml @@ -0,0 +1,77 @@ +[Node] + StartupTimeout = "2m0s" + ShutdownTimeout = "2m0s" + +[Core] + IP = "" + RPCPort = "26657" + GRPCPort = "9090" + +[State] + KeyringAccName = "" + KeyringBackend = "test" + +[P2P] + ListenAddresses = ["/ip4/0.0.0.0/udp/2121/quic-v1/webtransport", "/ip6/::/udp/2121/quic-v1/webtransport", "/ip4/0.0.0.0/udp/2121/quic-v1", "/ip6/::/udp/2121/quic-v1", "/ip4/0.0.0.0/tcp/2121", "/ip6/::/tcp/2121"] + AnnounceAddresses = [] + NoAnnounceAddresses = ["/ip4/127.0.0.1/udp/2121/quic-v1/webtransport", "/ip4/0.0.0.0/udp/2121/quic-v1/webtransport", "/ip6/::/udp/2121/quic-v1/webtransport", "/ip4/0.0.0.0/udp/2121/quic-v1", "/ip4/127.0.0.1/udp/2121/quic-v1", "/ip6/::/udp/2121/quic-v1", "/ip4/0.0.0.0/tcp/2121", "/ip4/127.0.0.1/tcp/2121", "/ip6/::/tcp/2121"] + MutualPeers = [] + PeerExchange = true + RoutingTableRefreshPeriod = "1m0s" + [P2P.ConnManager] + Low = 800 + High = 1000 + GracePeriod = "1m0s" + +[RPC] + Address = "localhost" + Port = "26658" + SkipAuth = false + +[Gateway] + Address = "localhost" + Port = "26659" + Enabled = false + +[Share] + UseShareExchange = true + [Share.EDSStoreParams] + GCInterval = "0s" + RecentBlocksCacheSize = 10 + BlockstoreCacheSize = 128 + [Share.ShrExEDSParams] + ServerReadTimeout = "5s" + ServerWriteTimeout = "1m0s" + HandleRequestTimeout = "1m0s" + ConcurrencyLimit = 10 + BufferSize = 32768 + [Share.ShrExNDParams] + ServerReadTimeout = "5s" + ServerWriteTimeout = "1m0s" + HandleRequestTimeout = "1m0s" + ConcurrencyLimit = 10 + [Share.PeerManagerParams] + PoolValidationTimeout = "2m0s" + PeerCooldown = "3s" + GcInterval = "30s" + EnableBlackListing = false + [Share.Discovery] + PeersLimit = 5 + AdvertiseInterval = "1h0m0s" + +[Header] + TrustedHash = "" + TrustedPeers = [] + [Header.Store] + StoreCacheSize = 4096 + IndexCacheSize = 16384 + WriteBatchSize = 2048 + [Header.Syncer] + TrustingPeriod = "336h0m0s" + [Header.Server] + WriteDeadline = "8s" + ReadDeadline = "1m0s" + RangeRequestTimeout = "10s" + [Header.Client] + MaxHeadersPerRangeRequest = 64 + RangeRequestTimeout = "8s" diff --git a/scripts/convert_toml_to_template.sh b/scripts/convert_toml_to_template.sh new file mode 100755 index 0000000..9418571 --- /dev/null +++ b/scripts/convert_toml_to_template.sh @@ -0,0 +1,97 @@ +#!/bin/bash + +# Function to convert TOML to templated TOML +convert_toml_to_template() { + local toml_file=$1 + local node_type=$2 + local toml_output + local template_output + + echo "Converting TOML file: $toml_file to templated TOML" + + # Check if yq is installed + if ! command -v yq &> /dev/null; then + echo "yq could not be found. Please install yq to use this script." + exit 1 + fi + + # Read the TOML file remove all empty lines and all comments + toml_output=$(grep -v '^\s*$' "$toml_file" | grep -v '^\s*#') + + # Check if the TOML file was read successfully + if [ -z "$toml_output" ]; then + echo "The TOML file is empty or could not be read. Please check the TOML file." + exit 1 + fi + + # Convert TOML to templated TOML + template_output="" + current_section="" + file_base_name=$(basename "$toml_file" .toml)toml + while IFS= read -r line; do + leading_spaces=$(echo "$line" | sed -e 's/\(^[[:space:]]*\).*/\1/') + if [[ $line =~ ^[[:space:]]*([a-zA-Z0-9_-]+)\ =\ \"(.+)\"$ ]]; then + key="${BASH_REMATCH[1]}" + key_replaced="${key//-/_}" + current_section_replaced="${current_section//-/_}" + if [ -n "$current_section" ]; then + template_output+="${leading_spaces}$key = \"{{ .Values.${node_type}.config.${file_base_name}.${current_section_replaced}.$key_replaced }}\"\n" + else + template_output+="${leading_spaces}$key = \"{{ .Values.${node_type}.config.${file_base_name}.$key_replaced }}\"\n" + fi + elif [[ $line =~ ^[[:space:]]*([a-zA-Z0-9_-]+)\ =\ \[(.+)\]$ ]]; then + key="${BASH_REMATCH[1]}" + key_replaced="${key//-/_}" + current_section_replaced="${current_section//-/_}" + if [ -n "$current_section" ]; then + template_output+="${leading_spaces}$key = [{{ range \$index, \$element := .Values.${node_type}.config.${file_base_name}.${current_section_replaced}.$key_replaced }}{{ if \$index }}, {{ end }}\"{{ \$element }}\"{{ end }}]\n" + else + template_output+="${leading_spaces}$key = [{{ range \$index, \$element := .Values.${node_type}.config.${file_base_name}.$key_replaced }}{{ if \$index }}, {{ end }}\"{{ \$element }}\"{{ end }}]\n" + fi + elif [[ $line =~ ^[[:space:]]*([a-zA-Z0-9_-]+)\ =\ (.+)$ ]]; then + key="${BASH_REMATCH[1]}" + value="${BASH_REMATCH[2]}" + key_replaced="${key//-/_}" + current_section_replaced="${current_section//-/_}" + if [[ $value =~ ^\".*\"$ ]]; then + if [ -n "$current_section" ]; then + template_output+="${leading_spaces}$key = \"{{ .Values.${node_type}.config.${file_base_name}.${current_section_replaced}.$key_replaced }}\"\n" + else + template_output+="${leading_spaces}$key = \"{{ .Values.${node_type}.config.${file_base_name}.$key_replaced }}\"\n" + fi + else + if [[ $value =~ ^[0-9]+$ ]]; then + if [ -n "$current_section" ]; then + template_output+="${leading_spaces}$key = {{ printf \"%.0f\" .Values.${node_type}.config.${file_base_name}.${current_section_replaced}.$key_replaced }}\n" + else + template_output+="${leading_spaces}$key = {{ printf \"%.0f\" .Values.${node_type}.config.${file_base_name}.$key_replaced }}\n" + fi + else + if [ -n "$current_section" ]; then + template_output+="${leading_spaces}$key = {{ .Values.${node_type}.config.${file_base_name}.${current_section_replaced}.$key_replaced }}\n" + else + template_output+="${leading_spaces}$key = {{ .Values.${node_type}.config.${file_base_name}.$key_replaced }}\n" + fi + fi + fi + elif [[ $line =~ ^[[:space:]]*\[([a-zA-Z0-9_.-]+)\]$ ]]; then + current_section="${BASH_REMATCH[1]}" + current_section_replaced="${current_section//-/_}" + template_output+="${leading_spaces}[${current_section_replaced}]\n" + else + template_output+="$line\n" + fi + done <<< "$toml_output" + + # Print the templated TOML output, stripping down all empty lines + echo -e "$template_output" | sed '/^\s*]$/d' +} + +# Check if the correct number of arguments is provided +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Call the function with the provided TOML file +convert_toml_to_template "$1" "$2" diff --git a/scripts/convert_toml_to_yaml.sh b/scripts/convert_toml_to_yaml.sh new file mode 100755 index 0000000..fd94d70 --- /dev/null +++ b/scripts/convert_toml_to_yaml.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Function to convert TOML to YAML +convert_toml_to_yaml() { + local toml_file=$1 + local yaml_output + + echo "Converting TOML file: $toml_file" + + # Check if yq and jq are installed + if ! command -v yq &> /dev/null; then + echo "yq could not be found. Please install yq to use this script." + exit 1 + fi + + if ! command -v jq &> /dev/null; then + echo "jq could not be found. Please install jq to use this script." + exit 1 + fi + + # Convert TOML to YAML using yq + yaml_output=$(yq eval -o=json "$toml_file" | jq 'walk(if type == "object" then with_entries(.key |= gsub("-"; "_")) else . end)' | yq eval -P) + + # Check if yq produced any output + if [ -z "$yaml_output" ]; then + echo "yq did not produce any output. Please check the TOML file." + exit 1 + fi + + # Print the YAML output + echo "$yaml_output" +} + +# Check if the correct number of arguments is provided +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Call the function with the provided TOML file +convert_toml_to_yaml "$1" diff --git a/scripts/extract_configs.sh b/scripts/extract_configs.sh new file mode 100755 index 0000000..0b0ce03 --- /dev/null +++ b/scripts/extract_configs.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +# Check if the correct number of arguments are provided +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Check if Docker is installed +if ! command -v docker &> /dev/null; then + echo "Docker is not installed. Please install Docker and try again." + exit 1 +fi + +# Assign arguments to variables +CELESTIA_APP_VERSION=$1 +CELESTIA_NODE_VERSION=$2 + +# Generate unique container names +APP_CONTAINER_NAME="celestia-app-container-$(date +%s)" +NODE_CONTAINER_NAME="celestia-node-container-$(date +%s)" + +# Start the celestia-app container with the specified version and keep it running +docker run -d --name $APP_CONTAINER_NAME --entrypoint tail ghcr.io/celestiaorg/celestia-app:$CELESTIA_APP_VERSION -f /dev/null + +# Execute the command in the celestia-app container +docker exec $APP_CONTAINER_NAME celestia-appd init app --chain-id celestia + +# Create a directory named as the version in the scripts/config/app folder +SCRIPT_DIR=$(dirname "$0") +APP_CONFIG_DIR="$SCRIPT_DIR/config/app/$CELESTIA_APP_VERSION" +mkdir -p $APP_CONFIG_DIR + +# Copy the config files from the celestia-app container to the folder +docker cp $APP_CONTAINER_NAME:/home/celestia/.celestia-app/config/app.toml $APP_CONFIG_DIR +docker cp $APP_CONTAINER_NAME:/home/celestia/.celestia-app/config/client.toml $APP_CONFIG_DIR +docker cp $APP_CONTAINER_NAME:/home/celestia/.celestia-app/config/config.toml $APP_CONFIG_DIR + +# Stop and remove the celestia-app container in the background +docker stop $APP_CONTAINER_NAME +docker rm $APP_CONTAINER_NAME + +echo "Config files for celestia-app version $CELESTIA_APP_VERSION have been extracted to $APP_CONFIG_DIR" + +# Start the celestia-node container with the specified version and keep it running +docker run -d --name $NODE_CONTAINER_NAME --entrypoint tail ghcr.io/celestiaorg/celestia-node:$CELESTIA_NODE_VERSION -f /dev/null + +# Execute the command in the celestia-node container +docker exec $NODE_CONTAINER_NAME celestia bridge init + +# Create a directory named as the version in the scripts/config/node folder +NODE_CONFIG_DIR="$SCRIPT_DIR/config/node/$CELESTIA_NODE_VERSION" +mkdir -p $NODE_CONFIG_DIR + +# Copy the config file from the celestia-node container to the folder +docker cp $NODE_CONTAINER_NAME:/home/celestia/.celestia-bridge/config.toml $NODE_CONFIG_DIR + +# Stop and remove the celestia-node container in the background +docker stop $NODE_CONTAINER_NAME +docker rm $NODE_CONTAINER_NAME + +echo "Config files for celestia-node version $CELESTIA_NODE_VERSION have been extracted to $NODE_CONFIG_DIR" From 716702c9c819766d096ac967412699e14c32bed3 Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Wed, 12 Jun 2024 13:31:27 +0200 Subject: [PATCH 2/8] fix: remove not needed files and add gen helm docs script Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- charts/README.md | 223 ----- charts/celestia-app/README.md | 37 +- charts/celestia-node/README.md | 15 +- charts/template/.helmignore | 23 - charts/template/CHART_NAME/.helmignore | 21 - charts/template/CHART_NAME/Chart.yaml | 34 - charts/template/CHART_NAME/README.md | 223 ----- .../template/CHART_NAME/templates/NOTES.txt | 33 - .../CHART_NAME/templates/_helpers.tpl | 61 -- .../templates/clusterrolebinding.yaml | 22 - .../CHART_NAME/templates/configmap.yaml | 18 - .../CHART_NAME/templates/daemonset.yaml | 172 ---- .../CHART_NAME/templates/deployment.yaml | 189 ---- .../CHART_NAME/templates/extra-list.yaml | 9 - charts/template/CHART_NAME/templates/hpa.yaml | 49 - .../CHART_NAME/templates/ingress.yaml | 60 -- .../CHART_NAME/templates/networkpolicy.yaml | 68 -- charts/template/CHART_NAME/templates/pdb.yaml | 29 - charts/template/CHART_NAME/templates/pvc.yaml | 33 - .../template/CHART_NAME/templates/role.yaml | 28 - .../template/CHART_NAME/templates/secret.yaml | 18 - .../CHART_NAME/templates/service-account.yaml | 19 - .../CHART_NAME/templates/service.yaml | 54 -- .../CHART_NAME/templates/servicemonitor.yaml | 47 - .../CHART_NAME/templates/statefulset.yaml | 217 ----- .../CHART_NAME/templates/tls-secret.yaml | 46 - charts/template/CHART_NAME/values.yaml | 838 ------------------ charts/template/README.md | 42 - scripts/gen_helm_docs.sh | 9 + 29 files changed, 34 insertions(+), 2603 deletions(-) delete mode 100644 charts/README.md delete mode 100644 charts/template/.helmignore delete mode 100644 charts/template/CHART_NAME/.helmignore delete mode 100644 charts/template/CHART_NAME/Chart.yaml delete mode 100644 charts/template/CHART_NAME/README.md delete mode 100644 charts/template/CHART_NAME/templates/NOTES.txt delete mode 100644 charts/template/CHART_NAME/templates/_helpers.tpl delete mode 100644 charts/template/CHART_NAME/templates/clusterrolebinding.yaml delete mode 100644 charts/template/CHART_NAME/templates/configmap.yaml delete mode 100644 charts/template/CHART_NAME/templates/daemonset.yaml delete mode 100644 charts/template/CHART_NAME/templates/deployment.yaml delete mode 100644 charts/template/CHART_NAME/templates/extra-list.yaml delete mode 100644 charts/template/CHART_NAME/templates/hpa.yaml delete mode 100644 charts/template/CHART_NAME/templates/ingress.yaml delete mode 100644 charts/template/CHART_NAME/templates/networkpolicy.yaml delete mode 100644 charts/template/CHART_NAME/templates/pdb.yaml delete mode 100644 charts/template/CHART_NAME/templates/pvc.yaml delete mode 100644 charts/template/CHART_NAME/templates/role.yaml delete mode 100644 charts/template/CHART_NAME/templates/secret.yaml delete mode 100644 charts/template/CHART_NAME/templates/service-account.yaml delete mode 100644 charts/template/CHART_NAME/templates/service.yaml delete mode 100644 charts/template/CHART_NAME/templates/servicemonitor.yaml delete mode 100644 charts/template/CHART_NAME/templates/statefulset.yaml delete mode 100644 charts/template/CHART_NAME/templates/tls-secret.yaml delete mode 100644 charts/template/CHART_NAME/values.yaml delete mode 100644 charts/template/README.md create mode 100755 scripts/gen_helm_docs.sh diff --git a/charts/README.md b/charts/README.md deleted file mode 100644 index 5a7b55b..0000000 --- a/charts/README.md +++ /dev/null @@ -1,223 +0,0 @@ - - -# celestia-app - -Celestia App - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/celestia-app -``` - -Looking to use celestia-app in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -%%INTRODUCTION%% (check existing examples) - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys celestia-app on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### External database support - -%%IF NEEDED%% - -You may want to have celestia-app connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: - -```console -mariadb.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.database=mydatabase -externalDatabase.port=3306 -``` - -### Ingress - -%%IF NEEDED%% - -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. - -The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. - -However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. - -> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. - -Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. - -[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). - -### TLS secrets - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### %%OTHER_SECTIONS%% - -### Additional environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -celestia-app: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars - -If additional containers are needed in the same pod as celestia-app (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app) image stores the celestia-app data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Parameters - -See to create the table - -The above parameters map to the env variables defined in [bitnami/celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app). For more information please refer to the [bitnami/celestia-app](https://github.com/bitnami/containers/tree/main/bitnami/celestia-app) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set celestia-appUsername=admin \ - --set celestia-appPassword=password \ - --set mariadb.auth.rootPassword=secretpassword \ - oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the celestia-app administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/celestia-app -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/charts/celestia-app/README.md b/charts/celestia-app/README.md index 7f64db7..6f81238 100644 --- a/charts/celestia-app/README.md +++ b/charts/celestia-app/README.md @@ -1,6 +1,6 @@ # celestia-app -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v1.9.0](https://img.shields.io/badge/AppVersion-v1.9.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v1.10.1](https://img.shields.io/badge/AppVersion-v1.10.1-informational?style=flat-square) Celestia App @@ -94,6 +94,7 @@ Celestia App | app.config.configtoml.consensus.create_empty_blocks | bool | `true` | | | app.config.configtoml.consensus.create_empty_blocks_interval | string | `"0s"` | | | app.config.configtoml.consensus.double_sign_check_height | int | `0` | | +| app.config.configtoml.consensus.only_internal_wal | string | `"true"` | | | app.config.configtoml.consensus.peer_gossip_sleep_duration | string | `"100ms"` | | | app.config.configtoml.consensus.peer_query_maj23_sleep_duration | string | `"2s"` | | | app.config.configtoml.consensus.skip_timeout_commit | bool | `false` | | @@ -111,18 +112,6 @@ Celestia App | app.config.configtoml.fastsync.version | string | `"v0"` | | | app.config.configtoml.filter_peers | bool | `false` | | | app.config.configtoml.genesis_file | string | `"config/genesis.json"` | | -| app.config.configtoml.instrumentation.influx_batch_size | int | `20` | | -| app.config.configtoml.instrumentation.influx_bucket | string | `"e2e"` | | -| app.config.configtoml.instrumentation.influx_org | string | `"celestia"` | | -| app.config.configtoml.instrumentation.influx_tables[0] | string | `"mempool_tx"` | | -| app.config.configtoml.instrumentation.influx_tables[1] | string | `"mempool_peer_state"` | | -| app.config.configtoml.instrumentation.influx_tables[2] | string | `"mempool_rejected"` | | -| app.config.configtoml.instrumentation.influx_tables[3] | string | `"consensus_round_state"` | | -| app.config.configtoml.instrumentation.influx_tables[4] | string | `"consensus_block_parts"` | | -| app.config.configtoml.instrumentation.influx_tables[5] | string | `"consensus_block"` | | -| app.config.configtoml.instrumentation.influx_tables[6] | string | `"consensus_vote"` | | -| app.config.configtoml.instrumentation.influx_token | string | `""` | | -| app.config.configtoml.instrumentation.influx_url | string | `""` | | | app.config.configtoml.instrumentation.max_open_connections | int | `3` | | | app.config.configtoml.instrumentation.namespace | string | `"cometbft"` | | | app.config.configtoml.instrumentation.prometheus | bool | `false` | | @@ -132,11 +121,14 @@ Celestia App | app.config.configtoml.instrumentation.pyroscope_profile_types[2] | string | `"inuse_objects"` | | | app.config.configtoml.instrumentation.pyroscope_profile_types[3] | string | `"goroutines"` | | | app.config.configtoml.instrumentation.pyroscope_profile_types[4] | string | `"mutex_count"` | | -| app.config.configtoml.instrumentation.pyroscope_profile_types[5] | string | `"mutex_duration"` | | -| app.config.configtoml.instrumentation.pyroscope_profile_types[6] | string | `"block_count"` | | -| app.config.configtoml.instrumentation.pyroscope_profile_types[7] | string | `"block_duration"` | | +| app.config.configtoml.instrumentation.pyroscope_profile_types[5] | string | `"mutex_duration - block_count - block_duration"` | | | app.config.configtoml.instrumentation.pyroscope_trace | bool | `false` | | | app.config.configtoml.instrumentation.pyroscope_url | string | `""` | | +| app.config.configtoml.instrumentation.trace_pull_address | string | `""` | | +| app.config.configtoml.instrumentation.trace_push_batch_size | int | `1000` | | +| app.config.configtoml.instrumentation.trace_push_config | string | `""` | | +| app.config.configtoml.instrumentation.trace_type | string | `"noop"` | | +| app.config.configtoml.instrumentation.tracing_tables | string | `"mempool_tx,mempool_peer_state,consensus_round_state,consensus_block_parts,consensus_block,consensus_vote"` | | | app.config.configtoml.log_format | string | `"plain"` | | | app.config.configtoml.log_level | string | `"info"` | | | app.config.configtoml.mempool.broadcast | bool | `true` | | @@ -246,11 +238,11 @@ Celestia App | app.extraVolumeMounts | list | `[]` | | | app.extraVolumes | list | `[]` | | | app.hostAliases | list | `[]` | | -| app.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-app","tag":"v1.9.0"}` | image parameters for the image | +| app.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-app","tag":"v1.10.1"}` | image parameters for the image | | app.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image, IfNotPresent by default | | app.image.registry | string | `"ghcr.io"` | registry for the image, GitHub Container Registry by default | | app.image.repository | string | `"celestiaorg/celestia-app"` | repository for the image, celestiaorg/celestia-app by default | -| app.image.tag | string | `"v1.9.0"` | tag for the image, v1.9.0 by default | +| app.image.tag | string | `"v1.10.1"` | tag for the image, v1.9.0 by default | | app.initContainers | list | `[]` | | | app.lifecycleHooks | object | `{}` | | | app.livenessProbe | object | `{"enabled":false,"failureThreshold":3,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | liveness probe for the app | @@ -270,10 +262,12 @@ Celestia App | app.otelAgent.grafanaOtelSecret.name | string | `"SET_IT"` | name of the grafana otel secret, it must be set | | app.otelAgent.image | object | `{"digest":"","pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib","tag":"0.102.0"}` | image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default | | app.otelAgent.resources | object | `{}` | | -| app.otelAgent.resourcesPreset | string | `"nano"` | | +| app.otelAgent.resourcesPreset | string | `"micro"` | | | app.pdb.create | bool | `false` | | | app.pdb.maxUnavailable | string | `""` | | | app.pdb.minAvailable | int | `1` | | +| app.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` | | +| app.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` | | | app.podAffinityPreset | string | `""` | | | app.podAnnotations | object | `{}` | | | app.podAntiAffinityPreset | string | `"soft"` | | @@ -301,9 +295,10 @@ Celestia App | app.resources.requests.memory | string | `"8Gi"` | memory requests for the app, 8Gi by default | | app.resourcesPreset | string | `"nano"` | more information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | | app.schedulerName | string | `""` | | -| app.settings.genesisURL | string | `"SET_IT"` | genesis URL for the celestia-app, it must be set | +| app.settings.generateNewKeys | bool | `true` | | +| app.settings.genesisURL | string | `""` | genesis URL for the celestia-app, it must be set | | app.settings.home | string | `"/home/celestia"` | home directory for the celestia-app, defaults to /home/celestia | -| app.settings.secret.name | string | `"SET_IT"` | name of the secret, it must be set | +| app.settings.secret.name | string | `""` | name of the secret, it must be set | | app.sidecars | list | `[]` | | | app.startupProbe | object | `{"enabled":false,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | startup probe for the app | | app.startupProbe.enabled | bool | `false` | enable startup probe on app containers, false by default | diff --git a/charts/celestia-node/README.md b/charts/celestia-node/README.md index 8aa6776..bcbbc54 100644 --- a/charts/celestia-node/README.md +++ b/charts/celestia-node/README.md @@ -58,12 +58,13 @@ Celestia Node | node.affinity | object | `{}` | | | node.args[0] | string | `"bridge"` | | | node.args[1] | string | `"start"` | | -| node.args[2] | string | `"--node.store=\"$(CELESTIA_HOME)\""` | | +| node.args[2] | string | `"--node.store=$(CELESTIA_HOME)"` | | | node.args[3] | string | `"--metrics"` | | | node.args[4] | string | `"--metrics.tls=false"` | | | node.args[5] | string | `"--p2p.metrics"` | | | node.automountServiceAccountToken | bool | `false` | mount service account token in node pods | -| node.command | list | `["/bin/celestia"]` | command for the celestia-node | +| node.command | list | `["celestia"]` | command for the celestia-node | +| node.command[0] | string | `"celestia"` | celestia | | node.config.configtoml.Core.GRPCPort | string | `"9090"` | | | node.config.configtoml.Core.IP | string | `""` | | | node.config.configtoml.Core.RPCPort | string | `"26657"` | | @@ -165,11 +166,11 @@ Celestia Node | node.extraVolumeMounts | list | `[]` | | | node.extraVolumes | list | `[]` | | | node.hostAliases | list | `[]` | | -| node.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-node","tag":"v1.9.0"}` | image parameters for the image | +| node.image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"celestiaorg/celestia-node","tag":"v0.13.6"}` | image parameters for the image | | node.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image, IfNotPresent by default | | node.image.registry | string | `"ghcr.io"` | registry for the image, GitHub Container Registry by default | | node.image.repository | string | `"celestiaorg/celestia-node"` | repository for the image, celestiaorg/celestia-node by default | -| node.image.tag | string | `"v1.9.0"` | tag for the image, v1.9.0 by default | +| node.image.tag | string | `"v0.13.6"` | tag for the image, v0.13.6 by default | | node.initContainers | list | `[]` | | | node.lifecycleHooks | object | `{}` | | | node.livenessProbe | object | `{"enabled":false,"failureThreshold":3,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | liveness probe for the node | @@ -183,16 +184,18 @@ Celestia Node | node.nodeAffinityPreset.type | string | `""` | | | node.nodeAffinityPreset.values | list | `[]` | | | node.nodeSelector | object | `{}` | | -| node.otelAgent.config | object | `{"exporters":{"otlphttp":{"auth":{"authenticator":"basicauth/otlp"},"endpoint":"https://otlp-gateway-prod-us-central-0.grafana.net/otlp"},"prometheus":{"endpoint":"localhost:8889"}},"extensions":{"basicauth/otlp":{"client_auth":{"password":"${GRAFANA_OTEL_TOKEN}","username":"${GRAFANA_OTEL_USERNAME}"}}},"receivers":{"otlp":{"protocols":{"grpc":{"endpoint":"localhost:4317"},"http":{"endpoint":"localhost:4318"}}},"prometheus":{"config":{"scrape_configs":[{"job_name":"${JOB_NAME}","scrape_interval":"10s","static_configs":[{"targets":["localhost:26660"]}]}]}}},"service":{"extensions":["basicauth/otlp"],"pipelines":{"metrics":{"exporters":["otlphttp","prometheus"],"receivers":["otlp","prometheus"]}},"telemetry":{"logs":{"level":"INFO"},"metrics":{"address":"localhost:8888","level":"basic"}}}}` | config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) | +| node.otelAgent.config | object | `{"exporters":{"otlphttp":{"auth":{"authenticator":"basicauth/otlp"},"endpoint":"https://otlp-gateway-prod-us-central-0.grafana.net/otlp"},"prometheus":{"endpoint":"localhost:8889"}},"extensions":{"basicauth/otlp":{"client_auth":{"password":"${GRAFANA_OTEL_TOKEN}","username":"${GRAFANA_OTEL_USERNAME}"}}},"receivers":{"otlp":{"protocols":{"grpc":{"endpoint":"localhost:4317"},"http":{"endpoint":"localhost:4318"}}},"prometheus":{"config":{"scrape_configs":[{"job_name":"${JOB_NAME}","scrape_interval":"10s","static_configs":[{"targets":["localhost:8890"]}]}]}}},"service":{"extensions":["basicauth/otlp"],"pipelines":{"metrics":{"exporters":["otlphttp","prometheus"],"receivers":["otlp","prometheus"]}},"telemetry":{"logs":{"level":"INFO"},"metrics":{"address":"localhost:8888","level":"basic"}}}}` | config for the otel agent (See: https://opentelemetry.io/docs/collector/configuration/) | | node.otelAgent.enabled | bool | `false` | enable otel agent for the node, false by default | | node.otelAgent.grafanaOtelSecret | object | `{"name":"SET_IT"}` | grafana otel secret for the node | | node.otelAgent.grafanaOtelSecret.name | string | `"SET_IT"` | name of the grafana otel secret, it must be set | | node.otelAgent.image | object | `{"digest":"","pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib","tag":"0.102.0"}` | image for the otel agent, ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.102.0 by default | | node.otelAgent.resources | object | `{}` | | -| node.otelAgent.resourcesPreset | string | `"nano"` | | +| node.otelAgent.resourcesPreset | string | `"micro"` | | | node.pdb.create | bool | `false` | | | node.pdb.maxUnavailable | string | `""` | | | node.pdb.minAvailable | int | `1` | | +| node.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` | | +| node.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` | | | node.podAffinityPreset | string | `""` | | | node.podAnnotations | object | `{}` | | | node.podAntiAffinityPreset | string | `"soft"` | | diff --git a/charts/template/.helmignore b/charts/template/.helmignore deleted file mode 100644 index fb56657..0000000 --- a/charts/template/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ diff --git a/charts/template/CHART_NAME/.helmignore b/charts/template/CHART_NAME/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/charts/template/CHART_NAME/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/template/CHART_NAME/Chart.yaml b/charts/template/CHART_NAME/Chart.yaml deleted file mode 100644 index 876cdcb..0000000 --- a/charts/template/CHART_NAME/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -annotations: - category: %%CHOOSE_ONE_FROM_CHART_CATEGORIES_FILE%% - licenses: Apache-2.0 -apiVersion: v2 -appVersion: %%UPSTREAM_PROJECT_VERSION%% -dependencies: - - condition: SUBCHART_NAME.enabled - name: SUBCHART_NAME - repository: oci://registry-1.docker.io/bitnamicharts - version: %%MAJOR_SUBCHART_VERSION_(A.X.X)%% - - name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: %%DESCRIPTION%% -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/%%IMAGE_NAME%%/img/%%IMAGE_NAME%%-stack-220x234.png -keywords: - - %%UPSTREAM_PROJECT_KEYWORD%% - - %%UPSTREAM_PROJECT_KEYWORD%% - - ... -maintainers: - - name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: %%CHART_NAME%% -sources: - - https://github.com/bitnami/containers/tree/main/bitnami/%%IMAGE_NAME%% - - %%UPSTREAM_PROJECT_SOURCE_CODE_URL%% - - ... -version: 0.1.0 diff --git a/charts/template/CHART_NAME/README.md b/charts/template/CHART_NAME/README.md deleted file mode 100644 index d3ed659..0000000 --- a/charts/template/CHART_NAME/README.md +++ /dev/null @@ -1,223 +0,0 @@ - - -# %%CHART_NAME%% - -%%DESCRIPTION%% (check existing examples) - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/%%CHART_NAME%% -``` - -Looking to use %%CHART_NAME%% in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Introduction - -%%INTRODUCTION%% (check existing examples) - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys %%CHART_NAME%% on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### External database support - -%%IF NEEDED%% - -You may want to have %%CHART_NAME%% connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: - -```console -mariadb.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.database=mydatabase -externalDatabase.port=3306 -``` - -### Ingress - -%%IF NEEDED%% - -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. - -The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. - -However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. - -> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. - -Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. - -[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). - -### TLS secrets - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### %%OTHER_SECTIONS%% - -### Additional environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -%%CHART_NAME%%: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars - -If additional containers are needed in the same pod as %%CHART_NAME%% (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: - -```yaml -service: - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. - -If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). - -### Pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami %%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image stores the %%CHART_NAME%% data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Parameters - -See to create the table - -The above parameters map to the env variables defined in [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%). For more information please refer to the [bitnami/%%CHART_NAME%%](https://github.com/bitnami/containers/tree/main/bitnami/%%CHART_NAME%%) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set %%CHART_NAME%%Username=admin \ - --set %%CHART_NAME%%Password=password \ - --set mariadb.auth.rootPassword=secretpassword \ - oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the %%CHART_NAME%% administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/%%CHART_NAME%% -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/charts/template/CHART_NAME/templates/NOTES.txt b/charts/template/CHART_NAME/templates/NOTES.txt deleted file mode 100644 index 1421956..0000000 --- a/charts/template/CHART_NAME/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - %%ENTRYPOINT and CMD from main container%% - -{{- else }} - -%%Instructions to access the application depending on the serviceType and other considerations%% - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.%%MAIN_OBJECT_BLOCK%%.image }} -{{- include "common.warnings.rollingTag" .Values.%%OTHER_OBJECT_BLOCK%%.image }} -{{- include "%%TEMPLATE_NAME%%.validateValues" . }} diff --git a/charts/template/CHART_NAME/templates/_helpers.tpl b/charts/template/CHART_NAME/templates/_helpers.tpl deleted file mode 100644 index eaf8004..0000000 --- a/charts/template/CHART_NAME/templates/_helpers.tpl +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* -Return the proper %%MAIN_OBJECT_BLOCK%% image name -*/}} -{{- define "%%TEMPLATE_NAME%%.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.%%MAIN_OBJECT_BLOCK%%.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "%%TEMPLATE_NAME%%.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "%%TEMPLATE_NAME%%.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.%%MAIN_OBJECT_BLOCK%%.image .Values.%%SECONDARY_OBJECT_BLOCK%%.image .Values.volumePermissions.image) "context" $) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "%%TEMPLATE_NAME%%.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -*/}} -{{- define "%%TEMPLATE_NAME%%.ingress.certManagerRequest" -}} -{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "%%TEMPLATE_NAME%%.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.foo" .) -}} -{{- $messages := append $messages (include "%%TEMPLATE_NAME%%.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} diff --git a/charts/template/CHART_NAME/templates/clusterrolebinding.yaml b/charts/template/CHART_NAME/templates/clusterrolebinding.yaml deleted file mode 100644 index 07e011c..0000000 --- a/charts/template/CHART_NAME/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} diff --git a/charts/template/CHART_NAME/templates/configmap.yaml b/charts/template/CHART_NAME/templates/configmap.yaml deleted file mode 100644 index bb2fe98..0000000 --- a/charts/template/CHART_NAME/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - %%CONFIG_FILE_NAME%%: | - # Config file diff --git a/charts/template/CHART_NAME/templates/daemonset.yaml b/charts/template/CHART_NAME/templates/daemonset.yaml deleted file mode 100644 index bbcac35..0000000 --- a/charts/template/CHART_NAME/templates/daemonset.yaml +++ /dev/null @@ -1,172 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} - updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - template: - metadata: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - spec: - {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} - priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} - securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - %%commands%% - {{- if .Values.volumePermissions.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: %%CONTAINER_NAME%% - image: {{ template "%%TEMPLATE_NAME%%.image" . }} - imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: foo - value: bar - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: foo - protocol: bar - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} - resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} - {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - readOnly: true - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/charts/template/CHART_NAME/templates/deployment.yaml b/charts/template/CHART_NAME/templates/deployment.yaml deleted file mode 100644 index 939a4ea..0000000 --- a/charts/template/CHART_NAME/templates/deployment.yaml +++ /dev/null @@ -1,189 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.deploymentAnnotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} - replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} - strategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - template: - metadata: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - spec: - {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} - priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }} - schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} - securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - {{- if .Values.volumePermissions.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: %%CONTAINER_NAME%% - image: {{ template "%%TEMPLATE_NAME%%.image" . }} - imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: foo - value: bar - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} - resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} - {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} - - name: https - containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/charts/template/CHART_NAME/templates/extra-list.yaml b/charts/template/CHART_NAME/templates/extra-list.yaml deleted file mode 100644 index 329f5c6..0000000 --- a/charts/template/CHART_NAME/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/hpa.yaml b/charts/template/CHART_NAME/templates/hpa.yaml deleted file mode 100644 index 19ece7c..0000000 --- a/charts/template/CHART_NAME/templates/hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" . }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "common.names.fullname" . }} - minReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.minReplicas }} - maxReplicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.maxReplicas }} - metrics: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.worker.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.worker.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/ingress.yaml b/charts/template/CHART_NAME/templates/ingress.yaml deleted file mode 100644 index 3d03fb5..0000000 --- a/charts/template/CHART_NAME/templates/ingress.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.ingress.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.ingress.annotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/networkpolicy.yaml b/charts/template/CHART_NAME/templates/networkpolicy.yaml deleted file mode 100644 index 09ef6f3..0000000 --- a/charts/template/CHART_NAME/templates/networkpolicy.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - policyTypes: - - Ingress - - Egress - egress: - {{- if .Values.networkPolicy.allowExternalEgress }} - - {} - {{- else }} - - ports: - # Allow dns resolution - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - - ports: - - port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} - - port: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/pdb.yaml b/charts/template/CHART_NAME/templates/pdb.yaml deleted file mode 100644 index 7e0b7f1..0000000 --- a/charts/template/CHART_NAME/templates/pdb.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- $replicaCount := int .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} -{{- if and .Values.%%MAIN_OBJECT_BLOCK%%.pdb.create (or (gt $replicaCount 1) .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled) }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }} - minAvailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.minAvailable }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.%%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% -{{- end }} diff --git a/charts/template/CHART_NAME/templates/pvc.yaml b/charts/template/CHART_NAME/templates/pvc.yaml deleted file mode 100644 index 3cc766a..0000000 --- a/charts/template/CHART_NAME/templates/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.persistence.annotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/charts/template/CHART_NAME/templates/role.yaml b/charts/template/CHART_NAME/templates/role.yaml deleted file mode 100644 index 31e70b9..0000000 --- a/charts/template/CHART_NAME/templates/role.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{ if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - # TODO: Update resources and verbs to the proper values for the application cases - - apiGroups: [""] - resources: ["*"] - verbs: ["*"] - - apiGroups: [""] - resources: ["*"] - verbs: ["*"] - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/secret.yaml b/charts/template/CHART_NAME/templates/secret.yaml deleted file mode 100644 index eaf29b5..0000000 --- a/charts/template/CHART_NAME/templates/secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - password-key: b64-password-value diff --git a/charts/template/CHART_NAME/templates/service-account.yaml b/charts/template/CHART_NAME/templates/service-account.yaml deleted file mode 100644 index b52fb98..0000000 --- a/charts/template/CHART_NAME/templates/service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "%%TEMPLATE_NAME%%.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/service.yaml b/charts/template/CHART_NAME/templates/service.yaml deleted file mode 100644 index 685a52a..0000000 --- a/charts/template/CHART_NAME/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: %%PORT_NAME%% - port: {{ .Values.service.ports.http }} - {{- if not (eq .Values.service.ports.http .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http) }} - targetPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} - {{- end }} - protocol: bar - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) | fromYaml }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% diff --git a/charts/template/CHART_NAME/templates/servicemonitor.yaml b/charts/template/CHART_NAME/templates/servicemonitor.yaml deleted file mode 100644 index 15c8e69..0000000 --- a/charts/template/CHART_NAME/templates/servicemonitor.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - endpoints: - - port: tcp-metrics - path: "/metrics" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} -{{- end }} diff --git a/charts/template/CHART_NAME/templates/statefulset.yaml b/charts/template/CHART_NAME/templates/statefulset.yaml deleted file mode 100644 index ecd9e1d..0000000 --- a/charts/template/CHART_NAME/templates/statefulset.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if or .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.%%MAIN_OBJECT_BLOCK%%.autoscaling.enabled }} - replicas: {{ .Values.%%MAIN_OBJECT_BLOCK%%.replicaCount }} - {{- end }} - podManagementPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.podManagementPolicy | quote }} - {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.%%MAIN_OBJECT_BLOCK%%.podLabels .Values.commonLabels) "context" .) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - serviceName: {{ template "common.names.fullname" . }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy }} - updateStrategy: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - spec: - {{- include "%%TEMPLATE_NAME%%.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "%%TEMPLATE_NAME%%.serviceAccountName" . }} - automountServiceAccountToken: {{ .Values.%%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset "component" "%%COMPONENT_NAME%%" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type "key" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key "values" .Values.%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName }} - priorityClassName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.priorityClassName | quote }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName }} - schedulerName: {{ .Values.%%MAIN_OBJECT_BLOCK%%.schedulerName | quote }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled }} - securityContext: {{- omit .Values.%%MAIN_OBJECT_BLOCK%%.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.%%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "%%TEMPLATE_NAME%%.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - %%commands%% - {{- if .Values.volumePermissions.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: %%CONTAINER_NAME%% - image: {{ template "%%TEMPLATE_NAME%%.image" . }} - imagePullPolicy: {{ .Values.%%MAIN_OBJECT_BLOCK%%.image.pullPolicy }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.%%MAIN_OBJECT_BLOCK%%.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.%%MAIN_OBJECT_BLOCK%%.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: foo - value: bar - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.resources }} - resources: {{- toYaml .Values.%%MAIN_OBJECT_BLOCK%%.resources | nindent 12 }} - {{- else if ne .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.%%MAIN_OBJECT_BLOCK%%.resourcesPreset) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.http }} - - name: https - containerPort: {{ .Values.%%MAIN_OBJECT_BLOCK%%.containerPorts.https }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.livenessProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.readinessProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.%%MAIN_OBJECT_BLOCK%%.startupProbe "enabled") "context" $) | nindent 12 }} - %%httpGet || command || etc%% - {{- end }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - readOnly: true - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ default (include "common.names.fullname" .) .Values.persistence.existingClaim }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.%%MAIN_OBJECT_BLOCK%%.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.commonLabels }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - {{- end }} diff --git a/charts/template/CHART_NAME/templates/tls-secret.yaml b/charts/template/CHART_NAME/templates/tls-secret.yaml deleted file mode 100644 index a7acfe0..0000000 --- a/charts/template/CHART_NAME/templates/tls-secret.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} -{{- $ca := genCA "%%COMPONENT_NAME%%-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: %%COMPONENT_NAME%% - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} -{{- end }} diff --git a/charts/template/CHART_NAME/values.yaml b/charts/template/CHART_NAME/values.yaml deleted file mode 100644 index 776f7e3..0000000 --- a/charts/template/CHART_NAME/values.yaml +++ /dev/null @@ -1,838 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## e.g: - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto - -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.name -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## Diagnostic mode -## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) -## @param diagnosticMode.command Command to override all containers in the chart release -## @param diagnosticMode.args Args to override all containers in the chart release -## -diagnosticMode: - enabled: false - command: - - sleep - args: - - infinity - -## @section %%MAIN_CONTAINER%% Parameters -## - -## %%MAIN_CONTAINER/POD_DESCRIPTION%% -## -%%MAIN_OBJECT_BLOCK%%: - ## Bitnami %%MAIN_CONTAINER%% image - ## ref: https://hub.docker.com/r/bitnami/%%IMAGE_NAME%%/tags/ - ## @param %%MAIN_OBJECT_BLOCK%%.image.registry [default: REGISTRY_NAME] %%MAIN_CONTAINER%% image registry - ## @param %%MAIN_OBJECT_BLOCK%%.image.repository [default: REPOSITORY_NAME/%%IMAGE_NAME%%] %%MAIN_CONTAINER%% image repository - ## @skip %%MAIN_OBJECT_BLOCK%%.image.tag %%MAIN_CONTAINER%% image tag (immutable tags are recommended) - ## @param %%MAIN_OBJECT_BLOCK%%.image.digest %%MAIN_CONTAINER%% image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) - ## @param %%MAIN_OBJECT_BLOCK%%.image.pullPolicy %%MAIN_CONTAINER%% image pull policy - ## @param %%MAIN_OBJECT_BLOCK%%.image.pullSecrets %%MAIN_CONTAINER%% image pull secrets - ## @param %%MAIN_OBJECT_BLOCK%%.image.debug Enable %%MAIN_CONTAINER%% image debug mode - ## - image: - registry: docker.io - repository: bitnami/%%IMAGE_NAME%% - tag: %%IMAGE_TAG%% - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - debug: false - ## @param %%MAIN_OBJECT_BLOCK%%.replicaCount Number of %%MAIN_CONTAINER_NAME%% replicas to deploy - ## - replicaCount: 1 - ## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.http %%MAIN_CONTAINER_NAME%% HTTP container port - ## @param %%MAIN_OBJECT_BLOCK%%.containerPorts.https %%MAIN_CONTAINER_NAME%% HTTPS container port - ## - containerPorts: - http: 80 - https: 443 - ## Configure extra options for %%MAIN_CONTAINER_NAME%% containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.enabled Enable livenessProbe on %%MAIN_CONTAINER_NAME%% containers - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: foo - periodSeconds: bar - timeoutSeconds: foo - failureThreshold: bar - successThreshold: foo - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.enabled Enable readinessProbe on %%MAIN_CONTAINER_NAME%% containers - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param %%MAIN_OBJECT_BLOCK%%.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: foo - periodSeconds: bar - timeoutSeconds: foo - failureThreshold: bar - successThreshold: foo - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.enabled Enable startupProbe on %%MAIN_CONTAINER_NAME%% containers - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.periodSeconds Period seconds for startupProbe - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param %%MAIN_OBJECT_BLOCK%%.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: foo - periodSeconds: bar - timeoutSeconds: foo - failureThreshold: bar - successThreshold: foo - ## @param %%MAIN_OBJECT_BLOCK%%.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param %%MAIN_OBJECT_BLOCK%%.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param %%MAIN_OBJECT_BLOCK%%.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## %%MAIN_CONTAINER_NAME%% resource requests and limits - ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param %%MAIN_OBJECT_BLOCK%%.resourcesPreset Set %%MAIN_CONTAINER_NAME%% container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if %%MAIN_OBJECT_BLOCK%%.resources is set (%%MAIN_OBJECT_BLOCK%%.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param %%MAIN_OBJECT_BLOCK%%.resources Set %%MAIN_CONTAINER_NAME%% container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.enabled Enable %%MAIN_CONTAINER_NAME%% pods' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for %%MAIN_CONTAINER_NAME%% pods - ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.sysctls Set kernel settings using the sysctl interface for %%MAIN_CONTAINER_NAME%% pods - ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.supplementalGroups Set filesystem extra groups for %%MAIN_CONTAINER_NAME%% pods - ## @param %%MAIN_OBJECT_BLOCK%%.podSecurityContext.fsGroup Set fsGroup in %%MAIN_CONTAINER_NAME%% pods' Security Context - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in %%MAIN_CONTAINER_NAME%% container - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsUser Set runAsUser in %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.runAsNonRoot Set runAsNonRoot in %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.privileged Set privileged in %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in %%MAIN_CONTAINER_NAME%% container' Security Context - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.capabilities.drop List of capabilities to be dropped in %%MAIN_CONTAINER_NAME%% container - ## @param %%MAIN_OBJECT_BLOCK%%.containerSecurityContext.seccompProfile.type Set seccomp profile in %%MAIN_CONTAINER_NAME%% container - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - readOnlyRootFilesystem: true - privileged: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - - %%OTHER_PARAMETERS_RELATED_TO_THIS_CONTAINER/POD%% - - ## @param %%MAIN_OBJECT_BLOCK%%.existingConfigmap The name of an existing ConfigMap with your custom configuration for %%MAIN_CONTAINER_NAME%% - ## - existingConfigmap: - ## @param %%MAIN_OBJECT_BLOCK%%.command Override default %%MAIN_CONTAINER_NAME%% container command (useful when using custom images) - ## - command: [] - ## @param %%MAIN_OBJECT_BLOCK%%.args Override default %%MAIN_CONTAINER_NAME%% container args (useful when using custom images) - ## - args: [] - ## @param %%MAIN_OBJECT_BLOCK%%.automountServiceAccountToken Mount Service Account token in %%MAIN_CONTAINER_NAME%% pods - ## - automountServiceAccountToken: false - ## @param %%MAIN_OBJECT_BLOCK%%.hostAliases %%MAIN_CONTAINER_NAME%% pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param %%MAIN_OBJECT_BLOCK%%.daemonsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% daemonset - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - daemonsetAnnotations: {} - ## @param %%MAIN_OBJECT_BLOCK%%.deploymentAnnotations Annotations for %%MAIN_CONTAINER_NAME%% deployment - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - deploymentAnnotations: {} - ## @param %%MAIN_OBJECT_BLOCK%%.statefulsetAnnotations Annotations for %%MAIN_CONTAINER_NAME%% statefulset - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - statefulsetAnnotations: {} - ## @param %%MAIN_OBJECT_BLOCK%%.podLabels Extra labels for %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param %%MAIN_OBJECT_BLOCK%%.podAnnotations Annotations for %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param %%MAIN_OBJECT_BLOCK%%.podAffinityPreset Pod affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param %%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node %%MAIN_OBJECT_BLOCK%%.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.type Node affinity preset type. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.key Node label key to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set - ## - key: "" - ## @param %%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset.values Node label values to match. Ignored if `%%MAIN_OBJECT_BLOCK%%.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param %%MAIN_OBJECT_BLOCK%%.affinity Affinity for %%MAIN_CONTAINER_NAME%% pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `%%MAIN_OBJECT_BLOCK%%.podAffinityPreset`, `%%MAIN_OBJECT_BLOCK%%.podAntiAffinityPreset`, and `%%MAIN_OBJECT_BLOCK%%.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param %%MAIN_OBJECT_BLOCK%%.nodeSelector Node labels for %%MAIN_CONTAINER_NAME%% pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param %%MAIN_OBJECT_BLOCK%%.tolerations Tolerations for %%MAIN_CONTAINER_NAME%% pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## ONLY FOR DEPLOYMENTS: - ## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% deployment strategy type - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## ONLY FOR STATEFULSETS: - ## @param %%MAIN_OBJECT_BLOCK%%.updateStrategy.type %%MAIN_CONTAINER_NAME%% statefulset strategy type - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## ONLY FOR DEPLOYMENTS: - ## Can be set to RollingUpdate or Recreate - ## ONLY FOR STATEFULSETS: - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - ## ONLY FOR STATEFULSETS: - ## @param %%MAIN_OBJECT_BLOCK%%.podManagementPolicy Pod management policy for %%MAIN_CONTAINER_NAME%% statefulset - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: OrderedReady - ## @param %%MAIN_OBJECT_BLOCK%%.priorityClassName %%MAIN_CONTAINER_NAME%% pods' priorityClassName - ## - priorityClassName: "" - ## @param %%MAIN_OBJECT_BLOCK%%.topologySpreadConstraints Topology Spread Constraints for %%MAIN_CONTAINER_NAME%% pod assignment spread across your cluster among failure-domains - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param %%MAIN_OBJECT_BLOCK%%.schedulerName Name of the k8s scheduler (other than default) for %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param %%MAIN_OBJECT_BLOCK%%.terminationGracePeriodSeconds Seconds %%MAIN_CONTAINER_NAME%% pods need to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: "" - ## @param %%MAIN_OBJECT_BLOCK%%.lifecycleHooks for %%MAIN_CONTAINER_NAME%% containers to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVars Array with extra environment variables to add to %%MAIN_CONTAINER_NAME%% containers - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for %%MAIN_CONTAINER_NAME%% containers - ## - extraEnvVarsCM: "" - ## @param %%MAIN_OBJECT_BLOCK%%.extraEnvVarsSecret Name of existing Secret containing extra env vars for %%MAIN_CONTAINER_NAME%% containers - ## - extraEnvVarsSecret: "" - ## @param %%MAIN_OBJECT_BLOCK%%.extraVolumes Optionally specify extra list of additional volumes for the %%MAIN_CONTAINER_NAME%% pods - ## - extraVolumes: [] - ## @param %%MAIN_OBJECT_BLOCK%%.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the %%MAIN_CONTAINER_NAME%% containers - ## - extraVolumeMounts: [] - ## @param %%MAIN_OBJECT_BLOCK%%.sidecars Add additional sidecar containers to the %%MAIN_CONTAINER_NAME%% pods - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param %%MAIN_OBJECT_BLOCK%%.initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param %%MAIN_OBJECT_BLOCK%%.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param %%MAIN_OBJECT_BLOCK%%.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param %%MAIN_OBJECT_BLOCK%%.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - pdb: - create: false - minAvailable: 1 - maxUnavailable: "" - ## Autoscaling configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ - ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.enabled Enable autoscaling for %%MAIN_OBJECT_BLOCK%% - ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.minReplicas Minimum number of %%MAIN_OBJECT_BLOCK%% replicas - ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.maxReplicas Maximum number of %%MAIN_OBJECT_BLOCK%% replicas - ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.targetCPU Target CPU utilization percentage - ## @param %%MAIN_OBJECT_BLOCK%%.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - -## %%SECONDARY_CONTAINER/POD_DESCRIPTION%% -## -%%SECONDARY_OBJECT_BLOCK%%: - %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% - -## %%OTHERS_CONTAINER/POD_DESCRIPTION%% -## -%%OTHER_OBJECT_BLOCK%%: - %%SAME_STRUCTURE_AS_THE_MAIN_CONTAINER/POD%% - -## @section Traffic Exposure Parameters -## - -## %%MAIN_CONTAINER_NAME%% service parameters -## -service: - ## @param service.type %%MAIN_CONTAINER_NAME%% service type - ## - type: LoadBalancer - ## @param service.ports.http %%MAIN_CONTAINER_NAME%% service HTTP port - ## @param service.ports.https %%MAIN_CONTAINER_NAME%% service HTTPS port - ## - ports: - http: 80 - https: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: "" - https: "" - ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP %%MAIN_CONTAINER_NAME%% service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service - ## - annotations: {} - ## @param service.extraPorts Extra ports to expose in %%MAIN_CONTAINER_NAME%% service (normally used with the `sidecars` value) - ## - extraPorts: [] - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} -## Network Policies -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## %%MAIN_CONTAINER_NAME%% ingress parameters -## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%% - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: %%COMPONENT_NAME%%.local - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: %%COMPONENT_NAME%%.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - %%COMPONENT_NAME%%.local - ## secretName: %%COMPONENT_NAME%%.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: %%COMPONENT_NAME%%.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] - -## @section Persistence Parameters -## - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - ## - enabled: true - ## @param persistence.mountPath Path to mount the volume at. - ## - mountPath: /bitnami/%%MAIN_OBJECT_BLOCK%%/data - ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services - ## - subPath: "" - ## @param persistence.storageClass Storage class of backing PVC - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.accessModes Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Size of data volume - ## - size: 8Gi - ## @param persistence.existingClaim The name of an existing PVC to use for persistence - ## - existingClaim: "" - ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param persistence.dataSource Custom PVC data source - ## - dataSource: {} -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy - ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r%%IMAGE_REVISION%% - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 0 - -## @section Other Parameters -## - -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] - -## ServiceAccount configuration -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## - automountServiceAccountToken: true - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor - ## - annotations: {} - ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus - ## - jobLabel: "" - ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels - ## - honorLabels: false - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## selector: - ## prometheus: my-prometheus - ## - selector: {} -## %%SUBCHART_CONTAINER/POD_DESCRIPTION%% -## -%%SUBCHART_NAME%%: - enabled: false - %%OTHER_PARAMETERS_RELATED_TO_THIS_SUBCHART%% diff --git a/charts/template/README.md b/charts/template/README.md deleted file mode 100644 index c41b2de..0000000 --- a/charts/template/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# Bitnami Charts Template - -This directory contains a basic scaffolding to serve as the basis for creating a new chart. - -Some of the items that need to be implemented are: - -- commonAnnotations -- commonLabels -- imagePullSecret -- extraDeploy -- resources.requests -- resources.limits -- livenessProbe -- readinessProbe -- customLivenessProbe -- customReadinessProbe -- podLabels -- affinity -- nodeSelector -- tolerations (that would override the default one) -- daemonsetAnnotations -- deploymentAnnotations -- statefulsetAnnotations -- podAnnotations -- priorityClassName -- lifecycleHooks -- sidecars -- initContainers -- extraEnvVars -- extraEnvVarsCM -- extraEnvVarsSecret -- command (which would override the default one) -- args (which would override the default one) -- extraVolumes -- extraVolumeMounts -- updateStrategy -- podSecurityContext -- containerSecurityContext - -Also it is necessary to use the `bitnami/common` chart to standarize some of the above items. - -:warning: Take into account this is just an example to follow, depending on the specific use case you will need to remove, add or modify those templates, beyond replacing the placeholders `%%FOO%%` diff --git a/scripts/gen_helm_docs.sh b/scripts/gen_helm_docs.sh new file mode 100755 index 0000000..9555b00 --- /dev/null +++ b/scripts/gen_helm_docs.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +for i in $(ls charts|grep celestia); do + cd charts/$i + echo "Generating docs for chart: [$i]" + docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest + # go to git repo root + cd $(git rev-parse --show-toplevel) +done From a342bda5a5cf51b909def53a34a1d5b264f139b3 Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Wed, 12 Jun 2024 15:09:49 +0200 Subject: [PATCH 3/8] feat: remove snyc Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- .github/workflows/snyk-security.yaml | 54 ---------------------------- 1 file changed, 54 deletions(-) delete mode 100644 .github/workflows/snyk-security.yaml diff --git a/.github/workflows/snyk-security.yaml b/.github/workflows/snyk-security.yaml deleted file mode 100644 index d261359..0000000 --- a/.github/workflows/snyk-security.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# A sample workflow which checks out your Infrastructure as Code Configuration files, -# such as Kubernetes, Helm & Terraform and scans them for any security issues. -# The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Infrastructure as Code - -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '24 8 * * 4' - -permissions: - contents: read - -jobs: - snyk: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Run Snyk to check configuration files for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/iac@master - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - #with: - # Add the path to the configuration file that you would like to test. - # For example `deployment.yaml` for a Kubernetes deployment manifest - # or `main.tf` for a Terraform configuration file - # file: your-file-to-test.yaml - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif \ No newline at end of file From 7a359eb897e6f9e099de48301f771311153607cc Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:02:50 +0200 Subject: [PATCH 4/8] feat: change example Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- examples/celestia-node/mocha.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/celestia-node/mocha.yaml b/examples/celestia-node/mocha.yaml index 9cf58c8..bad4316 100644 --- a/examples/celestia-node/mocha.yaml +++ b/examples/celestia-node/mocha.yaml @@ -54,6 +54,7 @@ node: Core: IP: consensus-full-mocha-4.celestia-mocha.com RPC: + Enabled: true Address: 0.0.0.0 Gateway: Enabled: true From 81789ac098a0dda944e1023c2d7ffa985635e473 Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:06:03 +0200 Subject: [PATCH 5/8] feat: improve lint test Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- .github/workflows/lint-test.yaml | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 3162d2a..c4efc36 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -11,27 +11,19 @@ jobs: with: fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.12.1 + - name: Install Helm + uses: azure/setup-helm@v4 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - uses: actions/setup-python@v4 + - name: Install Python + uses: actions/setup-python@v5 with: - python-version: '3.9' + python-version: '3.10' check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.4.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) - if [[ -n "$changed" ]]; then - echo "changed=true" >> "$GITHUB_OUTPUT" - fi + uses: helm/chart-testing-action@v2 - name: Run chart-testing (lint) - if: steps.list-changed.outputs.changed == 'true' run: ct lint --target-branch ${{ github.event.repository.default_branch }} From f385013dc0e0bfb87e55d92c3f4e14c02ee3a23d Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:24:41 +0200 Subject: [PATCH 6/8] dep: bump common Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- charts/celestia-app/Chart.lock | 6 +++--- charts/celestia-node/Chart.lock | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/celestia-app/Chart.lock b/charts/celestia-app/Chart.lock index 7ce8b2f..472dc08 100644 --- a/charts/celestia-app/Chart.lock +++ b/charts/celestia-app/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.19.2 -digest: sha256:e670e1075bfafffe040fae1158f1fa1f592585f394b48704ba137d2d083b1571 -generated: "2024-05-15T14:28:35.990088925+02:00" + version: 2.20.2 +digest: sha256:35d895f873f86ebff35e439bcf9da34c42a78c4db2e0e179bfb4014a2a0e2e10 +generated: "2024-06-13T11:08:27.11401+02:00" diff --git a/charts/celestia-node/Chart.lock b/charts/celestia-node/Chart.lock index 7ce8b2f..ce351d5 100644 --- a/charts/celestia-node/Chart.lock +++ b/charts/celestia-node/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.19.2 -digest: sha256:e670e1075bfafffe040fae1158f1fa1f592585f394b48704ba137d2d083b1571 -generated: "2024-05-15T14:28:35.990088925+02:00" + version: 2.20.2 +digest: sha256:35d895f873f86ebff35e439bcf9da34c42a78c4db2e0e179bfb4014a2a0e2e10 +generated: "2024-06-13T11:08:30.71548+02:00" From 5f8a44b34a3b301ee20dc368f88075fc93f03350 Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:29:51 +0200 Subject: [PATCH 7/8] fix: lint errors Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- charts/celestia-app/values.yaml | 62 ++++++++++++++++---------------- charts/celestia-node/values.yaml | 32 ++++++++--------- 2 files changed, 47 insertions(+), 47 deletions(-) diff --git a/charts/celestia-app/values.yaml b/charts/celestia-app/values.yaml index be8a66f..5c8008d 100644 --- a/charts/celestia-app/values.yaml +++ b/charts/celestia-app/values.yaml @@ -139,7 +139,7 @@ app: ## @param app.config.configtoml Configuration for the celestia-app config.toml ## config: - # -- configuration for the celestia-app app.toml + # -- configuration for the celestia-app app.toml apptoml: minimum_gas_prices: 0.002utia pruning: default @@ -204,14 +204,14 @@ app: output_metadata: "true" stop_node_on_error: "true" fsync: "false" - # -- configuration for the celestia-app client.toml + # -- configuration for the celestia-app client.toml clienttoml: chain_id: celestia keyring_backend: test output: text node: tcp://localhost:26657 broadcast_mode: sync - # -- configuration for the celestia-app config.toml + # -- configuration for the celestia-app config.toml configtoml: proxy_app: tcp://127.0.0.1:26658 moniker: app @@ -343,8 +343,8 @@ app: - goroutines - mutex_count - mutex_duration - - block_count - - block_duration + - block_count + - block_duration ## @param app.otelAgent OTel agent configuration for the app ## otelAgent: @@ -499,7 +499,7 @@ app: ## @param app.startupProbe.failureThreshold Failure threshold for startupProbe ## @param app.startupProbe.successThreshold Success threshold for startupProbe ## - # -- startup probe for the app + # -- startup probe for the app startupProbe: # -- enable startup probe on app containers, false by default enabled: false @@ -538,7 +538,7 @@ app: ## cpu: 3 ## memory: 1024Mi ## - # -- resources for the app + # -- resources for the app resources: # -- requests for the app requests: @@ -600,7 +600,7 @@ app: readOnlyRootFilesystem: true # -- privileged in app container, false by default privileged: false - # -- allowPrivilegeEscalation in app container, false by default + # -- allowPrivilegeEscalation in app container, false by default allowPrivilegeEscalation: false # -- capabilities to be dropped in app container, ["ALL"] by default capabilities: @@ -614,7 +614,7 @@ app: existingConfigmap: ## @param app.command Override default app container command (useful when using custom images) ## - # -- command for the celestia-app + # -- command for the celestia-app command: - celestia-appd ## @param app.args Override default app container args (useful when using custom images) @@ -805,11 +805,11 @@ app: ## app service parameters ## -# -- service parameters +# -- service parameters service: ## @param service.internal.type app internal service type ## - # -- service type, ClusterIP by default + # -- service type, ClusterIP by default internal: type: ClusterIP ## @param service.internal.ports.api app internal service API port @@ -818,19 +818,19 @@ service: ## @param service.internal.ports.rpc app internal service RPC port ## @param service.internal.ports.prometheus app internal service Prometheus port ## @param service.internal.ports.tracing app internal service Tracing port - # -- ports for the celestia-app + # -- ports for the celestia-app ports: - # -- api port, 1317 by default + # -- api port, 1317 by default api: 1317 - # -- grpc port, 9090 by default + # -- grpc port, 9090 by default grpc: 9090 - # -- p2p port, 26656 by default + # -- p2p port, 26656 by default p2p: 26656 - # -- rpc port, 26657 by default + # -- rpc port, 26657 by default rpc: 26657 - # -- prometheus port, 26660 by default + # -- prometheus port, 26660 by default prometheus: 26660 - # -- tracing port, 26661 by default + # -- tracing port, 26661 by default tracing: 26661 ## @param service.internal.clusterIP app internal service Cluster IP ## e.g.: @@ -856,11 +856,11 @@ service: ## # -- external service parameters external: - # -- enable external service, true by default + # -- enable external service, true by default enabled: true ## @param service.external.type app external service type ## - # -- external service type, LoadBalancer by default + # -- external service type, LoadBalancer by default type: LoadBalancer ## @param service.external.ports.api app external service API port ## @param service.external.ports.grpc app external service gRPC port @@ -873,9 +873,9 @@ service: api: 1317 # -- grpc port, 9090 by default grpc: 9090 - # -- p2p port, 26656 by default + # -- p2p port, 26656 by default p2p: 26656 - # -- rpc port, 26657 by default + # -- rpc port, 26657 by default rpc: 26657 ## Node ports to expose ## @param service.external.nodePorts.api Node port for API @@ -886,19 +886,19 @@ service: ## @param service.external.nodePorts.tracing Node port for Tracing ## NOTE: choose port between <30000-32767> ## - # -- node ports for the celestia-app + # -- node ports for the celestia-app nodePorts: - # -- api port, 1317 by default + # -- api port, 1317 by default api: "" - # -- grpc port, 9090 by default + # -- grpc port, 9090 by default grpc: "" - # -- p2p port, 26656 by default + # -- p2p port, 26656 by default p2p: "" - # -- rpc port, 26657 by default + # -- rpc port, 26657 by default rpc: "" - # -- prometheus port, 26660 by default + # -- prometheus port, 26660 by default prometheus: "" - # -- tracing port, 26661 by default + # -- tracing port, 26661 by default tracing: "" ## @param service.external.loadBalancerIP app external service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer @@ -1003,7 +1003,7 @@ networkPolicy: persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## - # -- enable persistence, true by default + # -- enable persistence, true by default enabled: true ## @param persistence.mountPath Path to mount the volume at. ## Note: This value is overridden by 'Values.app.settings.home' in the stateful set. @@ -1029,7 +1029,7 @@ persistence: - ReadWriteOnce ## @param persistence.size Size of data volume ## - # -- size of data volume, 250Gi by default + # -- size of data volume, 250Gi by default size: 250Gi ## @param persistence.existingClaim The name of an existing PVC to use for persistence ## diff --git a/charts/celestia-node/values.yaml b/charts/celestia-node/values.yaml index f02d5c1..ae77b55 100644 --- a/charts/celestia-node/values.yaml +++ b/charts/celestia-node/values.yaml @@ -386,7 +386,7 @@ node: ## @param node.startupProbe.failureThreshold Failure threshold for startupProbe ## @param node.startupProbe.successThreshold Success threshold for startupProbe ## - # -- startup probe for the node + # -- startup probe for the node startupProbe: # -- enable startup probe on node containers, false by default enabled: false @@ -425,7 +425,7 @@ node: ## cpu: 3 ## memory: 1024Mi ## - # -- resources for the node + # -- resources for the node resources: # -- requests for the node requests: @@ -487,7 +487,7 @@ node: readOnlyRootFilesystem: true # -- privileged in node container, false by default privileged: false - # -- allowPrivilegeEscalation in node container, false by default + # -- allowPrivilegeEscalation in node container, false by default allowPrivilegeEscalation: false # -- capabilities to be dropped in node container, ["ALL"] by default capabilities: @@ -501,7 +501,7 @@ node: existingConfigmap: ## @param node.command Override default node container command (useful when using custom images) ## - # -- command for the celestia-node + # -- command for the celestia-node command: # -- celestia - celestia @@ -696,11 +696,11 @@ node: ## node service parameters ## -# -- service parameters +# -- service parameters service: ## @param service.internal.type node internal service type ## - # -- service type, ClusterIP by default + # -- service type, ClusterIP by default internal: # -- service type, ClusterIP by default type: ClusterIP @@ -745,11 +745,11 @@ service: ## # -- external service parameters external: - # -- enable external service, true by default + # -- enable external service, true by default enabled: true ## @param service.external.type node external service type ## - # -- external service type, LoadBalancer by default + # -- external service type, LoadBalancer by default type: LoadBalancer ## @param service.external.ports.p2p Node external service P2P port ## @param service.external.ports.rest Node external service REST port @@ -771,17 +771,17 @@ service: ## @param service.external.nodePorts.prometheus Node port for Prometheus ## NOTE: choose port between <30000-32767> ## - # -- node ports for the celestia-app + # -- node ports for the celestia-app nodePorts: - # -- p2p port, 2121 by default + # -- p2p port, 2121 by default p2p: "" - # -- rest port, 26659 by default + # -- rest port, 26659 by default rest: "" - # -- rpc port, 26658 by default + # -- rpc port, 26658 by default rpc: "" - # -- profiling port, 6060 by default + # -- profiling port, 6060 by default profiling: "" - # -- prometheus port, 8890 by default + # -- prometheus port, 8890 by default prometheus: "" ## @param service.external.loadBalancerIP node external service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer @@ -886,7 +886,7 @@ networkPolicy: persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## - # -- enable persistence, true by default + # -- enable persistence, true by default enabled: true ## @param persistence.mountPath Path to mount the volume at. ## Note: This value is overridden by 'Values.node.settings.home' in the stateful set. @@ -913,7 +913,7 @@ persistence: - ReadWriteOnce ## @param persistence.size Size of data volume ## - # -- size of data volume, 250Gi by default + # -- size of data volume, 250Gi by default size: 250Gi ## @param persistence.existingClaim The name of an existing PVC to use for persistence ## From 5e0f7d5c2d7c38b4c4e1c962e28ee1b58f77a7bc Mon Sep 17 00:00:00 2001 From: Smuu <18609909+Smuu@users.noreply.github.com> Date: Fri, 14 Jun 2024 09:12:19 +0200 Subject: [PATCH 8/8] fix: maintainer url Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com> --- charts/celestia-app/Chart.yaml | 2 +- charts/celestia-node/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/celestia-app/Chart.yaml b/charts/celestia-app/Chart.yaml index 7eb3753..95fa76f 100644 --- a/charts/celestia-app/Chart.yaml +++ b/charts/celestia-app/Chart.yaml @@ -17,7 +17,7 @@ keywords: - celestia-app maintainers: - name: Celestia Labs - url: https://github.com/celestiaorg/celestia-helm-charts + url: https://github.com/celestiaorg/helm-charts name: celestia-app sources: - https://github.com/celestiaorg/celestia-app diff --git a/charts/celestia-node/Chart.yaml b/charts/celestia-node/Chart.yaml index 523e897..049e16c 100644 --- a/charts/celestia-node/Chart.yaml +++ b/charts/celestia-node/Chart.yaml @@ -17,7 +17,7 @@ keywords: - celestia-node maintainers: - name: Celestia Labs - url: https://github.com/celestiaorg/celestia-helm-charts + url: https://github.com/celestiaorg/helm-charts name: celestia-node sources: - https://github.com/celestiaorg/celestia-node