From ad363c750760e3c28d633c44deaed7dcc69e3815 Mon Sep 17 00:00:00 2001 From: Alex Crowe Date: Mon, 23 Aug 2021 20:47:39 +0100 Subject: [PATCH] Helm Chart Update (#595) * Updated helm chart with additions for * Updated to use dedicated resources and pod lables/annotations * Added ConfigMap for common envs * Updated storage configuration to be more flexible * Added missing envs for db path, backtrace and loggings * Updated with conditional for tracer name to avoid startup failure * Updated AWS ENVs to correct names --- rust/helm/optics-agent/Chart.yaml | 18 --- rust/helm/optics-agent/templates/_helpers.tpl | 12 +- .../optics-agent/templates/configmap.yaml | 34 ++++ .../templates/kathy-statefulset.yaml | 109 ++++--------- .../templates/processor-statefulset.yaml | 109 ++++--------- .../templates/relayer-statefulset.yaml | 111 ++++--------- .../templates/serviceaccount.yaml | 12 ++ .../templates/updater-statefulset.yaml | 105 ++++-------- rust/helm/optics-agent/values.yaml | 149 +++++++++++------- 9 files changed, 281 insertions(+), 378 deletions(-) create mode 100644 rust/helm/optics-agent/templates/configmap.yaml create mode 100644 rust/helm/optics-agent/templates/serviceaccount.yaml diff --git a/rust/helm/optics-agent/Chart.yaml b/rust/helm/optics-agent/Chart.yaml index 449ad9cf5..b3766fa50 100644 --- a/rust/helm/optics-agent/Chart.yaml +++ b/rust/helm/optics-agent/Chart.yaml @@ -1,24 +1,6 @@ apiVersion: v2 name: optics-agent description: A Helm Chart that encapsulates the deployment of the Optics Rust Agent(s) - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. appVersion: "0.1.0" diff --git a/rust/helm/optics-agent/templates/_helpers.tpl b/rust/helm/optics-agent/templates/_helpers.tpl index d71f7cbe5..d929a8f79 100644 --- a/rust/helm/optics-agent/templates/_helpers.tpl +++ b/rust/helm/optics-agent/templates/_helpers.tpl @@ -35,7 +35,6 @@ Common labels */}} {{- define "optics-agent.labels" -}} helm.sh/chart: {{ include "optics-agent.chart" . }} -optics/deployment: {{ .Values.optics.runEnv | quote }} {{ include "optics-agent.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -50,3 +49,14 @@ Selector labels app.kubernetes.io/name: {{ include "optics-agent.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "optics-agent.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "optics-agent.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/rust/helm/optics-agent/templates/configmap.yaml b/rust/helm/optics-agent/templates/configmap.yaml new file mode 100644 index 000000000..226df1691 --- /dev/null +++ b/rust/helm/optics-agent/templates/configmap.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "optics-agent.fullname" . }} + labels: + {{- include "optics-agent.labels" . | nindent 4 }} +data: + RUN_ENV: {{ .Values.optics.runEnv | quote }} + BASE_CONFIG: {{ .Values.optics.baseConfig }} + {{- if .Values.optics.aws }} + AWS_ACCESS_KEY_ID: {{ .Values.optics.aws.accessKeyId }} + AWS_SECRET_ACCESS_KEY: {{ .Values.optics.aws.secretAccessKey }} + {{- end }} + RUST_BACKTRACE: {{ .Values.optics.rustBacktrace }} + OPT_BASE_DBPATH: {{ .Values.optics.dbPath }} + OPT_BASE_TRACING_FMT: {{ .Values.optics.tracing.format }} + OPT_BASE_TRACING_LEVEL: {{ .Values.optics.tracing.level }} + {{- if .Values.optics.homeChain.connectionUrl }} + OPT_BASE_HOME_CONFIG_CONNECTION_URL: {{ .Values.optics.homeChain.connectionUrl }} + {{- end }} + {{- if .Values.optics.homeChain.connectionType }} + OPT_BASE_HOME_CONFIG_CONNECTION_TYPE: {{ .Values.optics.homeChain.connectionType }} + {{- end }} + {{- range .Values.optics.replicaChains }} + {{- if .connectionUrl }} + OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL: {{ .connectionUrl }} + {{- end }} + {{- if .address }} + OPT_BASE_REPLICAS_{{ .name | upper }}_ADDRESS: {{ .address }} + {{- end }} + {{- end }} + {{- if .Values.optics.tracing.uri }} + OPT_BASE_TRACING_JAEGER_COLLECTOR_URI: {{ .Values.optics.tracing.uri }} + {{- end }} diff --git a/rust/helm/optics-agent/templates/kathy-statefulset.yaml b/rust/helm/optics-agent/templates/kathy-statefulset.yaml index 43f0103a4..91ad8b181 100644 --- a/rust/helm/optics-agent/templates/kathy-statefulset.yaml +++ b/rust/helm/optics-agent/templates/kathy-statefulset.yaml @@ -1,41 +1,37 @@ {{- if .Values.optics.kathy.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "optics-agent.fullname" . }}-kathy - labels: - {{- include "optics-agent.labels" . | nindent 4 }} - role: kathy -spec: - clusterIP: None - selector: - {{- include "optics-agent.selectorLabels" . | nindent 4 }} - role: kathy ---- apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "optics-agent.fullname" . }}-kathy labels: {{- include "optics-agent.labels" . | nindent 4 }} - role: kathy + app.kubernetes.io/component: kathy spec: selector: matchLabels: {{- include "optics-agent.selectorLabels" . | nindent 6 }} - role: kathy + app.kubernetes.io/component: kathy replicas: 1 serviceName: {{ include "optics-agent.fullname" . }}-kathy template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.optics.kathy.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} labels: - {{- include "optics-agent.selectorLabels" . | nindent 8 }} - role: kathy {{- include "optics-agent.labels" . | nindent 8 }} + app.kubernetes.io/component: kathy + {{- with .Values.podCommonLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.optics.kathy.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -45,58 +41,18 @@ spec: containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["./kathy"] + envFrom: + - configMapRef: + name: {{ include "optics-agent.fullname" . }} env: - # Set AWS Keys if present in config - {{- if .Values.optics.awsAccessKeyId }} - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.optics.awsAccessKeyId }} - {{- end }} - {{- if .Values.optics.awsSecretAccessKey }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.optics.awsSecretAccessKey }} - {{- end }} - # Set the DB location to be the volume - - name: OPT_BASE_DBPATH - value: /usr/share/optics - # Set the log formatting - - name: OPT_BASE_TRACING_FMT - value: "json" - # Sets the config folder to use - - name: RUN_ENV - value: {{ .Values.optics.runEnv | quote }} - # Sets the base config to be used (switch between Homes) - - name: BASE_CONFIG - value: {{ .Values.optics.baseConfig }} - # Home Overrides - {{- if .Values.optics.homeChain.connectionUrl }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_URL - value: {{ .Values.optics.homeChain.connectionUrl }} - {{- end }} - {{- if .Values.optics.homeChain.connectionType }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_TYPE - value: {{ .Values.optics.homeChain.connectionType }} - {{- end }} - # Replica Overrides - {{- range .Values.optics.replicaChains }} - {{- if .connectionUrl }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL - value: {{ .connectionUrl }} - {{- end }} - {{- if .address }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_ADDRESS - value: {{ .address }} - {{- end }} - {{- end }} - # Polling Interval Override {{- if .Values.optics.kathy.messageInterval }} - name: OPT_BASE_MESSAGEINTERVAL value: {{ .Values.optics.kathy.messageInterval | quote }} {{- end }} - # Transaction Signer Keys {{- range .Values.optics.kathy.transactionSigners }} {{- if .hexKey }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY @@ -104,26 +60,21 @@ spec: {{- else }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_ID + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_REGION + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION value: {{ .aws.region }} {{- end }} {{- end }} - # Jaeger Config {{- if .Values.optics.tracing.uri }} - name: OPT_BASE_TRACING_JAEGER_NAME value: {{ include "optics-agent.fullname" . }}-kathy - - name: OPT_BASE_TRACING_JAEGER_COLLECTOR_URI - value: {{ $.Values.optics.tracing.uri }} {{- end }} - - name: RUST_BACKTRACE - value: full resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.optics.kathy.resources | nindent 10 }} volumeMounts: - name: state - mountPath: /usr/share/optics + mountPath: {{ .Values.optics.dbPath }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -140,9 +91,15 @@ spec: - metadata: name: state spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volumeStorageClass }} + storageClassName: {{ .Values.storage.storageClass }} + accessModes: [ {{ .Values.storage.accessModes }} ] + {{- if .Values.optics.kathy.storage.snapshot.enabled }} + dataSource: + name: {{ .Values.optics.kathy.storage.snapshot.name }} + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + {{- end }} resources: requests: - storage: 10Gi -{{- end }} \ No newline at end of file + storage: {{ .Values.optics.kathy.storage.size }} +{{- end }} diff --git a/rust/helm/optics-agent/templates/processor-statefulset.yaml b/rust/helm/optics-agent/templates/processor-statefulset.yaml index 9ff979c70..3009cfe2e 100644 --- a/rust/helm/optics-agent/templates/processor-statefulset.yaml +++ b/rust/helm/optics-agent/templates/processor-statefulset.yaml @@ -1,41 +1,37 @@ {{- if .Values.optics.processor.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "optics-agent.fullname" . }}-processor - labels: - {{- include "optics-agent.labels" . | nindent 4 }} - role: processor -spec: - clusterIP: None - selector: - {{- include "optics-agent.selectorLabels" . | nindent 4 }} - role: processor ---- apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "optics-agent.fullname" . }}-processor labels: {{- include "optics-agent.labels" . | nindent 4 }} - role: processor + app.kubernetes.io/component: processor spec: selector: matchLabels: {{- include "optics-agent.selectorLabels" . | nindent 6 }} - role: processor + app.kubernetes.io/component: processor replicas: 1 serviceName: {{ include "optics-agent.fullname" . }}-processor template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.optics.processor.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} labels: - {{- include "optics-agent.selectorLabels" . | nindent 8 }} - role: processor {{- include "optics-agent.labels" . | nindent 8 }} + app.kubernetes.io/component: processor + {{- with .Values.podCommonLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.optics.processor.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -45,58 +41,18 @@ spec: containers: - name: agent securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["./processor"] + envFrom: + - configMapRef: + name: {{ include "optics-agent.fullname" . }} env: - # Set AWS Keys if present in config - {{- if .Values.optics.awsAccessKeyId }} - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.optics.awsAccessKeyId }} - {{- end }} - {{- if .Values.optics.awsSecretAccessKey }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.optics.awsSecretAccessKey}} - {{- end }} - # Set the DB location to be the volume - - name: OPT_BASE_DBPATH - value: /usr/share/optics - # Set the log formatting - - name: OPT_BASE_TRACING_FMT - value: "json" - # Sets the config folder to use - - name: RUN_ENV - value: {{ .Values.optics.runEnv | quote }} - # Sets the base config to be used (switch between Homes) - - name: BASE_CONFIG - value: {{ .Values.optics.baseConfig }} - # Home Overrides - {{- if .Values.optics.homeChain.connectionUrl }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_URL - value: {{ .Values.optics.homeChain.connectionUrl }} - {{- end }} - {{- if .Values.optics.homeChain.connectionType }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_TYPE - value: {{ .Values.optics.homeChain.connectionType }} - {{- end }} - # Replica Overrides - {{- range .Values.optics.replicaChains }} - {{- if .connectionUrl }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL - value: {{ .connectionUrl }} - {{- end }} - {{- if .address }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_ADDRESS - value: {{ .address }} - {{- end }} - {{- end }} - # Polling Interval Override {{- if .Values.optics.processor.pollingInterval }} - name: OPT_BASE_POLLINGINTERVAL value: {{ .Values.optics.processor.pollingInterval | quote }} {{- end }} - # Transaction Signer Keys {{- range .Values.optics.processor.transactionSigners }} {{- if .hexKey }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY @@ -104,26 +60,21 @@ spec: {{- else }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_ID + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_REGION + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION value: {{ .aws.region }} {{- end }} {{- end }} - # Jaeger Config {{- if .Values.optics.tracing.uri }} - name: OPT_BASE_TRACING_JAEGER_NAME value: {{ include "optics-agent.fullname" . }}-processor - - name: OPT_BASE_TRACING_JAEGER_COLLECTOR_URI - value: {{ $.Values.optics.tracing.uri }} {{- end }} - - name: RUST_BACKTRACE - value: full resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.optics.processor.resources | nindent 10 }} volumeMounts: - name: state - mountPath: /usr/share/optics + mountPath: {{ .Values.optics.dbPath }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -140,9 +91,15 @@ spec: - metadata: name: state spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volumeStorageClass }} + storageClassName: {{ .Values.storage.storageClass }} + accessModes: [ {{ .Values.storage.accessModes }} ] + {{- if .Values.optics.processor.storage.snapshot.enabled }} + dataSource: + name: {{ .Values.optics.processor.storage.snapshot.name }} + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + {{- end }} resources: requests: - storage: 10Gi -{{- end }} \ No newline at end of file + storage: {{ .Values.optics.processor.storage.size }} +{{- end }} diff --git a/rust/helm/optics-agent/templates/relayer-statefulset.yaml b/rust/helm/optics-agent/templates/relayer-statefulset.yaml index edb59f654..7417cee40 100644 --- a/rust/helm/optics-agent/templates/relayer-statefulset.yaml +++ b/rust/helm/optics-agent/templates/relayer-statefulset.yaml @@ -1,41 +1,37 @@ {{- if .Values.optics.relayer.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "optics-agent.fullname" . }}-relayer - labels: - {{- include "optics-agent.labels" . | nindent 4 }} - role: relayer -spec: - clusterIP: None - selector: - {{- include "optics-agent.selectorLabels" . | nindent 4 }} - role: relayer ---- apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "optics-agent.fullname" . }}-relayer labels: {{- include "optics-agent.labels" . | nindent 4 }} - role: relayer + app.kubernetes.io/component: relayer spec: selector: matchLabels: {{- include "optics-agent.selectorLabels" . | nindent 6 }} - role: relayer + app.kubernetes.io/component: relayer replicas: 1 serviceName: {{ include "optics-agent.fullname" . }}-relayer template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.optics.relayer.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} labels: - {{- include "optics-agent.selectorLabels" . | nindent 8 }} - role: relayer {{- include "optics-agent.labels" . | nindent 8 }} + app.kubernetes.io/component: relayer + {{- with .Values.podCommonLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.optics.relayer.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -45,58 +41,18 @@ spec: containers: - name: agent securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["./relayer"] + envFrom: + - configMapRef: + name: {{ include "optics-agent.fullname" . }} env: - # Set AWS Keys if present in config - {{- if .Values.optics.awsAccessKey }} - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.optics.awsAccessKeyId }} - {{- end }} - {{- if .Values.optics.awsSecretKey }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.optics.awsSecretAccessKey }} - {{- end }} - # Set the DB location to be the volume - - name: OPT_BASE_DBPATH - value: /usr/share/optics - # Set the log formatting - - name: OPT_BASE_TRACING_FMT - value: "json" - # Sets the config folder to use - - name: RUN_ENV - value: {{ .Values.optics.runEnv | quote }} - # Sets the base config to be used (switch between Homes) - - name: BASE_CONFIG - value: {{ .Values.optics.baseConfig }} - # Home Overrides - {{- if .Values.optics.homeChain.connectionUrl }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_URL - value: {{ .Values.optics.homeChain.connectionUrl }} - {{- end }} - {{- if .Values.optics.homeChain.connectionType }} - - name: OPT_BASE_HOME_CONFIG_CONNECTION_TYPE - value: {{ .Values.optics.homeChain.connectionType }} - {{- end }} - # Replica Overrides - {{- range .Values.optics.replicaChains }} - {{- if .connectionUrl }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL - value: {{ .connectionUrl }} - {{- end }} - {{- if .address }} - - name: OPT_BASE_REPLICAS_{{ .name | upper }}_ADDRESS - value: {{ .address }} - {{- end }} - {{- end }} - # Polling Interval Override {{- if .Values.optics.relayer.pollingInterval }} - name: OPT_BASE_POLLINGINTERVAL value: {{ .Values.optics.relayer.pollingInterval | quote }} {{- end }} - # Transaction Signer Keys {{- range .Values.optics.relayer.transactionSigners }} {{- if .hexKey }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY @@ -104,26 +60,21 @@ spec: {{- else }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_ID + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_AWS_REGION + - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION value: {{ .aws.region }} - {{- end}} {{- end }} - # Jaeger Config + {{- end }} {{- if .Values.optics.tracing.uri }} - name: OPT_BASE_TRACING_JAEGER_NAME value: {{ include "optics-agent.fullname" . }}-relayer - - name: OPT_BASE_TRACING_JAEGER_COLLECTOR_URI - value: {{ $.Values.optics.tracing.uri }} {{- end }} - - name: RUST_BACKTRACE - value: full resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.optics.relayer.resources | nindent 10 }} volumeMounts: - name: state - mountPath: /usr/share/optics + mountPath: {{ .Values.optics.dbPath }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -140,9 +91,15 @@ spec: - metadata: name: state spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volumeStorageClass }} + storageClassName: {{ .Values.storage.storageClass }} + accessModes: [ {{ .Values.storage.accessModes }} ] + {{- if .Values.optics.relayer.storage.snapshot.enabled }} + dataSource: + name: {{ .Values.optics.relayer.storage.snapshot.name }} + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + {{- end }} resources: requests: - storage: 10Gi -{{- end }} \ No newline at end of file + storage: {{ .Values.optics.relayer.storage.size }} +{{- end }} diff --git a/rust/helm/optics-agent/templates/serviceaccount.yaml b/rust/helm/optics-agent/templates/serviceaccount.yaml new file mode 100644 index 000000000..2c2bf5a65 --- /dev/null +++ b/rust/helm/optics-agent/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "optics-agent.serviceAccountName" . }} + labels: + {{- include "optics-agent.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/rust/helm/optics-agent/templates/updater-statefulset.yaml b/rust/helm/optics-agent/templates/updater-statefulset.yaml index e8a2b6627..673a6f46b 100644 --- a/rust/helm/optics-agent/templates/updater-statefulset.yaml +++ b/rust/helm/optics-agent/templates/updater-statefulset.yaml @@ -1,41 +1,37 @@ {{- if .Values.optics.updater.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "optics-agent.fullname" . }}-updater - labels: - {{- include "optics-agent.labels" . | nindent 4 }} - role: updater -spec: - clusterIP: None - selector: - {{- include "optics-agent.selectorLabels" . | nindent 4 }} - role: updater ---- apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "optics-agent.fullname" . }}-updater labels: {{- include "optics-agent.labels" . | nindent 4 }} - role: updater + app.kubernetes.io/component: updater spec: selector: matchLabels: {{- include "optics-agent.selectorLabels" . | nindent 6 }} - role: updater + app.kubernetes.io/component: updater replicas: 1 serviceName: {{ include "optics-agent.fullname" . }}-updater template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + {{- with .Values.optics.updater.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} labels: - {{- include "optics-agent.selectorLabels" . | nindent 8 }} - role: updater {{- include "optics-agent.labels" . | nindent 8 }} + app.kubernetes.io/component: updater + {{- with .Values.podCommonLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.optics.updater.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -45,58 +41,18 @@ spec: containers: - name: agent securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["./updater"] + envFrom: + - configMapRef: + name: {{ include "optics-agent.fullname" . }} env: - # Set AWS Keys if present in config - {{- if .Values.optics.awsAccessKeyId }} - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.optics.awsAccessKeyId }} - {{- end }} - {{- if .Values.optics.awsSecretAccessKey }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.optics.awsSecretAccessKey }} - {{- end }} - # Set the DB location to be the volume - - name: OPT_BASE_DBPATH - value: /usr/share/optics - # Set the log formatting - - name: OPT_BASE_TRACING_FMT - value: "json" - # Sets the config folder to use - - name: RUN_ENV - value: {{ .Values.optics.runEnv | quote }} - # Sets the base config to be used (switch between Homes) - - name: BASE_CONFIG - value: {{ .Values.optics.baseConfig }} - # Home Overrides - {{- if .Values.optics.homeChain.connectionUrl }} - - name: OPT_UPDATER_HOME_CONFIG_CONNECTION_URL - value: {{ .Values.optics.homeChain.connectionUrl }} - {{- end }} - {{- if .Values.optics.homeChain.connectionType }} - - name: OPT_UPDATER_HOME_CONFIG_CONNECTION_TYPE - value: {{ .Values.optics.homeChain.connectionType }} - {{- end }} - # Replica Overrides - {{- range .Values.optics.replicaChains }} - {{- if .connectionUrl }} - - name: OPT_UPDATER_REPLICAS_{{ .name | upper }}_CONNECTION_URL - value: {{ .connectionUrl }} - {{- end }} - {{- if .address }} - - name: OPT_UPDATER_REPLICAS_{{ .name | upper }}_ADDRESS - value: {{ .address }} - {{- end }} - {{- end }} - # Polling Interval Override {{- if .Values.optics.updater.pollingInterval }} - name: OPT_BASE_POLLINGINTERVAL value: {{ .Values.optics.updater.pollingInterval | quote }} {{- end }} - # Transaction Signer Keys {{- range .Values.optics.updater.transactionSigners }} {{- if .hexKey }} - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY @@ -110,7 +66,6 @@ spec: value: {{ .aws.region }} {{- end }} {{- end }} - # Attestation Signer Key {{- if .Values.optics.updater.attestationSigner.hexKey }} - name: OPT_BASE_UPDATER_KEY value: {{ .Values.optics.updater.attestationSigner.hexKey }} @@ -125,16 +80,12 @@ spec: {{- if .Values.optics.tracing.uri }} - name: OPT_BASE_TRACING_JAEGER_NAME value: {{ include "optics-agent.fullname" . }}-updater - - name: OPT_BASE_TRACING_JAEGER_COLLECTOR_URI - value: {{ $.Values.optics.tracing.uri }} {{- end }} - - name: RUST_BACKTRACE - value: full resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.optics.updater.resources | nindent 10 }} volumeMounts: - name: state - mountPath: /usr/share/optics + mountPath: {{ .Values.optics.dbPath }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -151,9 +102,15 @@ spec: - metadata: name: state spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volumeStorageClass }} + storageClassName: {{ .Values.storage.storageClass }} + accessModes: [ {{ .Values.storage.accessModes }} ] + {{- if .Values.optics.updater.storage.snapshot.enabled }} + dataSource: + name: {{ .Values.optics.updater.storage.snapshot.name }} + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + {{- end }} resources: requests: - storage: 10Gi -{{- end }} \ No newline at end of file + storage: {{ .Values.optics.updater.storage.size }} +{{- end }} diff --git a/rust/helm/optics-agent/values.yaml b/rust/helm/optics-agent/values.yaml index 85a54621c..be57e0479 100644 --- a/rust/helm/optics-agent/values.yaml +++ b/rust/helm/optics-agent/values.yaml @@ -1,19 +1,45 @@ -replicaCount: 1 -# -- Default to standard storageclass provided by GKE -volumeStorageClass: "standard" +image: + repository: gcr.io/clabs-optics/optics-agent + pullPolicy: Always + tag: "latest" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + annotations: {} + name: "" + +podAnnotations: {} +podCommonLabels: {} + +storage: + storageClass: "standard" + accessModes: ReadWriteOnce # -- Optics Overrides # By Default, Optics Agents load the config baked into the Docker Image # Pass values here in order to override the values in the config # Note: For successful operation, one _must_ pass signer keys as -# they are not baked into the image for security reasons. -optics: +# they are not baked into the image for security reasons. +optics: + # Sets the config folder to use runEnv: "default" + # Sets the base config to be used (switch between Homes) baseConfig: "base.json" - tracing: + # Set the DB location to be the volume + dbPath: /usr/share/optics + rustBacktrace: full + tracing: + # Set the log formatting + format: json + # Set the log level + level: info uri: "" - homeChain: - name: "goerli" + homeChain: + name: "kovan" # -- The contract address for the home contract address: # "0x0C473afC0cabd469751CBE3Ac08aBac3e40bF586" # -- The hard-coded domain corresponding to this blockchain @@ -21,11 +47,12 @@ optics: # -- RPC Style rpcStyle: # "ethereum" connectionType: # "http" - # -- Connection string pointing to an RPC endpoint for the home chain - connectionUrl: # "https://goerli.infura.io/v3/" - awsAccessKeyId: "" - awsSecretAccessKey: "" - + # -- Connection string pointing to an RPC endpoint for the home chain + connectionUrl: # "https://kovan.infura.io/v3/" + aws: + # accessKeyId: "" + # secretAccessKey: "" + # -- Replica chain overrides, a sequence replicaChains: - name: "alfajores" @@ -36,16 +63,22 @@ optics: connectionType: # "http" # -- Connection string pointing to an RPC endpoint for the replica chain connectionUrl: # "https://alfajores-forno.celo-testnet.org" - + # Optics Agent Roles - # Individually Switchable via .enabled - updater: - # -- Enables or disables the updater + # Individually Switchable via .enabled + updater: enabled: false - # -- Transaction Signing keys for home and replica(s) - # Note: Only select one kind of key, either hexKey OR AWS. hexKey will take precedence over AWS if set. - transactionSigners: - - name: "goerli" + podAnnotations: {} + podLabels: {} + storage: + size: 10Gi + snapshot: + enabled: false + name: "" + resources: {} + # -- Trnsaction Signing keys for home and replica(s) + transactionSigners: + - name: "kovan" hexKey: "" aws: keyId: "" @@ -55,9 +88,8 @@ optics: aws: keyId: "" region: "" - # -- Specialized key used by updater and watcher used to sign attestations, separate from updater.transactionSigners - # Note: Only select one kind of key, either hexKey OR AWS. hexKey will take precedence over AWS if set. - attestationSigner: + # -- Specialized key used by updater and watcher used to sign attestations, separate from updater.keys + attestationSigner: hexKey: "" aws: keyId: "" @@ -65,12 +97,19 @@ optics: # -- How long to wait between checking for updates pollingInterval: # 5 updatePause: # 15 - relayer: - # -- Enables or disables the relayer + + relayer: enabled: false - # Note: Only select one kind of key, either hexKey OR AWS. hexKey will take precedence over AWS if set. - transactionSigners: - - name: "goerli" + podAnnotations: {} + podLabels: {} + storage: + size: 10Gi + snapshot: + enabled: false + name: "" + resources: {} + transactionSigners: + - name: "kovan" hexKey: "" aws: keyId: "" @@ -81,11 +120,19 @@ optics: keyId: "" region: "" pollingInterval: # 10 - processor: + + processor: enabled: false - # Note: Only select one kind of key, either hexKey OR AWS. hexKey will take precedence over AWS if set. - transactionSigners: - - name: "goerli" + podAnnotations: {} + podLabels: {} + storage: + size: 10Gi + snapshot: + enabled: false + name: "" + resources: {} + transactionSigners: + - name: "kovan" hexKey: "" aws: keyId: "" @@ -96,11 +143,19 @@ optics: keyId: "" region: "" pollingInterval: # 10 - kathy: + + kathy: enabled: false - # Note: Only select one kind of key, either hexKey OR AWS. hexKey will take precedence over AWS if set. - transactionSigners: - - name: "goerli" + podAnnotations: {} + podLabels: {} + storage: + size: 10Gi + snapshot: + enabled: false + name: "" + resources: {} + transactionSigners: + - name: "kovan" hexKey: "" aws: keyId: "" @@ -110,6 +165,7 @@ optics: aws: keyId: "" region: "" + # Polling Interval Override messageInterval: # 100 # -- Configuration for Kathy's message generation code chatGenConfig: @@ -118,20 +174,6 @@ optics: recipient: # "recipient" type: # "static" -image: - # -- Main repository for Optics Agent binaries, provided by cLabs - repository: gcr.io/clabs-optics/optics-agent - pullPolicy: Always - # -- Overrides the image tag whose default is the chart appVersion. - tag: "latest" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - - -podAnnotations: {} - podSecurityContext: {} # fsGroup: 2000 @@ -143,12 +185,7 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi