Merge pull request #28 from paritytech/auto-discover-p2p-address

P2P address auto discovery

charts/node/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: node
 description: A Helm chart to deploy Substrate/Polkadot nodes
 type: application
-version: 0.16.0
+version: 0.17.0
 appVersion: "0.0.1"

charts/node/templates/service.yaml

@@ -48,7 +48,7 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ $fullname }}-{{ $i }}-p2p
+  name: {{ $fullname }}-{{ $i }}-relay-chain-p2p
 spec:
   type: NodePort
   externalTrafficPolicy: Local
@@ -57,8 +57,8 @@ spec:
     statefulset.kubernetes.io/pod-name: {{ $fullname }}-{{ $i }}
   ports:
     - name: p2p
-      port: {{ add $.Values.node.perNodeServices.p2pNodePortStartRange $i }}
-      nodePort: {{ add $.Values.node.perNodeServices.p2pNodePortStartRange $i }}
+      port: 30333
+      targetPort: 30333
 {{- end }}
 ---
 {{ end }}

charts/node/templates/serviceAccount.yaml

@@ -1,12 +1,36 @@
+{{ $serviceAccountName :=  include "chart.serviceAccountName" . }}
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "chart.serviceAccountName" . }}
+  name: {{ $serviceAccountName }}
   labels:
   {{- include "chart.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}
   annotations:
   {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- end }}
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $serviceAccountName }}-service-reader
+rules:
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list"]
+---
+# Allow the {{ include "chart.serviceAccountName" . }}-service-port-retriever service account to read services in the {{ .Release.Namespace }} namespace
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ $serviceAccountName }}-service-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $serviceAccountName }}-service-reader
+subjects:
+  - kind: ServiceAccount
+    name: {{ $serviceAccountName }}
+    namespace: {{ .Release.Namespace }}

charts/node/templates/statefulset.yaml

@@ -113,37 +113,61 @@ spec:
             - mountPath: /data
               name: chain-data
         {{- end }}
-      {{- if .Values.node.keys }}
-      - name: inject-keys
-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        command: [ "/bin/sh" ]
-        args:
-          - -c
-          - |
-            {{- range $index, $key := .Values.node.keys }}
-            echo {{ $key.seed }} > /dev/shm/{{ $index }}.key
-            {{ .Values.node.command }} key insert --base-path /data --chain ${CHAIN} --key-type {{ $key.type }} --scheme {{ $key.scheme }} --suri /dev/shm/{{ $index }}.key
-            rm /dev/shm/{{ $index }}.key
-            {{- end }}
-        env:
-          - name: CHAIN
-            value: {{ .Values.node.chain }}
-        volumeMounts:
-          - mountPath: /data
-            name: chain-data
-      {{- end }}
+        {{- if .Values.node.keys }}
+        - name: inject-keys
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          command: [ "/bin/sh" ]
+          args:
+            - -c
+            - |
+              {{- range $index, $key := .Values.node.keys }}
+              echo {{ $key.seed }} > /dev/shm/{{ $index }}.key
+              {{ .Values.node.command }} key insert --base-path /data --chain ${CHAIN} --key-type {{ $key.type }} --scheme {{ $key.scheme }} --suri /dev/shm/{{ $index }}.key
+              rm /dev/shm/{{ $index }}.key
+              {{- end }}
+          env:
+            - name: CHAIN
+              value: {{ .Values.node.chain }}
+          volumeMounts:
+            - mountPath: /data
+              name: chain-data
+        {{- end }}
+        {{- if .Values.node.perNodeServices.createP2pNodePortService }}
+        - name: retrieve-node-port
+          image: {{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+          command: [ "/bin/sh" ]
+          args:
+            - -c
+            - |
+              POD_INDEX="${HOSTNAME##*-}"
+              RELAY_CHAIN_P2P_PORT="$(kubectl --namespace {{ .Release.Namespace }} get service {{ $fullname }}-${POD_INDEX}-relay-chain-p2p -o jsonpath='{.spec.ports[*].nodePort}')"
+              echo "${RELAY_CHAIN_P2P_PORT}" > /data/relay_chain_p2p_port
+              echo "Retrieved Kubernetes service node port from {{ $fullname }}-${POD_INDEX}-relay-chain-p2p, saved ${RELAY_CHAIN_P2P_PORT} to /data/relay_chain_p2p_port"
+              {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }}
+              EXTERNAL_IP=$(curl {{ .Values.node.perNodeServices.setPublicAddressToExternalIp.ipRetrievalServiceUrl }})
+              echo "${EXTERNAL_IP}" > /data/node_external_ip
+              echo "Retrieved external IP from {{ .Values.node.perNodeServices.ipRetrievalServiceUrl }}, saved ${EXTERNAL_IP} to /data/node_external_ip"
+              {{- end }}
+          volumeMounts:
+            - mountPath: /data
+              name: chain-data
+        {{- end }}
       containers:
         - name: {{ .Values.node.chain }}
           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if .Values.node.perNodeServices.createP2pNodePortService }}
           command: [ "/bin/sh" ]
           args:
             - -c
             - |
-              POD_INDEX="${HOSTNAME##*-}"
-              P2P_PORT=$(({{ .Values.node.perNodeServices.p2pNodePortStartRange }}+POD_INDEX))
-              echo "P2P_PORT=${P2P_PORT}"
+              {{- if .Values.node.perNodeServices.createP2pNodePortService }}
+              {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }}
+              EXTERNAL_IP="$(cat /data/node_external_ip)"
+              echo "EXTERNAL_IP=${EXTERNAL_IP}"
+              {{- end }}
+              RELAY_CHAIN_P2P_PORT="$(cat /data/relay_chain_p2p_port)"
+              echo "RELAY_CHAIN_P2P_PORT=${RELAY_CHAIN_P2P_PORT}"
+              {{- end }}
               exec {{ .Values.node.command }} \
                 --name=${POD_NAME} \
                 --base-path=/data/ \
@@ -154,33 +178,20 @@ spec:
                 {{- if eq .Values.node.role "light" }}
                 --light \
                 {{- end }}
-                --listen-addr={{ .Values.node.perNodeServices.listenAddressBase }}${P2P_PORT} \
+                {{- if .Values.node.perNodeServices.createP2pNodePortService }}
+                {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }}
+                --public-addr=/ip4/${EXTERNAL_IP}/tcp/${RELAY_CHAIN_P2P_PORT} \
+                {{- end }}
+                --listen-addr=/ip4/0.0.0.0/tcp/${RELAY_CHAIN_P2P_PORT} \
+                {{- end }}
+                --listen-addr=/ip4/0.0.0.0/tcp/30333 \
                 {{- if .Values.node.persistGeneratedNodeKey }}
                 --node-key-file /data/node-key \
                 {{- end }}
                 {{- if .Values.node.tracing.enabled }}
                 --jaeger-agent=127.0.0.1:{{ .Values.jaegerAgent.ports.compactPort }} \
                 {{- end }}
                 {{- join " " .Values.node.flags | nindent 16 }}
-          {{- else }}
-          args:
-            - --name=$(POD_NAME)
-            - --base-path=/data/
-            - --chain={{ if .Values.node.customChainspecUrl }}/data/chainspec.json{{ else }}$(CHAIN){{ end }}
-            {{- if eq .Values.node.role "authority" }}
-            - --validator
-            {{- end }}
-            {{- if eq .Values.node.role "light" }}
-            - --light \
-            {{- end }}
-            {{- if .Values.node.persistGeneratedNodeKey }}
-            - --node-key-file=/data/node-key
-            {{- end }} 
-            {{- if .Values.node.tracing.enabled }}
-            - --jaeger-agent=127.0.0.1:{{ .Values.jaegerAgent.ports.compactPort }}
-            {{- end }}
-            {{- toYaml .Values.node.flags | nindent 12 }}
-          {{- end }}
           env:
             - name: CHAIN
               value: {{ .Values.node.chain }}
@@ -251,7 +262,7 @@ spec:
           image: {{ .Values.jaegerAgent.image.repository }}:{{ .Values.jaegerAgent.image.tag }}
           args:
             - --reporter.grpc.host-port={{ .Values.jaegerAgent.collector.url }}:{{ .Values.jaegerAgent.collector.port }}
-          env: 
+          env:
             {{- range $key, $val := .Values.jaegerAgent.env }}
             - name: {{ $key }}
               value: {{ $val }}
@@ -280,7 +291,7 @@ spec:
               path: /
               port: admin
         {{- end}}
-      serviceAccountName: {{ $serviceAccountName}}
+      serviceAccountName: {{ $serviceAccountName }}
       securityContext:
       {{- toYaml .Values.podSecurityContext | nindent 8 }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}

charts/node/values.yaml

@@ -8,6 +8,11 @@ initContainer:
     repository: crazymax/7zip
     tag: latest
 
+kubectl:
+  image:
+    repository: bitnami/kubectl
+    tag: latest
+
 googleCloudSdk:
   image:
     repository: google/cloud-sdk
@@ -83,17 +88,17 @@ node:
   perNodeServices:
     createClusterIPService: true
     createP2pNodePortService: false
-    p2pNodePortStartRange: "30000"
-    # Set to 0.0.0.0 to enable auto discovery of the IP address
-    listenAddressBase: "/ip4/0.0.0.0/tcp/"
+    setPublicAddressToExternalIp:
+      enabled: false
+      ipRetrievalServiceUrl: https://ifconfig.io
   #podManagementPolicy: Parallel
   #customChainspecUrl:
 
   # Enables Jaeger Agent as a sidecar
   tracing:
     enabled: false
 
-  # Enables Sustrate API as a sidecar 
+  # Enables Sustrate API as a sidecar
   substrateApiSidecar:
     enabled: false
 
@@ -122,7 +127,7 @@ jaegerAgent:
     # Jaeger Default GRPC port is 14250
     port: 14250
   env: {}
-  resources: {}      
+  resources: {}
 
 podAnnotations: {}