diff --git a/charts/node/Chart.yaml b/charts/node/Chart.yaml index 86d170eb..08b8a171 100644 --- a/charts/node/Chart.yaml +++ b/charts/node/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: node description: A Helm chart to deploy Substrate/Polkadot nodes type: application -version: 0.16.0 +version: 0.17.0 appVersion: "0.0.1" diff --git a/charts/node/templates/service.yaml b/charts/node/templates/service.yaml index 4df568eb..2c7c121b 100644 --- a/charts/node/templates/service.yaml +++ b/charts/node/templates/service.yaml @@ -48,7 +48,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: {{ $fullname }}-{{ $i }}-p2p + name: {{ $fullname }}-{{ $i }}-relay-chain-p2p spec: type: NodePort externalTrafficPolicy: Local @@ -57,8 +57,8 @@ spec: statefulset.kubernetes.io/pod-name: {{ $fullname }}-{{ $i }} ports: - name: p2p - port: {{ add $.Values.node.perNodeServices.p2pNodePortStartRange $i }} - nodePort: {{ add $.Values.node.perNodeServices.p2pNodePortStartRange $i }} + port: 30333 + targetPort: 30333 {{- end }} --- {{ end }} diff --git a/charts/node/templates/serviceAccount.yaml b/charts/node/templates/serviceAccount.yaml index 1da7761d..c64151b1 100644 --- a/charts/node/templates/serviceAccount.yaml +++ b/charts/node/templates/serviceAccount.yaml @@ -1,12 +1,36 @@ +{{ $serviceAccountName := include "chart.serviceAccountName" . }} {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "chart.serviceAccountName" . }} + name: {{ $serviceAccountName }} labels: {{- include "chart.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - {{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }}-service-reader +rules: + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list"] +--- +# Allow the {{ include "chart.serviceAccountName" . }}-service-port-retriever service account to read services in the {{ .Release.Namespace }} namespace +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $serviceAccountName }}-service-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $serviceAccountName }}-service-reader +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/node/templates/statefulset.yaml b/charts/node/templates/statefulset.yaml index f910b561..c8f8c8f3 100644 --- a/charts/node/templates/statefulset.yaml +++ b/charts/node/templates/statefulset.yaml @@ -113,37 +113,61 @@ spec: - mountPath: /data name: chain-data {{- end }} - {{- if .Values.node.keys }} - - name: inject-keys - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - command: [ "/bin/sh" ] - args: - - -c - - | - {{- range $index, $key := .Values.node.keys }} - echo {{ $key.seed }} > /dev/shm/{{ $index }}.key - {{ .Values.node.command }} key insert --base-path /data --chain ${CHAIN} --key-type {{ $key.type }} --scheme {{ $key.scheme }} --suri /dev/shm/{{ $index }}.key - rm /dev/shm/{{ $index }}.key - {{- end }} - env: - - name: CHAIN - value: {{ .Values.node.chain }} - volumeMounts: - - mountPath: /data - name: chain-data - {{- end }} + {{- if .Values.node.keys }} + - name: inject-keys + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + command: [ "/bin/sh" ] + args: + - -c + - | + {{- range $index, $key := .Values.node.keys }} + echo {{ $key.seed }} > /dev/shm/{{ $index }}.key + {{ .Values.node.command }} key insert --base-path /data --chain ${CHAIN} --key-type {{ $key.type }} --scheme {{ $key.scheme }} --suri /dev/shm/{{ $index }}.key + rm /dev/shm/{{ $index }}.key + {{- end }} + env: + - name: CHAIN + value: {{ .Values.node.chain }} + volumeMounts: + - mountPath: /data + name: chain-data + {{- end }} + {{- if .Values.node.perNodeServices.createP2pNodePortService }} + - name: retrieve-node-port + image: {{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + command: [ "/bin/sh" ] + args: + - -c + - | + POD_INDEX="${HOSTNAME##*-}" + RELAY_CHAIN_P2P_PORT="$(kubectl --namespace {{ .Release.Namespace }} get service {{ $fullname }}-${POD_INDEX}-relay-chain-p2p -o jsonpath='{.spec.ports[*].nodePort}')" + echo "${RELAY_CHAIN_P2P_PORT}" > /data/relay_chain_p2p_port + echo "Retrieved Kubernetes service node port from {{ $fullname }}-${POD_INDEX}-relay-chain-p2p, saved ${RELAY_CHAIN_P2P_PORT} to /data/relay_chain_p2p_port" + {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }} + EXTERNAL_IP=$(curl {{ .Values.node.perNodeServices.setPublicAddressToExternalIp.ipRetrievalServiceUrl }}) + echo "${EXTERNAL_IP}" > /data/node_external_ip + echo "Retrieved external IP from {{ .Values.node.perNodeServices.ipRetrievalServiceUrl }}, saved ${EXTERNAL_IP} to /data/node_external_ip" + {{- end }} + volumeMounts: + - mountPath: /data + name: chain-data + {{- end }} containers: - name: {{ .Values.node.chain }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.node.perNodeServices.createP2pNodePortService }} command: [ "/bin/sh" ] args: - -c - | - POD_INDEX="${HOSTNAME##*-}" - P2P_PORT=$(({{ .Values.node.perNodeServices.p2pNodePortStartRange }}+POD_INDEX)) - echo "P2P_PORT=${P2P_PORT}" + {{- if .Values.node.perNodeServices.createP2pNodePortService }} + {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }} + EXTERNAL_IP="$(cat /data/node_external_ip)" + echo "EXTERNAL_IP=${EXTERNAL_IP}" + {{- end }} + RELAY_CHAIN_P2P_PORT="$(cat /data/relay_chain_p2p_port)" + echo "RELAY_CHAIN_P2P_PORT=${RELAY_CHAIN_P2P_PORT}" + {{- end }} exec {{ .Values.node.command }} \ --name=${POD_NAME} \ --base-path=/data/ \ @@ -154,7 +178,13 @@ spec: {{- if eq .Values.node.role "light" }} --light \ {{- end }} - --listen-addr={{ .Values.node.perNodeServices.listenAddressBase }}${P2P_PORT} \ + {{- if .Values.node.perNodeServices.createP2pNodePortService }} + {{- if .Values.node.perNodeServices.setPublicAddressToExternalIp.enabled }} + --public-addr=/ip4/${EXTERNAL_IP}/tcp/${RELAY_CHAIN_P2P_PORT} \ + {{- end }} + --listen-addr=/ip4/0.0.0.0/tcp/${RELAY_CHAIN_P2P_PORT} \ + {{- end }} + --listen-addr=/ip4/0.0.0.0/tcp/30333 \ {{- if .Values.node.persistGeneratedNodeKey }} --node-key-file /data/node-key \ {{- end }} @@ -162,25 +192,6 @@ spec: --jaeger-agent=127.0.0.1:{{ .Values.jaegerAgent.ports.compactPort }} \ {{- end }} {{- join " " .Values.node.flags | nindent 16 }} - {{- else }} - args: - - --name=$(POD_NAME) - - --base-path=/data/ - - --chain={{ if .Values.node.customChainspecUrl }}/data/chainspec.json{{ else }}$(CHAIN){{ end }} - {{- if eq .Values.node.role "authority" }} - - --validator - {{- end }} - {{- if eq .Values.node.role "light" }} - - --light \ - {{- end }} - {{- if .Values.node.persistGeneratedNodeKey }} - - --node-key-file=/data/node-key - {{- end }} - {{- if .Values.node.tracing.enabled }} - - --jaeger-agent=127.0.0.1:{{ .Values.jaegerAgent.ports.compactPort }} - {{- end }} - {{- toYaml .Values.node.flags | nindent 12 }} - {{- end }} env: - name: CHAIN value: {{ .Values.node.chain }} @@ -251,7 +262,7 @@ spec: image: {{ .Values.jaegerAgent.image.repository }}:{{ .Values.jaegerAgent.image.tag }} args: - --reporter.grpc.host-port={{ .Values.jaegerAgent.collector.url }}:{{ .Values.jaegerAgent.collector.port }} - env: + env: {{- range $key, $val := .Values.jaegerAgent.env }} - name: {{ $key }} value: {{ $val }} @@ -280,7 +291,7 @@ spec: path: / port: admin {{- end}} - serviceAccountName: {{ $serviceAccountName}} + serviceAccountName: {{ $serviceAccountName }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} diff --git a/charts/node/values.yaml b/charts/node/values.yaml index 6b646cb3..87d90997 100644 --- a/charts/node/values.yaml +++ b/charts/node/values.yaml @@ -8,6 +8,11 @@ initContainer: repository: crazymax/7zip tag: latest +kubectl: + image: + repository: bitnami/kubectl + tag: latest + googleCloudSdk: image: repository: google/cloud-sdk @@ -83,9 +88,9 @@ node: perNodeServices: createClusterIPService: true createP2pNodePortService: false - p2pNodePortStartRange: "30000" - # Set to 0.0.0.0 to enable auto discovery of the IP address - listenAddressBase: "/ip4/0.0.0.0/tcp/" + setPublicAddressToExternalIp: + enabled: false + ipRetrievalServiceUrl: https://ifconfig.io #podManagementPolicy: Parallel #customChainspecUrl: @@ -93,7 +98,7 @@ node: tracing: enabled: false - # Enables Sustrate API as a sidecar + # Enables Sustrate API as a sidecar substrateApiSidecar: enabled: false @@ -122,7 +127,7 @@ jaegerAgent: # Jaeger Default GRPC port is 14250 port: 14250 env: {} - resources: {} + resources: {} podAnnotations: {}