diff --git a/charts/sawtooth/templates/_ingress.tpl b/charts/sawtooth/templates/_ingress.tpl new file mode 100644 index 00000000..71150914 --- /dev/null +++ b/charts/sawtooth/templates/_ingress.tpl @@ -0,0 +1,80 @@ +{{/* +include "ingress" (dict "ingressName" "myingress" "ingress" path.to.ingress "serviceName" "the-service" "servicePort" 9090 "context" $) + +ingress: + enabled: true + certManager: false + pathType: ImplementationSpecific + apiVersion: "" + hostname: theservice.local + path: / + annotations: {} + tls: false + extraHosts: [] + extraPaths: [] + extraTls: [] + secrets: [] +*/}} +{{- define "lib.ingress" -}} +{{- $ctx := .context -}} +{{- $ingressName := .ingressName -}} +{{- $serviceName := .serviceName -}} +{{- $servicePort := .servicePort -}} +{{- if .ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" $ctx }} +kind: Ingress +metadata: + name: {{ $ingressName }} + namespace: {{ $ctx.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ctx | nindent 4 }} + {{- if $ctx.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonLabels "context" $ctx ) | nindent 4 }} + {{- end }} + annotations: + {{- if .ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.annotations "context" $ctx ) | nindent 4 }} + {{- end }} + {{- if $ctx.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonAnnotations "context" $ctx ) | nindent 4 }} + {{- end }} +spec: + rules: + {{- if .ingress.hostname }} + - host: {{ .ingress.hostname }} + http: + paths: + {{- if .ingress.extraPaths }} + {{- toYaml .ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ .ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- range .ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- if or .ingress.tls .ingress.extraTls }} + tls: + {{- if .ingress.tls }} + - hosts: + - {{ .ingress.hostname }} + secretName: {{ printf "%s-tls" .ingress.hostname }} + {{- end }} + {{- if .ingress.extraTls }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.extraTls "context" $ctx ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/charts/sawtooth/templates/ingress.yaml b/charts/sawtooth/templates/ingress.yaml new file mode 100644 index 00000000..569950f1 --- /dev/null +++ b/charts/sawtooth/templates/ingress.yaml @@ -0,0 +1,6 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "sawtooth.validator.fullname" . -}} +{{- $ingressName := printf "%s-rest" $serviceName -}} +{{- $servicePort := .Values.sawtooth.ports.rest -}} +{{ include "lib.ingress" (dict "ingressName" $ingressName "ingress" .Values.ingress "serviceName" $serviceName "servicePort" $servicePort "context" $) }} +{{- end -}} diff --git a/charts/sawtooth/tests/ingress_test.yaml b/charts/sawtooth/tests/ingress_test.yaml new file mode 100644 index 00000000..605789e2 --- /dev/null +++ b/charts/sawtooth/tests/ingress_test.yaml @@ -0,0 +1,18 @@ +suite: test the ingresses +templates: + - ingress.yaml +release: + name: test + namespace: testns +tests: + - it: ingress links to service properly + set: + ingress: + enabled: true + asserts: + - equal: + path: spec.rules[0].http.paths[0].backend.service.name + value: test-sawtooth + - equal: + path: spec.rules[0].http.paths[0].backend.service.port.number + value: 8008 diff --git a/charts/sawtooth/values.yaml b/charts/sawtooth/values.yaml index d563e0f2..e27e8f2d 100644 --- a/charts/sawtooth/values.yaml +++ b/charts/sawtooth/values.yaml @@ -1,11 +1,11 @@ --- ## @md # These are the reasonable defaults file sawtooth 1.2 ## @md -## @md | field | description | type | default | -## @md |-|-|-|-| +## @md | field | description | default | +## @md |-|-|-| affinity: - ## @md | `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | boolean | false | + ## @md | `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | false | # Normally set this as disabled. # If false - no effect, validators are run on every ( or in the case of devmode any one) # node in the cluster. @@ -19,42 +19,67 @@ global: registry: index.docker.io tag: BTP2.1.0rc14 + +## @md | `commonLabels` | +commonLabels: {} +commonAnnotations: {} # This is optional, # if false the values are ignored, # if true then there should exist a secret within the namespace # of the given names, multiple values are acceptable hostAliases: imagePullSecrets: - ## @md | `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | boolean | false | + ## @md | `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | false | enabled: false - ## @md | `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| list | [] | + ## @md | `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| [] | value: [] +ingress: + ## @md | `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" | + apiVersion: "" + ## @md | `ingress.enabled` | true to enable the ingress to the main service rest-api | false | + enabled: false + ## @md | `ingress.certManager` | true to enable the acme certmanager for this ingress | false | + certManager: false + ## @md | `ingress.hostname` | primary hostname for the ingress | false | + hostname: "sawtooth.local" + ## @md | `ingress.path` | path for the ingress's primary hostname | / | + path: / + ## @md | `ingress.annotations` | annotations for the ingress | {} | + annotations: {} + ## @md | `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false | + tls: false + ## @md | `ingress.extraHosts` | list of extra hosts to add to the ingress | [] | + extraHosts: [] + ## @md | `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] | + extraPaths: [] + ## @md | `ingress.extraTls` | list of extra tls entries | [] | + extraTls: [] pagerduty: - ## @md | `pagerduty.enabled` | if true send pagerduty alerts | boolean | false | + ## @md | `pagerduty.enabled` | if true send pagerduty alerts | false | enabled: false - ## @md | `pagerduty.token` | pagerduty user token | string | nil | + ## @md | `pagerduty.token` | pagerduty user token | nil | token: - ## @md | `pagerduty.serviceid` | pagerduty serviceid | string | nil | + ## @md | `pagerduty.serviceid` | pagerduty serviceid | nil | serviceid: sawtooth: opentsdb: - ## @md | `sawtooth.opentsdb.db` | name of the opentsdb database to be used | string | metrics | + ## @md | `sawtooth.opentsdb.db` | name of the opentsdb database to be used | metrics | db: metrics - ## @md | `sawtooth.opentsdb.url` | url of the opentsdb database to be used | string | nil | + ## @md | `sawtooth.opentsdb.url` | url of the opentsdb database to be used | nil | url: - ## @md | `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | boolean | false | + ## @md | `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | false | enabled: false statefulset: enabled: false replicas: podAnnotations: - ## @md | `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | int | 120 | + ## @md | `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | 120 | minReadySeconds: 120 - ## @md | `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | int | 1 | + ## @md | `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | 1 | maxUnavailable: 1 containers: block_info: - ## @md | `sawtooth.containers.block_info.args` | extra args for block-info-tp | string | nil | + ## @md | `sawtooth.containers.block_info.args` | extra args for block-info-tp | nil | args: env: image: @@ -83,7 +108,7 @@ sawtooth: requests: cpu: "50m" identity_tp: - ## @md | `sawtooth.containers.identity_tp.args` | extra args for identity-tp | string | nil | + ## @md | `sawtooth.containers.identity_tp.args` | extra args for identity-tp | nil | args: env: image: @@ -196,7 +221,7 @@ sawtooth: requests: cpu: "50m" rest_api: - ## @md | `sawtooth.containers.rest_api.args` | extra args for rest-api | string | nil | + ## @md | `sawtooth.containers.rest_api.args` | extra args for rest-api | nil | args: env: image: @@ -239,7 +264,7 @@ sawtooth: requests: cpu: "50m" settings_tp: - ## @md | `sawtooth.containers.settings_tp.args` | extra args for settings-tp | string | nil | + ## @md | `sawtooth.containers.settings_tp.args` | extra args for settings-tp | nil | args: env: image: @@ -268,9 +293,9 @@ sawtooth: requests: cpu: "50m" validator: - ## @md | `sawtooth.containers.validator.args` | extra args for validator | string | nil | + ## @md | `sawtooth.containers.validator.args` | extra args for validator | nil | args: - ## @md | `sawtooth.containers.validator.env` | list of environment name/value dicts | map | nil | + ## @md | `sawtooth.containers.validator.env` | list of environment name/value dicts | nil | env: - name: RUST_BACKTRACE value: "1" @@ -304,38 +329,38 @@ sawtooth: storageClass: size: 40Gi ports: - ## @md | `sawtooth.ports.sawnet` | port for the sawtooth validator network | int | 8800 | + ## @md | `sawtooth.ports.sawnet` | port for the sawtooth validator network | 8800 | sawnet: 8800 - ## @md | `sawtooth.ports.consensus` | port for the sawtooth consensus network | int | 5050 | + ## @md | `sawtooth.ports.consensus` | port for the sawtooth consensus network | 5050 | consensus: 5050 - ## @md | `sawtooth.ports.sawcomp` | port for the sawtooth component network | int | 4004 | + ## @md | `sawtooth.ports.sawcomp` | port for the sawtooth component network | 4004 | sawcomp: 4004 - ## @md | `sawtooth.ports.rest` | port for the sawtooth rest-api | int | 8008 | + ## @md | `sawtooth.ports.rest` | port for the sawtooth rest-api | 8008 | rest: 8008 livenessProbe: - ## @md | `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | boolean | false | + ## @md | `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | false | enabled: false - ## @md | `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | int | 300 | + ## @md | `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | 300 | initialDelaySeconds: 300 - ## @md | `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | int | 120 | + ## @md | `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | 120 | periodSeconds: 120 ## @md | `sawtooth.livenessProbe.active` | if false, the liveness probe will run and evaluate the the situation, but always return successfully | string | "false" active: "false" - ## @md | `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | string | "block-info-tp" | + ## @md | `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | "block-info-tp" | exitSignals: "block-info-tp pbft-engine" heartbeat: - ## @md | `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | int | 300 | + ## @md | `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | 300 | interval: 300 - ## @md | `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | boolean | false | + ## @md | `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | false | permissioned: false # This MUST be chosen by the user # Follows DNS naming rules - ## @md | `sawtooth.namespace` | namespace to render these templates into (deprecated) | string | "prod" | + ## @md | `sawtooth.namespace` | namespace to render these templates into (deprecated) | "prod" | namespace: prod # This MUST be chosen by the user. # Follows DNS naming rules - ## @md | `sawtooth.networkName` | name of this sawtooth network (deprecated) | string | "mynetwork" | + ## @md | `sawtooth.networkName` | name of this sawtooth network (deprecated) | "mynetwork" | networkName: mynetwork # serial or parallel ## @md | `sawtooth.scheduler` | name of the sawtooth transaction scheduler to use | string | "serial" @@ -346,26 +371,26 @@ sawtooth: ## @md | `sawtooth.consensus` | id of the the consensus algorithm to use< valid values: 100:DevMode, 200, PoET, 300 - Raft, 400, PBFT | int | 200 consensus: 200 genesis: - ## @md | `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | boolean | true | + ## @md | `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | true | enabled: true - ## @md | `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | string | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" | + ## @md | `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" | seed: "9a2de774-90b5-11e9-9df0-87e889b0f1c9" - ## @md | `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | boolean | false | + ## @md | `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | false | dynamicPeering: false - ## @md | `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | list | [] | + ## @md | `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | [] | externalSeeds: [] seth: # This should default to false, there appear to be problems with the required # block_info block injector that this depends upon - ## @md | `sawtooth.seth.enabled` | enabled sawtooth-seth | boolean | false | + ## @md | `sawtooth.seth.enabled` | enabled sawtooth-seth | false | enabled: false xo: # default this to false since you probably don't want it in real life - ## @md | `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | boolean | false | + ## @md | `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | false | enabled: false smallbank: # default this to false since you probably don't want it in real life - ## @md | `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | boolean | false | + ## @md | `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | false | enabled: false volumes: # This MUST be set, and SHOULD be presented to the user as an option, as it is a likely area @@ -374,16 +399,16 @@ sawtooth: hostPathBaseDir: /var/lib/btp/ # This is an arbitrary cool down period to wait for validators to initialize # before starting any client operations - ## @md | `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | int | 90 | + ## @md | `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | 90 | client_wait: 90 - ## @md | `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | list | nil | + ## @md | `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | nil | customTPs: # A list of basic container definitions # - name: intkey-tp # image: "blockchaintp/sawtooth-intkey-tp-go:1.0.5" # command: [ "bash", "-c" ] # args: [ "intkey-tp-go -v --connect tcp://localhost:4004" ] - ## @md | `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | map | nil | + ## @md | `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | nil | affinity: {} serviceAccount: @@ -391,7 +416,7 @@ serviceAccount: name: # The below are mostly controlled by BTP, although an "advanced" option to customize them may be # presented -## @md | `images` | a map containing all of the image urls used by this template| map | N/A | +## @md | `images` | a map containing all of the image urls used by this template| N/A | images: ## @md ## @md ## Images @@ -440,9 +465,9 @@ images: ## @md ## @md Custom TP definitions are describe using maps with the following fields ## @md -## @md | field | description | type | default | -## @md |-|-|-|-| -## @md | `name` | name of the custom tp container(must be unique within the pod) | string | nil | -## @md | `image` | url of the image for this tp | string | nil | +## @md | field | description | default | +## @md |-|-|-| +## @md | `name` | name of the custom tp container(must be unique within the pod) | nil | +## @md | `image` | url of the image for this tp | nil | ## @md | `command` | list of command tokens for this tp | list | nil -## @md | `arg` | list of arguments to the command | list | nil] | +## @md | `arg` | list of arguments to the command | nil] |