feat: dlcbtc chart initial commit

NethermindEth · Nov 11, 2024 · c9e8b44 · c9e8b44
1 parent 75fed3b
commit c9e8b44
Show file tree

Hide file tree

Showing 13 changed files with 706 additions and 0 deletions.
diff --git a/charts/dlcbtc-attestor/.helmignore b/charts/dlcbtc-attestor/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/dlcbtc-attestor/Chart.yaml b/charts/dlcbtc-attestor/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: dlc-link-attestor
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.5.0"
diff --git a/charts/dlcbtc-attestor/README.md b/charts/dlcbtc-attestor/README.md
@@ -0,0 +1,66 @@
+# Helm Chart for DLC Attestor
+
+This Helm chart deploys the DLC Attestor application with customizable settings for replica count, image configuration, security, affinity, monitoring, and more. The deployment supports various blockchain networks for attestation purposes.
+
+## Values Configuration
+
+### Global Values
+
+| Parameter               | Description                                          | Default                                         |
+|-------------------------|------------------------------------------------------|-------------------------------------------------|
+| `global.replicaCount`   | Number of replicas to deploy                         | `1`                                             |
+| `global.image.repository` | Container image repository                          | `public.ecr.aws/dlc-link/dlc-attestor`          |
+| `global.image.tag`      | Container image tag                                  | `v1.5.4-testnet`                                |
+| `global.image.imagePullPolicy` | Image pull policy                              | `IfNotPresent`                                  |
+| `global.externalSecrets.enabled` | Enable external secrets integration          | `true`                                          |
+| `global.externalSecrets.secretStoreRef` | External secret store reference name   | `secretStoreRef`                                |
+| `global.serviceAccount.create` | Create a service account                       | `false`                                         |
+| `global.imagePullSecrets` | Secrets to use for pulling images                  | `artifactory-general-secret`                    |
+| `global.nodeSelector`   | Node selector for pod assignment                     | `{k8s.scaleway.com/pool-name: workloads-pool-nl-ams-2, beta.kubernetes.io/instance-type: PLAY2-MICRO}` |
+| `global.tolerations`    | Tolerations for pod assignment                       | `{}`                                            |
+| `global.affinity`       | Affinity rules for pod assignment                    | `{}`                                            |
+| `global.sessionAffinity.enabled` | Enable session affinity                      | `false`                                         |
+| `global.sessionAffinity.timeoutSeconds` | Session duration (in seconds)         | `86400`                                         |
+| `global.healthProbe.consensus.livenessProbe` | Liveness probe configuration      | `{}`                                            |
+| `global.healthProbe.consensus.readinessProbe` | Readiness probe configuration    | `{}`                                            |
+| `global.service.svcHeadless` | Create headless service                         | `false`                                         |
+| `global.service.type`   | Service type                                         | `ClusterIP`                                     |
+| `global.service.externalTrafficPolicy` | External traffic policy                 | `Cluster`                                       |
+| `global.service.Ports`  | Ports exposed by the service                         | See [Service Ports](#service-ports)             |
+
+### ConfigMap Configuration
+
+The `configMap.config` section specifies key-value pairs for configuring the DLC attestor application. The configuration is templated and includes environment-specific variables like `ATTESTOR_NAME`, `BITCOIN_CORE_RPC_ENDPOINT`, and more.
+
+### Environment Variables
+
+Define container environment variables under the `env` section:
+
+| Name                     | Description                                        | Example Value                                  |
+|--------------------------|---------------------------------------------------|-----------------------------------------------|
+| `ATTESTOR_NAME`          | Name of the attestor                               | `nethermind`                                  |
+
+### Monitoring
+
+The `metrics` section allows configuring monitoring with Prometheus through a `ServiceMonitor`.
+
+| Parameter               | Description                                          | Default                                         |
+|-------------------------|------------------------------------------------------|-------------------------------------------------|
+| `metrics.enabled`       | Enable metrics scraping                              | `true`                                          |
+| `metrics.serviceMonitor.interval` | Scrape interval                            | `30s`                                           |
+| `metrics.serviceMonitor.honorLabels` | Whether to honor metric labels          | `false`                                         |
+
+### Service Ports
+
+The application exposes multiple service ports:
+
+| Port Name                      | Port Number | Protocol      |
+|--------------------------------|-------------|---------------|
+| `ATTESTOR_BACKEND_PORT`        | `8811`      | `TCP`         |
+| `BLOCKCHAIN_INTERFACE_PORT`    | `8801`      | `TCP`         |
+
+### Miscellaneous
+
+Additional Kubernetes objects can be specified using `extraObjects`.
+
+---
diff --git a/charts/dlcbtc-attestor/templates/_capabilities.tpl b/charts/dlcbtc-attestor/templates/_capabilities.tpl
@@ -0,0 +1,126 @@
+{{/*
+    ====== Return the target Kubernetes version ======
+*/}}
+{{- define "common.capabilities.kubeVersion" -}}
+{{- if .Values.global }}
+    {{- if .Values.global.kubeVersion }}
+    {{- .Values.global.kubeVersion -}}
+    {{- else }}
+    {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+    {{- end -}}
+{{- else }}
+{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for poddisruptionbudget. ======
+*/}}
+{{- define "common.capabilities.policy.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for networkpolicy. ======
+*/}}
+{{- define "common.capabilities.networkPolicy.apiVersion" -}}
+{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for cronjob. ======
+*/}}
+{{- define "common.capabilities.cronjob.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "batch/v1beta1" -}}
+{{- else -}}
+{{- print "batch/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for deployment. ======
+*/}}
+{{- define "common.capabilities.deployment.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for statefulset.======
+*/}}
+{{- define "common.capabilities.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apps/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for ingress. ======
+*/}}
+{{- define "common.capabilities.ingress.apiVersion" -}}
+{{- if .Values.ingress -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- .Values.ingress.apiVersion -}}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for RBAC resources. ======
+*/}}
+{{- define "common.capabilities.rbac.apiVersion" -}}
+{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "rbac.authorization.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "rbac.authorization.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+    ====== Return the appropriate apiVersion for CRDs. ======
+*/}}
+{{- define "common.capabilities.crd.apiVersion" -}}
+{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiextensions.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiextensions.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the used Helm version is 3.3+.
+A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}"  structure.
+This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
+**To be removed when the catalog's minimun Helm version is 3.3**
+*/}}
+{{- define "common.capabilities.supportsHelmVersion" -}}
+{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
+  {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/dlcbtc-attestor/templates/_helpers.tpl b/charts/dlcbtc-attestor/templates/_helpers.tpl
@@ -0,0 +1,79 @@
+{{/*
+    ====== Basic ======
+*/}}
+
+{{- define "dlcbtc.namespace" -}}
+{{- default .Release.Namespace -}}
+{{- end -}}
+
+{{- define "dlcbtc.release" -}}
+{{- default .Release.Name -}}
+{{- end -}}
+
+{{- define "dlcbtc.name" -}}
+{{- printf "%s-%s" .Chart.Name .Release.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "dlcbtc.names.chartWithoutVersion" -}}
+{{- printf "%s" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "dlcbtc.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+    ====== Labels ======
+*/}}
+
+{{- define "dlcbtc.metaLabels" -}}
+app.kubernetes.io/name: {{ template "dlcbtc.name" . }}
+helm.sh/chart: {{ include "dlcbtc.names.chartWithoutVersion" . }}
+app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+{{- range $key, $value := .Values.global.extraLabels }}
+{{ $key }}: {{ include "dlcbtc.renderTpl" (dict "value" $value "context" $) | quote }}
+{{- end }}
+{{- end -}}
+
+{{- define "dlcbtc.matchLabels" -}}
+app.kubernetes.io/name: {{ template "dlcbtc.name" . }}
+helm.sh/chart: {{ include "dlcbtc.names.chartWithoutVersion" . }}
+app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+{{- range $key, $value := .Values.global.extraMatchLabels }}
+{{ $key }}: {{ include "dlcbtc.renderTplMatchLables" (dict "value" $value "context" $) | quote }}
+{{- end }}
+{{- end -}}
+
+{{- define "dlcbtc.statefulset" -}}
+app.kubernetes.io/name: {{ template "dlcbtc.name" . }}
+helm.sh/chart: {{ include "dlcbtc.names.chartWithoutVersion" . }}
+app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+{{- range $key, $value := .Values.global.extraLabels }}
+{{ $key }}: {{ include "dlcbtc.renderTplStatefulset" (dict "value" $value "context" $) | quote }}
+{{- end }}
+{{- end -}}
+
+{{- define "dlcbtc.renderTpl"  -}}
+    {{- if typeIs "string" .value }}
+{{- tpl .value .context }}
+    {{- else }}
+{{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}
+
+{{- define "dlcbtc.renderTplMatchLables"  -}}
+    {{- if typeIs "string" .value }}
+{{- tpl .value .context }}
+    {{- else }}
+{{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}
+
+{{- define "dlcbtc.renderTplStatefulset"  -}}
+    {{- if typeIs "string" .value }}
+{{- tpl .value .context }}
+    {{- else }}
+{{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}
diff --git a/charts/dlcbtc-attestor/templates/configmap.yaml b/charts/dlcbtc-attestor/templates/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "dlcbtc.name" . }}
+  namespace:  {{ template "dlcbtc.namespace" . }}
+  labels:
+    {{- include "dlcbtc.metaLabels" . | nindent 4 }}
+data:
+  config.toml: |
+{{ .Values.configMap.config | indent 4 }}
diff --git a/charts/dlcbtc-attestor/templates/deployment.yaml b/charts/dlcbtc-attestor/templates/deployment.yaml
@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "dlcbtc.name" . }}
+  namespace:  {{ template "dlcbtc.namespace" . }}
+  labels:
+    {{- include "dlcbtc.metaLabels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.global.replicaCount }}
+  podManagementPolicy: "Parallel"
+  selector:
+    matchLabels:
+      {{- include "dlcbtc.matchLabels" . | nindent 6 }}
+  serviceName: {{ include "dlcbtc.name" . }}
+  template:
+    metadata:
+      labels:
+        {{- include "dlcbtc.matchLabels" . | nindent 8 }}
+    spec:
+    {{- with (.Values.global.imagePullSecrets) }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.global.affinity }}
+      affinity:
+        {{ toYaml . | nindent 8 | trim }}
+    {{- end }}
+    {{- with .Values.global.tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 | trim }}
+    {{- end }}
+    {{- with .Values.global.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 | trim }}
+    {{- end }}
+      securityContext:
+        {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ include "dlcbtc.name" . }}
+      containers:
+        - name: dlc-link-attestor
+          image: "{{ .Values.global.image.repository }}:{{ .Values.global.image.tag }}"
+          imagePullPolicy: {{ .Values.global.image.imagePullPolicy }}
+          ports:
+            {{- range $idx, $Port := .Values.global.service.Ports }}
+            - name: {{ $Port.name }}
+              containerPort: {{ $Port.port }}
+              protocol: {{ $Port.protocol }}
+            {{- end }}
+          volumeMounts:
+            - name: config-volume
+              mountPath: /app/attestor/config.toml
+              subPath: config.toml
+            {{- if .Values.global.externalSecrets.enabled }}
+            - name: external-secrets
+              mountPath: /external-secrets
+              readOnly: true
+            {{- end }}
+          env: {{- toYaml .Values.env | nindent 12 }}
+          {{- with .Values.global.healthProbe.consensus.livenessProbe }}
+          livenessProbe:
+            {{ toYaml . | nindent 12 | trim }}
+          {{- end}}
+          {{- with .Values.global.healthProbe.consensus.readinessProbe}}
+          readinessProbe:
+            {{ toYaml . | nindent 12 | trim }}
+          {{- end}}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ template "dlcbtc.name" . }}
+      {{- if .Values.global.externalSecrets.enabled }}
+        - name: external-secrets
+          secret:
+            secretName: eso-{{ include "dlcbtc.name" . }}
+      {{- end }}