From 744d42cd9e96c08e66323716a88e878bf0d9616c Mon Sep 17 00:00:00 2001 From: Amit Zafran Date: Tue, 13 Aug 2024 12:32:39 +0300 Subject: [PATCH] pre --- charts/cache/README.md | 32 ++++++++++++++++------ charts/cache/templates/_helpers.tpl | 2 +- charts/cache/templates/certificate.yaml | 4 +-- charts/cache/templates/ingress.yaml | 2 +- charts/cache/values.yaml | 2 +- charts/consumer/README.md | 31 ++++++++++++++++++--- charts/consumer/templates/certificate.yaml | 4 +-- charts/consumer/templates/hpa.yaml | 2 +- charts/provider/README.md | 29 +++++++++++++++----- charts/provider/templates/_helpers.tpl | 2 +- charts/provider/templates/certificate.yaml | 4 +-- charts/provider/templates/ingress.yaml | 2 +- charts/provider/values.yaml | 2 +- 13 files changed, 86 insertions(+), 32 deletions(-) diff --git a/charts/cache/README.md b/charts/cache/README.md index 7eb27c5..53a4c8d 100644 --- a/charts/cache/README.md +++ b/charts/cache/README.md @@ -32,20 +32,36 @@ Kubernetes: `>=1.25.0-0` | autoscaling.maxReplicas | int | `100` | | | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| certificate.usages | list | `[]` | Usages for the certificate ## Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage | | expiration_multiplier | string | `nil` | The expiration multiplier for items in the cache | | expiration_non_finalized_multiplier | string | `nil` | The expiration non finalized multiplier for items in the cache | -| fullnameOverride | string | `""` | String to fully override `"provider.fullname"` | +| fullnameOverride | string | `""` | String to fully override `"cache.fullname"` | +| global.domain | string | `"my-cache.local"` | Default domain used by all components # Used for ingresses, certificates, etc. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the cache | | image.repository | string | `"ghcr.io/lavanet/lava/lavap"` | Repository to use for the cache | -| image.tag | string | `""` (defaults to Chart.appVersion) | Tag to use for the provider | +| image.tag | string | `""` (defaults to Chart.appVersion) | Tag to use for the cache | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | | ingress.annotations | object | `{}` | Additional ingress annotations | -| ingress.className | string | `""` | Defines which ingress controller will implement the resource | -| ingress.enabled | bool | `false` | Enable an ingress resource for the Consumer | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | Enable TLS configuration for the hostname | +| ingress.className | string | `"nginx"` | Defines which ingress controller will implement the resource | +| ingress.enabled | bool | `true` | Enable an ingress resource for the provider | +| ingress.hostname | string | `""` (defaults to global.domain) | Cache hostname | +| ingress.path | string | `"/"` | The path to Provider | +| ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| ingress.tls | bool | `true` | Enable TLS configuration for the domain defined at `global.domain` # TLS certificate will be retrieved from a TLS secret with name: `cache-tls` | | log.format | string | `"json"` | Cache log format, can be json or text | | log.level | string | `"info"` | Cache log level | | max_items | string | `nil` | Max items allowed in the cache | diff --git a/charts/cache/templates/_helpers.tpl b/charts/cache/templates/_helpers.tpl index 6d39ca3..2715657 100644 --- a/charts/cache/templates/_helpers.tpl +++ b/charts/cache/templates/_helpers.tpl @@ -74,4 +74,4 @@ Expand the host of the release. */}} {{- define "cache.domain" -}} {{- default (include "cache.fullname" .) .Values.global.domain | trunc 63 | trimSuffix "-" -}} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cache/templates/certificate.yaml b/charts/cache/templates/certificate.yaml index 27785b4..6792906 100644 --- a/charts/cache/templates/certificate.yaml +++ b/charts/cache/templates/certificate.yaml @@ -19,7 +19,7 @@ spec: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: cache-tls commonName: {{ .Values.certificate.domain | default .Values.global.domain | quote }} dnsNames: @@ -47,4 +47,4 @@ spec: usages: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cache/templates/ingress.yaml b/charts/cache/templates/ingress.yaml index 483daf2..d81ca65 100644 --- a/charts/cache/templates/ingress.yaml +++ b/charts/cache/templates/ingress.yaml @@ -30,4 +30,4 @@ spec: name: {{ include "cache.fullname" $ }} port: name: http -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cache/values.yaml b/charts/cache/values.yaml index 34a4aba..5d04242 100644 --- a/charts/cache/values.yaml +++ b/charts/cache/values.yaml @@ -51,7 +51,7 @@ service: # -- Cache service port port: 20100 -ingress: +ingress: # -- Enable an ingress resource for the provider enabled: true # -- Defines which ingress controller will implement the resource diff --git a/charts/consumer/README.md b/charts/consumer/README.md index fda70b4..cc5976d 100644 --- a/charts/consumer/README.md +++ b/charts/consumer/README.md @@ -31,19 +31,42 @@ Kubernetes: `>=1.25.0-0` | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | cache.address | string | `"cache:20100"` | Cache address | | cache.enabled | bool | `true` | Should add cache arg | +| certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| certificate.usages | list | `[]` | Usages for the certificate ## Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage | | chainId | string | `"lava-testnet-2"` | Lava chain id | | disableConflictTransactions | bool | `true` | Should disable conflict transactions | | fullnameOverride | string | `""` | String to fully override `"consumer.fullname"` | | geolocation | int | `2` | Provider geo-location can be one of the [geolocations](https://docs.lavanet.xyz/provider-setup#geolocations) | +| global.domain | string | `"my-consumer.local"` | Default domain used by all components # Used for ingresses, certificates, etc. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the consumer | | image.repository | string | `"ghcr.io/lavanet/lava/lavap"` | Repository to use for the consumer | | image.tag | string | `""` (defaults to Chart.appVersion) | Tag to use for the consumer | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | | ingress.annotations | object | `{}` | Additional ingress annotations | -| ingress.className | string | `""` | Defines which ingress controller will implement the resource | -| ingress.domain | string | `"my-consumer.local"` | Consumer host | -| ingress.enabled | bool | `true` | Enable an ingress resource for the consumers | -| ingress.tls | list | `[]` | Enable TLS configuration for the hostname | +| ingress.className | string | `"nginx"` | Defines which ingress controller will implement the resource | +| ingress.enabled | bool | `false` | Enable an ingress resource for the consumers | +| ingress.path | string | `"/"` | The path to Consumer | +| ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| ingress.tls | bool | `true` | Enable TLS configuration for the domain defined at `global.domain` # TLS certificate will be retrieved from a TLS secret with name: `consumer-tls` | +| ingressGrpc.annotations | object | `{}` | Additional ingress annotations | +| ingressGrpc.className | string | `"nginx"` | Defines which ingress controller will implement the resource | +| ingressGrpc.enabled | bool | `false` | Enable a grpc ingress resource for the consumers | +| ingressGrpc.path | string | `"/"` | The path to Consumer | +| ingressGrpc.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| ingressGrpc.tls | bool | `true` | Enable TLS configuration for the domain defined at `global.domain` # TLS certificate will be retrieved from a TLS secret with name: `consumer-grpc-tls` | | key.passwordSecretKey | string | `"password"` | The key in the kubernetes secret that contains the password for the private key | | key.passwordSecretName | string | `"wallet"` | The kubernetes secret that contains the password for the private key | | key.secretKey | string | `"key"` | The key in the kubernetes secret to use | diff --git a/charts/consumer/templates/certificate.yaml b/charts/consumer/templates/certificate.yaml index 65fd292..fe8125f 100644 --- a/charts/consumer/templates/certificate.yaml +++ b/charts/consumer/templates/certificate.yaml @@ -19,7 +19,7 @@ spec: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: consumer-tls commonName: {{ .Values.certificate.domain | default (printf "*.%s" .Values.global.domain) | quote }} dnsNames: @@ -47,4 +47,4 @@ spec: usages: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/consumer/templates/hpa.yaml b/charts/consumer/templates/hpa.yaml index 9d27753..091955e 100644 --- a/charts/consumer/templates/hpa.yaml +++ b/charts/consumer/templates/hpa.yaml @@ -28,4 +28,4 @@ spec: targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/provider/README.md b/charts/provider/README.md index 12351da..8c4b796 100644 --- a/charts/provider/README.md +++ b/charts/provider/README.md @@ -185,20 +185,35 @@ Kubernetes: `>=1.25.0-0` | affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | cache.address | string | `"provider-cache:20100"` | Provider cache address | | cache.enabled | bool | `true` | Enable provider cache supports | +| certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| certificate.issuer.kind | string | `"ClusterIssuer"` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| certificate.issuer.name | string | `"selfsigned"` | Certificate issuer name. Eg. `letsencrypt` | +| certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal | +| certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| certificate.usages | list | `[]` | Usages for the certificate ## Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage | | chainId | string | `"lava-testnet-2"` | Lava chain id | | fullnameOverride | string | `""` | String to fully override `"provider.fullname"` | | geolocation | string | `"2"` | Provider geo-location can be one of the [geolocations](https://docs.lavanet.xyz/provider-setup#geolocations) | +| global.domain | string | `"my-provider.local"` | Default domain used by all components # Used for ingresses, certificates, etc. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the provider | | image.repository | string | `"ghcr.io/lavanet/lava/lavap"` | Repository to use for the provider | | image.tag | string | `""` (defaults to Chart.appVersion) | Tag to use for the provider | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | -| ingress.annotations | object | `{}` | Additional ingress annotations | -| ingress.className | string | `""` | Defines which ingress controller will implement the resource | -| ingress.enabled | bool | `false` | Enable an ingress resource for the Provider | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | Enable TLS configuration for the hostname | +| ingressGrpc.annotations | object | `{}` | Additional ingress annotations | +| ingressGrpc.className | string | `"nginx"` | Defines which ingress controller will implement the resource | +| ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the provider | +| ingressGrpc.path | string | `"/"` | The path to Provider | +| ingressGrpc.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| ingressGrpc.tls | bool | `true` | Enable TLS configuration for the domain defined at `global.domain` # TLS certificate will be retrieved from a TLS secret with name: `provider-grpc-tls` | | key | object | `{"passwordSecretKey":"password","passwordSecretName":"wallet","secretKey":"key","secretName":"wallet"}` | Information about the private key to use for the node | | key.passwordSecretKey | string | `"password"` | The key in the secret that contains the password for the private key | | key.passwordSecretName | string | `"wallet"` | The secret that contains the password for the private key | diff --git a/charts/provider/templates/_helpers.tpl b/charts/provider/templates/_helpers.tpl index 9ab7b1b..d3c35ac 100644 --- a/charts/provider/templates/_helpers.tpl +++ b/charts/provider/templates/_helpers.tpl @@ -74,4 +74,4 @@ Expand the host of the release. */}} {{- define "provider.domain" -}} {{- default (include "provider.fullname" .) .Values.global.domain | trunc 63 | trimSuffix "-" -}} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/provider/templates/certificate.yaml b/charts/provider/templates/certificate.yaml index f381126..6120a1e 100644 --- a/charts/provider/templates/certificate.yaml +++ b/charts/provider/templates/certificate.yaml @@ -19,7 +19,7 @@ spec: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: provider-grpc-tls commonName: {{ .Values.certificate.domain | default (printf "*.%s" .Values.global.domain) | quote }} dnsNames: @@ -47,4 +47,4 @@ spec: usages: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/provider/templates/ingress.yaml b/charts/provider/templates/ingress.yaml index 50f3416..357b310 100644 --- a/charts/provider/templates/ingress.yaml +++ b/charts/provider/templates/ingress.yaml @@ -34,4 +34,4 @@ spec: port: name: grpc {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/provider/values.yaml b/charts/provider/values.yaml index c50d3c7..6fbfbf1 100644 --- a/charts/provider/values.yaml +++ b/charts/provider/values.yaml @@ -51,7 +51,7 @@ service: # -- Provider service port port: 2200 -ingressGrpc: +ingressGrpc: # -- Enable an ingress resource for the provider enabled: false # -- Defines which ingress controller will implement the resource