Merge pull request #388 from celo-org/nethermind-jwt-secret

existing secret nethermind JWT

charts/nethermind/Chart.yaml

@@ -4,7 +4,7 @@ name: nethermind
 description: .NET Core Ethereum client
 type: application
 # version: 2.6.0 # Version of stakewise/charts/nethermind
-version: 2.6.2
+version: 2.6.3
 appVersion: "v1.26.0"
 icon: https://storage.googleapis.com/stakewise-charts/stakewise.png
 keywords:

charts/nethermind/README.md

@@ -1,6 +1,6 @@
 # nethermind
 
-![Version: 2.6.2](https://img.shields.io/badge/Version-2.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
+![Version: 2.6.3](https://img.shields.io/badge/Version-2.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 
 .NET Core Ethereum client
 Initially based on [stakewise/helm-charts/nethermind](https://github.com/stakewise/helm-charts/tree/main/charts/nethermind).
@@ -31,7 +31,9 @@ Initially based on [stakewise/helm-charts/nethermind](https://github.com/stakewi
 | affinity | object | `{}` |  |
 | extraFlags | list | `[]` |  |
 | fullnameOverride | string | `""` |  |
-| global.JWTSecret | string | `""` |  |
+| global.JWTSecret.secretKey | string | `""` |  |
+| global.JWTSecret.secretName | string | `""` |  |
+| global.JWTSecret.value | string | `""` |  |
 | global.imagePullSecrets | list | `[]` |  |
 | global.livenessProbe.enabled | bool | `true` |  |
 | global.metrics.enabled | bool | `true` |  |

charts/nethermind/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.global.JWTSecret }}
+{{- if .Values.global.JWTSecret.value }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,5 +7,5 @@ metadata:
     {{- include "common.labels.standard" . | nindent 4 }}
 type: Opaque
 data:
-  jwtsecret: {{ .Values.global.JWTSecret | b64enc | quote }}
+  jwtsecret: {{ .Values.global.JWTSecret.value | b64enc | quote }}
 {{- end }}

charts/nethermind/templates/service.yaml

@@ -26,7 +26,7 @@ spec:
       protocol: TCP
       name: json-ws
   {{- end }}
-  {{- if .Values.global.JWTSecret }}
+  {{- if or (.Values.global.JWTSecret.value) (.Values.global.JWTSecret.secretName) }}
     - port: {{ .Values.jsonrpc.engine.port }}
       targetPort: engine
       protocol: TCP

charts/nethermind/templates/statefulset.yaml

@@ -119,7 +119,7 @@ spec:
               --JsonRpc.Port={{ .Values.jsonrpc.ports.rest }}
               --JsonRpc.WebSocketsPort={{ .Values.jsonrpc.ports.websocket }}
           {{- end }}
-          {{- if .Values.global.JWTSecret }}
+          {{- if or (.Values.global.JWTSecret.value) (.Values.global.JWTSecret.secretName) }}
               --JsonRpc.JwtSecretFile=/secret/jwtsecret
               --JsonRpc.EnginePort={{ .Values.jsonrpc.engine.port }}
               --JsonRpc.EngineHost={{ .Values.jsonrpc.engine.host }}
@@ -165,7 +165,7 @@ spec:
               containerPort: {{ .Values.jsonrpc.ports.websocket }}
               protocol: TCP
           {{- end }}
-          {{- if .Values.global.JWTSecret }}
+          {{- if or (.Values.global.JWTSecret.value) (.Values.global.JWTSecret.secretName) }}
             - name: engine
               protocol: TCP
               containerPort: {{ .Values.jsonrpc.engine.port }}
@@ -186,7 +186,7 @@ spec:
           volumeMounts:
             - name: data
               mountPath: /data/nethermind
-          {{- if .Values.global.JWTSecret }}
+          {{- if or (.Values.global.JWTSecret.value) (.Values.global.JWTSecret.secretName) }}
             - name: jwtsecret
               mountPath: /secret
               readOnly: true
@@ -204,11 +204,18 @@ spec:
               value: "{{ .Values.sidecar.bindAddr }}:{{ .Values.sidecar.bindPort }}"
             - name: CLIENT_PORT
               value: {{ .Values.jsonrpc.ports.rest | quote }}
-          {{- if .Values.global.JWTSecret }}
+          {{- if or (.Values.global.JWTSecret.value) (.Values.global.JWTSecret.secretName) }}
             - name: CLIENT_AUTHORIZATIONTYPE
               value: "bearer"
             - name: CLIENT_JWTSECRET
-              value: {{ .Values.global.JWTSecret | quote }}
+              {{- if .Values.global.JWTSecret.value }}
+              value: {{ .Values.global.JWTSecret.value | quote }}
+              {{- else if and (.Values.global.JWTSecret.secretName) (.Values.global.JWTSecret.secretKey) }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.JWTSecret.secretName }}
+                  key: {{ .Values.global.JWTSecret.secretKey }}
+              {{- end }}
           {{- end }}
           ports:
             - containerPort: {{ .Values.sidecar.bindPort }}
@@ -240,10 +247,14 @@ spec:
         {{- end }}
       {{- end }}
       volumes:
-        {{- if .Values.global.JWTSecret }}
+        {{- if .Values.global.JWTSecret.value }}
         - name: jwtsecret
           secret:
             secretName: {{ include "common.names.fullname" . }}
+        {{- else if .Values.global.JWTSecret.secretName }}
+        - name: jwtsecret
+          secret:
+            secretName: {{ .Values.global.JWTSecret.secretName }}
         {{- end }}
         - name: env-nodeport
           emptyDir: {}

charts/nethermind/values.yaml

@@ -14,7 +14,10 @@ global:
   ## a command line tool, for example:
   ## openssl rand -hex 32 > token.txt
   ##
-  JWTSecret: ""
+  JWTSecret:
+    value: ""
+    secretName: ""
+    secretKey: ""
 
   ## Credentials to fetch images from private registry
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/