Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lotus bundle chart #84

Merged
merged 14 commits into from
Jun 29, 2021
Merged

lotus bundle chart #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a6e5a6a
lotus bundle chart
Jun 22, 2021
0821f1e
move sidecars to deployment
Jun 22, 2021
0662246
secret and configmap volumes
Jun 22, 2021
7d38159
statefulset, to use persistentVolumeTemplates
Jun 22, 2021
4f7fa3a
address comments
Jun 24, 2021
7814e57
filebeat sidecar
Jun 24, 2021
8ae0f16
Merge branch 'feat/lotus-bundle' of ssh://github.com/filecoin-project…
Jun 24, 2021
9b98fc4
b64enc user-supplied secrets
Jun 25, 2021
da43c72
works with logz.io
Jun 25, 2021
ac35927
deal with permissions
Jun 26, 2021
14487be
container ports
Jun 26, 2021
b2e607f
template improvements
Jun 28, 2021
385f595
fix wallet import
Jun 28, 2021
6eef741
optional external secret config
Jun 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions charts/lotus-bundle/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v2
name: lotus-bundle
description: bundle your application with lotus
type: application
version: 0.0.1
appVersion: 0.0.1
22 changes: 22 additions & 0 deletions charts/lotus-bundle/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Lotus Bundle

If you are writing a lotus application, bundle your application with a lotus node.


## Default behaviors:

Lotus will run as a sidecar to your application. You can access lotus at 127.0.0.1:1234.
There is no authentication, and lotus will not be accessible outside of your pod.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by no authentication? To use any write APIs the user will still need to be able to read the $LOTUS_PATH/token, this is required for wallet interaction so I think we will need to find a way to ensure access to the token. On first review I don't see there is any access.

Copy link
Contributor

@travisperson travisperson Jun 22, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be as simple as

  volumes:
  - name: lotus-path
    mountPath: /var/lib/lotus
    readOnly: true
    
  ...
  env:  
  - name: LOTUS_PATH
    value: /var/lib/lotus

This would require that the backing volume support multiple readers and I don't remember if this is common or not. This is the same as your shared volume, which is required for this chart at the moment, so it could work. If the share volume ends up being optional and this feature isnt' common we may need to find another approach.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to say that because they are in the same pod this isn't an issue, and should just work as long as there is only one writer.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. Adding the lotus-path into the application container as read-only.


Lotus wallets are managed by kubernetes secrets. Any lotus wallet found in the secret
provided will be imported and available for use by your application.

TODO: Configure lotus to use a wallet service.


## Options:

lite-mode: Run lotus lite.
lite-backend: if running in lite-mode, use this service backend. By default, api.chain.love.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a note that api.chain.love is a lotus-gateway service and has a limited api surface area.


See values.yaml for examples.
12 changes: 12 additions & 0 deletions charts/lotus-bundle/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{ .Values.application.name }} with lotus sidecars

Release ---------- {{ .Release.Name }}
Namespace -------- {{ .Release.Namespace }}
Application ------ {{ .Values.application.container.image }}
Bundled with ----- {{ .Values.lotus.image }}

The following following initial wallets will be imported:

{{ range $wallet := .Values.wallets }}
{{ $wallet.address }}
{{ end }}
27 changes: 27 additions & 0 deletions charts/lotus-bundle/templates/configmaps.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{{- range $cm := .Values.application.configMaps }}
{{- if not $cm.external }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $.Release.Name }}-{{ $cm.name }}
data:
{{- range $k, $v := .keys }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}

{{- range $cm := .Values.filebeat.configMaps }}
{{- if not $cm.external }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $.Release.Name }}-{{ $cm.name }}
data:
{{- range $k, $v := .keys }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
9 changes: 9 additions & 0 deletions charts/lotus-bundle/templates/filebeat-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{{- if and .Values.filebeat.enabled (not .Values.filebeat.external) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-filebeat-config
data:
filebeat.yaml: {{ .Values.filebeat.config | b64enc }}
{{- end }}
23 changes: 23 additions & 0 deletions charts/lotus-bundle/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{{- if .Values.application.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ .Release.Name }}-{{ .Values.application.name }}
annotations:
kubernetes.io/ingress.class: {{ .Values.application.ingress.class }}
{{- with .Values.application.ingress.annotations }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
rules:
{{- range $rule := .Values.application.ingress.httpRules }}
- host: {{ $rule.host }}
http:
paths:
- path: {{ $rule.path }}
backend:
serviceName: {{ .Release.Name }}-{{ .Values.application.name }}
servicePort: $rule.servicePort
{{- end }}
{{- end }}
29 changes: 29 additions & 0 deletions charts/lotus-bundle/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- range $sec := .Values.application.secrets }}
{{- if not $sec.external }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $.Release.Name }}-{{ $sec.name }}
data:
{{- range $k, $v := .keys }}
{{ $k }}: {{ $v | b64enc }}
{{- end }}
{{- end }}
{{- end }}

{{- if and .Values.filebeat.enabled }}
{{- range $sec := .Values.filebeat.secrets }}
{{- if not $sec.external }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $.Release.Name }}-{{ $sec.name }}
data:
{{- range $k, $v := .keys }}
{{ $k }}: {{ $v | b64enc }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
20 changes: 20 additions & 0 deletions charts/lotus-bundle/templates/service-monitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.prometheus.serviceMonitor }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ .Release.Name }}-{{ .Values.application.name }}
namespace: {{ .Release.Namespace }}
spec:
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ .Values.application.name }}
release: {{ .Release.Name }}
endpoints:
- port: {{ .Values.prometheus.port }}
path: {{ .Values.prometheus.path }}
interval: 30s
{{- end }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if we should include a service monitor for lotus, don't know what it exports in lite mode, but it would help with at least basic go metrics, and would be beneficial when not running in lite mode.

23 changes: 23 additions & 0 deletions charts/lotus-bundle/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{{ if .Values.application.service.enabled }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-{{ .Values.application.name }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.application.name }}
release: {{ .Release.Name }}
{{- with .Values.application.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.application.service.type }}
selector:
app: {{ .Values.application.name }}
release: {{ .Release.Name }}
ports:
{{- with .Values.application.service.ports }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{ end }}
Loading