From a326e5a090a620ea5504eea9f2d849d6477a27b7 Mon Sep 17 00:00:00 2001 From: 0xtzData Date: Mon, 25 Mar 2024 22:26:33 +0100 Subject: [PATCH] add charts back --- charts/blockscout-stack/.gitignore | 5 + charts/blockscout-stack/Chart.yaml | 9 + charts/blockscout-stack/README.md | 74 + .../templates/admin-rs/_envs.tpl | 12 + .../templates/admin-rs/cm.yml | 13 + .../templates/admin-rs/deployment.yml | 84 + .../templates/admin-rs/ingress.yaml | 47 + .../templates/admin-rs/service.yml | 26 + .../templates/admin-rs/serviceMonitor.yml | 14 + .../templates/admin-ts/_envs.tpl | 12 + .../templates/admin-ts/cm.yml | 13 + .../templates/admin-ts/deployment.yml | 93 + .../templates/admin-ts/ingress.yaml | 47 + .../templates/admin-ts/service.yml | 26 + .../templates/admin-ts/serviceMonitor.yml | 14 + .../templates/blockscout-allowance/_envs.tpl | 12 + .../blockscout-allowance/deployment.yml | 67 + .../blockscout-allowance/ingress.yaml | 49 + .../blockscout-allowance/service.yml | 16 + .../templates/blockscout/_envs.tpl | 12 + .../templates/blockscout/deployment.yml | 121 ++ .../templates/blockscout/ingress.yaml | 58 + .../templates/blockscout/rds-service.yml | 17 + .../templates/blockscout/service-monitor.yaml | 14 + .../templates/blockscout/service.yml | 22 + .../templates/contracts-info/_envs.tpl | 12 + .../templates/contracts-info/cm.yml | 13 + .../templates/contracts-info/deployment.yml | 84 + .../templates/contracts-info/ingress.yaml | 47 + .../templates/contracts-info/service.yml | 26 + .../contracts-info/serviceMonitor.yml | 14 + .../templates/eth-bytecode-db/_envs.tpl | 12 + .../templates/eth-bytecode-db/deployment.yml | 76 + .../templates/eth-bytecode-db/hpa.yml | 16 + .../templates/eth-bytecode-db/ingress.yaml | 47 + .../templates/eth-bytecode-db/rds-service.yml | 17 + .../templates/eth-bytecode-db/service.yml | 22 + .../eth-bytecode-db/serviceMonitor.yml | 14 + .../templates/frontend/_envs.tpl | 12 + .../templates/frontend/deployment.yml | 78 + .../templates/frontend/ingress.yaml | 49 + .../templates/frontend/service.yml | 16 + .../blockscout-stack/templates/geth/_envs.tpl | 25 + .../blockscout-stack/templates/geth/cm.yaml | 25 + .../templates/geth/deployment.yml | 238 +++ .../templates/geth/ingress.yaml | 100 + .../blockscout-stack/templates/geth/pvc.yaml | 92 + .../templates/geth/secret.yml | 10 + .../templates/geth/service.yml | 36 + .../blockscout-stack/templates/node/_envs.tpl | 51 + .../blockscout-stack/templates/node/cm.yaml | 16 + .../templates/node/deployment.yml | 220 +++ .../templates/node/ingress.yaml | 56 + .../blockscout-stack/templates/node/pvc.yaml | 117 ++ .../templates/node/service.yml | 36 + .../templates/postgres/_envs.tpl | 12 + .../templates/postgres/cm.yaml | 15 + .../templates/postgres/deployment.yaml | 104 + .../templates/postgres/pvc.yaml | 24 + .../templates/postgres/service.yaml | 14 + .../templates/sig-provider/_envs.tpl | 12 + .../templates/sig-provider/deployment.yml | 76 + .../templates/sig-provider/hpa.yml | 16 + .../templates/sig-provider/ingress.yaml | 47 + .../templates/sig-provider/service.yml | 22 + .../templates/sig-provider/serviceMonitor.yml | 14 + .../smart-contract-verifier/_envs.tpl | 12 + .../smart-contract-verifier/deployment.yml | 85 + .../templates/smart-contract-verifier/hpa.yml | 16 + .../smart-contract-verifier/ingress.yaml | 86 + .../smart-contract-verifier/service.yml | 38 + .../serviceMonitor.yml | 14 + .../templates/stats/_envs.tpl | 12 + .../blockscout-stack/templates/stats/cm.yml | 13 + .../templates/stats/deployment.yml | 91 + .../blockscout-stack/templates/stats/hpa.yml | 16 + .../templates/stats/ingress.yaml | 47 + .../templates/stats/rds-service.yml | 17 + .../templates/stats/service.yml | 26 + .../templates/stats/serviceMonitor.yml | 14 + .../templates/token-info-extractor/_envs.tpl | 12 + .../templates/token-info-extractor/cm.yml | 13 + .../token-info-extractor/cronjob.yml | 54 + .../templates/visualizer/_envs.tpl | 12 + .../templates/visualizer/deployment.yml | 76 + .../templates/visualizer/hpa.yml | 16 + .../templates/visualizer/ingress.yaml | 47 + .../templates/visualizer/service.yml | 26 + .../templates/visualizer/serviceMonitor.yml | 14 + charts/blockscout-stack/values.yaml | 1751 +++++++++++++++++ charts/blockscout-stack/values/e2e/.sops.yaml | 6 + .../blockscout-stack/values/e2e/secrets.yaml | 104 + .../blockscout-stack/values/e2e/values.yaml | 610 ++++++ .../blockscout-stack/values/gnosis/.sops.yaml | 6 + .../values/gnosis/secrets.yaml | 106 + .../values/gnosis/values.yaml | 547 +++++ 96 files changed, 6697 insertions(+) create mode 100644 charts/blockscout-stack/.gitignore create mode 100644 charts/blockscout-stack/Chart.yaml create mode 100644 charts/blockscout-stack/README.md create mode 100644 charts/blockscout-stack/templates/admin-rs/_envs.tpl create mode 100644 charts/blockscout-stack/templates/admin-rs/cm.yml create mode 100644 charts/blockscout-stack/templates/admin-rs/deployment.yml create mode 100644 charts/blockscout-stack/templates/admin-rs/ingress.yaml create mode 100644 charts/blockscout-stack/templates/admin-rs/service.yml create mode 100644 charts/blockscout-stack/templates/admin-rs/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/admin-ts/_envs.tpl create mode 100644 charts/blockscout-stack/templates/admin-ts/cm.yml create mode 100644 charts/blockscout-stack/templates/admin-ts/deployment.yml create mode 100644 charts/blockscout-stack/templates/admin-ts/ingress.yaml create mode 100644 charts/blockscout-stack/templates/admin-ts/service.yml create mode 100644 charts/blockscout-stack/templates/admin-ts/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/blockscout-allowance/_envs.tpl create mode 100644 charts/blockscout-stack/templates/blockscout-allowance/deployment.yml create mode 100644 charts/blockscout-stack/templates/blockscout-allowance/ingress.yaml create mode 100644 charts/blockscout-stack/templates/blockscout-allowance/service.yml create mode 100644 charts/blockscout-stack/templates/blockscout/_envs.tpl create mode 100644 charts/blockscout-stack/templates/blockscout/deployment.yml create mode 100644 charts/blockscout-stack/templates/blockscout/ingress.yaml create mode 100644 charts/blockscout-stack/templates/blockscout/rds-service.yml create mode 100644 charts/blockscout-stack/templates/blockscout/service-monitor.yaml create mode 100644 charts/blockscout-stack/templates/blockscout/service.yml create mode 100644 charts/blockscout-stack/templates/contracts-info/_envs.tpl create mode 100644 charts/blockscout-stack/templates/contracts-info/cm.yml create mode 100644 charts/blockscout-stack/templates/contracts-info/deployment.yml create mode 100644 charts/blockscout-stack/templates/contracts-info/ingress.yaml create mode 100644 charts/blockscout-stack/templates/contracts-info/service.yml create mode 100644 charts/blockscout-stack/templates/contracts-info/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/_envs.tpl create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/deployment.yml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/hpa.yml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/ingress.yaml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/rds-service.yml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/service.yml create mode 100644 charts/blockscout-stack/templates/eth-bytecode-db/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/frontend/_envs.tpl create mode 100644 charts/blockscout-stack/templates/frontend/deployment.yml create mode 100644 charts/blockscout-stack/templates/frontend/ingress.yaml create mode 100644 charts/blockscout-stack/templates/frontend/service.yml create mode 100644 charts/blockscout-stack/templates/geth/_envs.tpl create mode 100644 charts/blockscout-stack/templates/geth/cm.yaml create mode 100644 charts/blockscout-stack/templates/geth/deployment.yml create mode 100644 charts/blockscout-stack/templates/geth/ingress.yaml create mode 100644 charts/blockscout-stack/templates/geth/pvc.yaml create mode 100644 charts/blockscout-stack/templates/geth/secret.yml create mode 100644 charts/blockscout-stack/templates/geth/service.yml create mode 100644 charts/blockscout-stack/templates/node/_envs.tpl create mode 100644 charts/blockscout-stack/templates/node/cm.yaml create mode 100644 charts/blockscout-stack/templates/node/deployment.yml create mode 100644 charts/blockscout-stack/templates/node/ingress.yaml create mode 100644 charts/blockscout-stack/templates/node/pvc.yaml create mode 100644 charts/blockscout-stack/templates/node/service.yml create mode 100644 charts/blockscout-stack/templates/postgres/_envs.tpl create mode 100644 charts/blockscout-stack/templates/postgres/cm.yaml create mode 100644 charts/blockscout-stack/templates/postgres/deployment.yaml create mode 100644 charts/blockscout-stack/templates/postgres/pvc.yaml create mode 100644 charts/blockscout-stack/templates/postgres/service.yaml create mode 100644 charts/blockscout-stack/templates/sig-provider/_envs.tpl create mode 100644 charts/blockscout-stack/templates/sig-provider/deployment.yml create mode 100644 charts/blockscout-stack/templates/sig-provider/hpa.yml create mode 100644 charts/blockscout-stack/templates/sig-provider/ingress.yaml create mode 100644 charts/blockscout-stack/templates/sig-provider/service.yml create mode 100644 charts/blockscout-stack/templates/sig-provider/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/_envs.tpl create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/deployment.yml create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/hpa.yml create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/ingress.yaml create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/service.yml create mode 100644 charts/blockscout-stack/templates/smart-contract-verifier/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/stats/_envs.tpl create mode 100644 charts/blockscout-stack/templates/stats/cm.yml create mode 100644 charts/blockscout-stack/templates/stats/deployment.yml create mode 100644 charts/blockscout-stack/templates/stats/hpa.yml create mode 100644 charts/blockscout-stack/templates/stats/ingress.yaml create mode 100644 charts/blockscout-stack/templates/stats/rds-service.yml create mode 100644 charts/blockscout-stack/templates/stats/service.yml create mode 100644 charts/blockscout-stack/templates/stats/serviceMonitor.yml create mode 100644 charts/blockscout-stack/templates/token-info-extractor/_envs.tpl create mode 100644 charts/blockscout-stack/templates/token-info-extractor/cm.yml create mode 100644 charts/blockscout-stack/templates/token-info-extractor/cronjob.yml create mode 100644 charts/blockscout-stack/templates/visualizer/_envs.tpl create mode 100644 charts/blockscout-stack/templates/visualizer/deployment.yml create mode 100644 charts/blockscout-stack/templates/visualizer/hpa.yml create mode 100644 charts/blockscout-stack/templates/visualizer/ingress.yaml create mode 100644 charts/blockscout-stack/templates/visualizer/service.yml create mode 100644 charts/blockscout-stack/templates/visualizer/serviceMonitor.yml create mode 100644 charts/blockscout-stack/values.yaml create mode 100644 charts/blockscout-stack/values/e2e/.sops.yaml create mode 100644 charts/blockscout-stack/values/e2e/secrets.yaml create mode 100644 charts/blockscout-stack/values/e2e/values.yaml create mode 100644 charts/blockscout-stack/values/gnosis/.sops.yaml create mode 100644 charts/blockscout-stack/values/gnosis/secrets.yaml create mode 100644 charts/blockscout-stack/values/gnosis/values.yaml diff --git a/charts/blockscout-stack/.gitignore b/charts/blockscout-stack/.gitignore new file mode 100644 index 00000000..36131839 --- /dev/null +++ b/charts/blockscout-stack/.gitignore @@ -0,0 +1,5 @@ +values-** +client-** +node-** +!values-test.yaml +frontend-test diff --git a/charts/blockscout-stack/Chart.yaml b/charts/blockscout-stack/Chart.yaml new file mode 100644 index 00000000..bc300fcf --- /dev/null +++ b/charts/blockscout-stack/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +appVersion: 0.6.3 +version: 0.6.3 +name: blockscout-stack +description: ''' +Helm chart for deploying blockscout-stack in K8S + +Deploy command: `helm upgrade --install -n= blockscout-stack ./ -f values-.yaml` +''' diff --git a/charts/blockscout-stack/README.md b/charts/blockscout-stack/README.md new file mode 100644 index 00000000..fd9cd88a --- /dev/null +++ b/charts/blockscout-stack/README.md @@ -0,0 +1,74 @@ +# blockscout-stack + +Installs the blockscout-stack, a collection of Kubernetes manifests: [Blockscout](https://github.com/blockscout/blockscout), [Rust services](https://github.com/blockscout/blockscout-rs), Blockscout Allowance service, frontend, Postgres DB, geth node (+ client if needed). + +See the [blockscout](https://github.com/blockscout/blockscout) README for details about environments, and configuration options. + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Helm Repository Info + +```console +helm repo add blockscout-stack https://blockscout.github.io/blockscout-ci-cd/ +helm repo update +``` + +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Helm Chart + +```console +helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm secrets install \ + --repo https://blockscout.github.io/blockscout-ci-cd/ \ + [RELEASE_NAME] blockscout-stack \ + -f [VALUES_DIR]/values.yaml \ + -f [VALUES_DIR]/secrets.yaml \ + -n [APP_NAMESPACE] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Helm Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm secrets upgrade --install \ + --repo https://blockscout.github.io/blockscout-ci-cd/ \ + [RELEASE_NAME] blockscout-stack \ + -f [VALUES_DIR]/values.yaml \ + -f [VALUES_DIR]/secrets.yaml \ + -n [APP_NAMESPACE] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). All configurable options with detailed comments are in [values.yaml](https://github.com/blockscout/blockscout-ci-cd/blob/master/charts/blockscout-stack/values.yaml). + +### Enable services + +To enable a service during installation, set `service_name.enabled` to `true`. For example `scVerifier.enabled`, `postgres.enabled` and `frontend.enabled`. + + +## Further Information + +For more in-depth documentation of configuration options meanings, please see + +- [Blockscout](https://github.com/blockscout/blockscout) +- [Rust services](https://github.com/blockscout/blockscout-rs) diff --git a/charts/blockscout-stack/templates/admin-rs/_envs.tpl b/charts/blockscout-stack/templates/admin-rs/_envs.tpl new file mode 100644 index 00000000..a7d68a5c --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "adminRs_env" }} +{{- range $key, $value := .Values.adminRs.environment }} +{{- $item := get $.Values.adminRs.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-rs/cm.yml b/charts/blockscout-stack/templates/admin-rs/cm.yml new file mode 100644 index 00000000..b121c1dc --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/cm.yml @@ -0,0 +1,13 @@ +{{- if .Values.adminRs.enabled }} +{{- if .Values.adminRs.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: admin-rs-cm +data: + {{- range $key, $value := .Values.adminRs.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-rs/deployment.yml b/charts/blockscout-stack/templates/admin-rs/deployment.yml new file mode 100644 index 00000000..f5a28bd9 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/deployment.yml @@ -0,0 +1,84 @@ +{{- if .Values.adminRs.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-admin-rs +spec: + replicas: {{ .Values.adminRs.replicas.app }} + strategy: + type: {{ .Values.adminRs.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-admin-rs + template: + metadata: + labels: + app: {{ .Release.Name }}-admin-rs + {{- if eq .Values.adminRs.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-admin-rs + image: {{ pluck $.Values.global.env .Values.adminRs.image | first | default .Values.adminRs.image._default | quote }} + resources: + {{- with .Values.adminRs.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.adminRs.image.pullPolicy }} + ports: + - containerPort: {{ .Values.adminRs.docker.targetPort }} + # - containerPort: {{ .Values.adminRs.docker.metricsPort }} + # name: http-metrics + env: +{{- include "adminRs_env" . | indent 10 }} + {{- if .Values.adminRs.files.enabled }} + volumeMounts: + {{- range $key, $value := .Values.adminRs.files.list }} + - mountPath: {{ $.Values.adminRs.files.mountPath }}/{{ $key }} + name: admin-rs-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.adminRs.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.adminRs.readinessProbe.path }} + port: {{ .Values.adminRs.docker.targetPort }} + scheme: HTTP + {{- with .Values.adminRs.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.adminRs.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.adminRs.livenessProbe.path }} + port: {{ .Values.adminRs.docker.targetPort }} + scheme: HTTP + {{- with .Values.adminRs.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + restartPolicy: Always + {{- if .Values.adminRs.files.enabled }} + volumes: + - configMap: + name: admin-rs-cm + defaultMode: 0777 + name: admin-rs-cm + {{- end }} + {{- if .Values.adminRs.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.adminRs.nodeSelector.labels | first | default .Values.adminRs.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/admin-rs/ingress.yaml b/charts/blockscout-stack/templates/admin-rs/ingress.yaml new file mode 100644 index 00000000..f7b156a7 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.adminRs.enabled }} +{{- if .Values.adminRs.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.adminRs.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-admin-rs-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.adminRs.ingress.host | first | default .Values.adminRs.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: admin-rs-svc + # port: + # number: {{ .Values.adminRs.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: admin-rs-svc + port: + number: {{ .Values.adminRs.docker.port }} + {{- if .Values.adminRs.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.adminRs.ingress.host | first | default .Values.adminRs.ingress.host._default | quote }} + {{- if .Values.adminRs.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-admin-rs-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-rs/service.yml b/charts/blockscout-stack/templates/admin-rs/service.yml new file mode 100644 index 00000000..22c5ccb8 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/service.yml @@ -0,0 +1,26 @@ +{{- if .Values.adminRs.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: admin-rs-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: {{ .Release.Name }}-admin-rs +spec: + type: {{ .Values.adminRs.service.type}} + ports: + - port: {{ .Values.adminRs.docker.port }} + targetPort: {{ .Values.adminRs.docker.targetPort }} + protocol: TCP + name: web + # - port: {{ .Values.adminRs.docker.metricsPort }} + # targetPort: {{ .Values.adminRs.docker.metricsPort }} + # protocol: TCP + # name: http-metrics + selector: + app: {{ .Release.Name }}-admin-rs +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/admin-rs/serviceMonitor.yml b/charts/blockscout-stack/templates/admin-rs/serviceMonitor.yml new file mode 100644 index 00000000..e7c7abd3 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-rs/serviceMonitor.yml @@ -0,0 +1,14 @@ +# {{- if .Values.adminRs.enabled }} +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: {{ .Release.Name }}-admin-rs +# spec: +# endpoints: +# - scrapeTimeout: 10s +# port: http-metrics +# path: /metrics +# selector: +# matchLabels: +# app: {{ .Release.Name }}-admin-rs +# {{- end }} diff --git a/charts/blockscout-stack/templates/admin-ts/_envs.tpl b/charts/blockscout-stack/templates/admin-ts/_envs.tpl new file mode 100644 index 00000000..4fbc9b46 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "adminTs_env" }} +{{- range $key, $value := .Values.adminTs.environment }} +{{- $item := get $.Values.adminTs.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-ts/cm.yml b/charts/blockscout-stack/templates/admin-ts/cm.yml new file mode 100644 index 00000000..28b3d415 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/cm.yml @@ -0,0 +1,13 @@ +{{- if .Values.adminTs.enabled }} +{{- if .Values.adminTs.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: admin-ts-cm +data: + {{- range $key, $value := .Values.adminTs.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-ts/deployment.yml b/charts/blockscout-stack/templates/admin-ts/deployment.yml new file mode 100644 index 00000000..c4d37671 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/deployment.yml @@ -0,0 +1,93 @@ +{{- if .Values.adminTs.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-admin-ts +spec: + replicas: {{ .Values.adminTs.replicas.app }} + strategy: + type: {{ .Values.adminTs.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-admin-ts + template: + metadata: + labels: + app: {{ .Release.Name }}-admin-ts + {{- if eq .Values.adminTs.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-admin-ts + image: {{ pluck $.Values.global.env .Values.adminTs.image | first | default .Values.adminTs.image._default | quote }} + resources: + {{- with .Values.adminTs.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.adminTs.image.pullPolicy }} + ports: + - containerPort: {{ .Values.adminTs.docker.targetPort }} + # - containerPort: {{ .Values.adminTs.docker.metricsPort }} + # name: http-metrics + env: +{{- include "adminTs_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/path + {{- if .Values.adminTs.files.enabled }} + volumeMounts: + {{- range $key, $value := .Values.adminTs.files.list }} + - mountPath: {{ $.Values.adminTs.files.mountPath }}/{{ $key }} + name: admin-ts-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.adminTs.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.adminTs.readinessProbe.path }} + port: {{ .Values.adminTs.docker.targetPort }} + scheme: HTTP + {{- with .Values.adminTs.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.adminTs.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.adminTs.livenessProbe.path }} + port: {{ .Values.adminTs.docker.targetPort }} + scheme: HTTP + {{- with .Values.adminTs.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + {{- if .Values.adminTs.files.enabled }} + volumes: + - configMap: + name: admin-ts-cm + defaultMode: 0777 + name: admin-ts-cm + {{- end }} + restartPolicy: Always + {{- if .Values.adminTs.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.adminTs.nodeSelector.labels | first | default .Values.adminTs.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/admin-ts/ingress.yaml b/charts/blockscout-stack/templates/admin-ts/ingress.yaml new file mode 100644 index 00000000..7db80eff --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.adminTs.enabled }} +{{- if .Values.adminTs.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.adminTs.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-admin-ts-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.adminTs.ingress.host | first | default .Values.adminTs.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: admin-ts-svc + # port: + # number: {{ .Values.adminTs.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: admin-ts-svc + port: + number: {{ .Values.adminTs.docker.port }} + {{- if .Values.adminTs.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.adminTs.ingress.host | first | default .Values.adminTs.ingress.host._default | quote }} + {{- if .Values.adminTs.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-admin-ts-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/admin-ts/service.yml b/charts/blockscout-stack/templates/admin-ts/service.yml new file mode 100644 index 00000000..4a4a8541 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/service.yml @@ -0,0 +1,26 @@ +{{- if .Values.adminTs.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: admin-ts-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: {{ .Release.Name }}-admin-ts +spec: + type: {{ .Values.adminTs.service.type}} + ports: + - port: {{ .Values.adminTs.docker.port }} + targetPort: {{ .Values.adminTs.docker.targetPort }} + protocol: TCP + name: web + # - port: {{ .Values.adminTs.docker.metricsPort }} + # targetPort: {{ .Values.adminTs.docker.metricsPort }} + # protocol: TCP + # name: http-metrics + selector: + app: {{ .Release.Name }}-admin-ts +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/admin-ts/serviceMonitor.yml b/charts/blockscout-stack/templates/admin-ts/serviceMonitor.yml new file mode 100644 index 00000000..2be2e1d9 --- /dev/null +++ b/charts/blockscout-stack/templates/admin-ts/serviceMonitor.yml @@ -0,0 +1,14 @@ +# {{- if .Values.adminTs.enabled }} +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: {{ .Release.Name }}-admin-ts +# spec: +# endpoints: +# - scrapeTimeout: 10s +# port: http-metrics +# path: /metrics +# selector: +# matchLabels: +# app: {{ .Release.Name }}-admin-ts +# {{- end }} diff --git a/charts/blockscout-stack/templates/blockscout-allowance/_envs.tpl b/charts/blockscout-stack/templates/blockscout-allowance/_envs.tpl new file mode 100644 index 00000000..9bf271f3 --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout-allowance/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "allowance_env" }} +{{- range $key, $value := .Values.allowance.environment }} +{{- $item := get $.Values.allowance.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout-allowance/deployment.yml b/charts/blockscout-stack/templates/blockscout-allowance/deployment.yml new file mode 100644 index 00000000..757fc11b --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout-allowance/deployment.yml @@ -0,0 +1,67 @@ +{{- if .Values.allowance.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-allowance + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "http-metrics" +spec: + replicas: {{ .Values.allowance.replicas.app }} + selector: + matchLabels: + app: {{ .Release.Name }}-allowance + template: + metadata: + annotations: + releaseTime: {{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC"| quote }} + labels: + app: {{ .Release.Name }}-allowance + spec: + # serviceAccountName: vault-auth + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-allowance + image: {{ pluck $.Values.global.env .Values.allowance.image | first | default .Values.allowance.image._default | quote }} + resources: + {{- with .Values.allowance.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: Always + ports: + - containerPort: {{ .Values.allowance.docker.targetPort }} + env: +{{- include "allowance_env" . | indent 10 }} + {{- if .Values.allowance.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.allowance.readinessProbe.path }} + port: {{ .Values.allowance.docker.targetPort }} + scheme: HTTP + {{- with .Values.allowance.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.allowance.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.allowance.livenessProbe.path }} + port: {{ .Values.allowance.docker.targetPort }} + scheme: HTTP + {{- with .Values.allowance.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + restartPolicy: Always + {{- if .Values.allowance.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.allowance.nodeSelector.labels | first | default .Values.allowance.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout-allowance/ingress.yaml b/charts/blockscout-stack/templates/blockscout-allowance/ingress.yaml new file mode 100644 index 00000000..19c470bd --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout-allowance/ingress.yaml @@ -0,0 +1,49 @@ +{{- if .Values.allowance.enabled }} +{{- if .Values.allowance.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.allowance.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-allowance-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.allowance.ingress.host | first | default .Values.allowance.ingress.host._default | quote }} + http: + paths: + {{- range .Values.allowance.ingress.path.exact }} + - path: {{ . }} + pathType: Exact + backend: + service: + name: {{ $.Release.Name }}-allowance-svc + port: + number: {{ $.Values.allowance.docker.port }} + {{- end}} + {{- range .Values.allowance.ingress.path.prefix }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }}-allowance-svc + port: + number: {{ $.Values.allowance.docker.port }} + {{- end}} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.allowance.ingress.host | first | default .Values.allowance.ingress.host._default | quote }} + {{- if .Values.allowance.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-{{ .Values.allowance.app }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout-allowance/service.yml b/charts/blockscout-stack/templates/blockscout-allowance/service.yml new file mode 100644 index 00000000..8d68d026 --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout-allowance/service.yml @@ -0,0 +1,16 @@ +{{- if .Values.allowance.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-allowance-svc +spec: + type: {{ .Values.allowance.service.type}} + ports: + - port: {{ .Values.allowance.docker.port }} + targetPort: {{ .Values.allowance.docker.targetPort }} + protocol: TCP + name: http + selector: + app: {{ .Release.Name }}-allowance +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/_envs.tpl b/charts/blockscout-stack/templates/blockscout/_envs.tpl new file mode 100644 index 00000000..7503c3cd --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "app_env" }} +{{- range $key, $value := .Values.blockscout.environment }} +{{- $item := get $.Values.blockscout.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/deployment.yml b/charts/blockscout-stack/templates/blockscout/deployment.yml new file mode 100644 index 00000000..31fee397 --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/deployment.yml @@ -0,0 +1,121 @@ +{{- if .Values.blockscout.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-blockscout + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "http-metrics" +spec: + replicas: {{ .Values.blockscout.replicas.app }} + selector: + matchLabels: + app: {{ .Release.Name }}-blockscout + template: + metadata: + labels: + app: {{ .Release.Name }}-blockscout + spec: + # serviceAccountName: vault-auth + {{- if .Values.blockscout.init.enabled }} + initContainers: + - name: init-migrations + image: {{ pluck $.Values.global.env .Values.blockscout.init.image | first | default .Values.blockscout.init.image._default | quote }} + resources: + {{- with .Values.blockscout.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + {{- with .Values.blockscout.init.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.blockscout.init.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + env: +{{- include "app_env" . | indent 10 }} + {{- if .Values.blockscout.init.volumes.enabled }} + {{- range $key, $value := .Values.blockscout.init.volumes.list }} + volumeMounts: + - name: {{ $key }} + mountPath: {{ toYaml $value | indent 2 }} + {{- end }} + {{- end }} + {{- end }} + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-blockscout + image: {{ pluck $.Values.global.env .Values.blockscout.image | first | default .Values.blockscout.image._default | quote }} + resources: + {{- with .Values.blockscout.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: Always + {{- with .Values.blockscout.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.blockscout.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + ports: + - containerPort: {{ .Values.blockscout.docker.targetPort }} + env: +{{- include "app_env" . | indent 10 }} + # volumeMounts: + # - name: smweb-logs + # mountPath: /usr/local/sm-web-server/log + {{- if .Values.blockscout.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.blockscout.readinessProbe.path }} + port: {{ .Values.blockscout.docker.targetPort }} + scheme: HTTP + {{- with .Values.blockscout.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.blockscout.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.blockscout.livenessProbe.path }} + port: {{ .Values.blockscout.docker.targetPort }} + scheme: HTTP + {{- with .Values.blockscout.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + volumes: + - name: workdir + emptyDir: {} + {{- if .Values.blockscout.init.volumes.enabled }} + {{- range $key, $value := .Values.blockscout.init.volumes.list }} + - name: {{ $key }} + emptyDir: {} + {{- end }} + {{- end }} + # volumeMounts: + # - name: smweb-logs + # mountPath: /smweb/ + # - name: config + # mountPath: /etc/promtail/config.yml + # subPath: config-node.yml + restartPolicy: Always + {{- with .Values.blockscout.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.blockscout.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.blockscout.nodeSelector.labels | first | default .Values.blockscout.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/ingress.yaml b/charts/blockscout-stack/templates/blockscout/ingress.yaml new file mode 100644 index 00000000..76ccb6a4 --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/ingress.yaml @@ -0,0 +1,58 @@ +{{- if .Values.blockscout.enabled }} +{{- if .Values.blockscout.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{- if .Values.blockscout.ingress.tls.enabled }} + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- end}} + {{- range .Values.blockscout.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-blockscout-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.blockscout.ingress.host | first | default .Values.blockscout.ingress.host._default | quote }} + http: + paths: + {{- range .Values.blockscout.ingress.path.exact }} + - path: {{ . }} + pathType: Exact + backend: + service: + name: {{ $.Release.Name }}-blockscout-svc + port: + number: {{ $.Values.blockscout.docker.port }} + {{- end }} + {{- range .Values.blockscout.ingress.path.prefix }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }}-blockscout-svc + port: + number: {{ $.Values.blockscout.docker.port }} + {{- end }} + {{- if .Values.blockscout.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.blockscout.ingress.host | first | default .Values.blockscout.ingress.host._default | quote }} + {{- if .Values.blockscout.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-{{ .Values.blockscout.app }}-tls + {{- end}} + {{- end}} +--- +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/rds-service.yml b/charts/blockscout-stack/templates/blockscout/rds-service.yml new file mode 100644 index 00000000..017bd816 --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/rds-service.yml @@ -0,0 +1,17 @@ +{{- if .Values.blockscout.enabled }} +{{- if .Values.blockscout.rds.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ .Release.Name }}-rds-svc + name: db-svc +spec: + externalName: {{ pluck $.Values.global.env .Values.blockscout.rds.endpoint | first | default .Values.blockscout.rds.endpoint._default | quote }} + selector: + app: {{ .Release.Name }}-rds-svc + type: ExternalName +status: + loadBalancer: {} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/service-monitor.yaml b/charts/blockscout-stack/templates/blockscout/service-monitor.yaml new file mode 100644 index 00000000..e327155e --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/service-monitor.yaml @@ -0,0 +1,14 @@ +{{- if .Values.blockscout.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-blockscout-svm +spec: + endpoints: + - scrapeTimeout: 10s + port: http + path: /metrics + selector: + matchLabels: + app: {{ .Release.Name }}-blockscout-svc +{{- end }} diff --git a/charts/blockscout-stack/templates/blockscout/service.yml b/charts/blockscout-stack/templates/blockscout/service.yml new file mode 100644 index 00000000..7e58e2ae --- /dev/null +++ b/charts/blockscout-stack/templates/blockscout/service.yml @@ -0,0 +1,22 @@ +{{- if .Values.blockscout.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-blockscout-svc + labels: + app: {{ .Release.Name }}-blockscout-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external +spec: + type: {{ .Values.blockscout.service.type}} + ports: + - port: {{ .Values.blockscout.docker.port }} + targetPort: {{ .Values.blockscout.docker.targetPort }} + protocol: TCP + name: http + selector: + app: {{ .Release.Name }}-blockscout +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/contracts-info/_envs.tpl b/charts/blockscout-stack/templates/contracts-info/_envs.tpl new file mode 100644 index 00000000..f4762772 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "contractsInfo_env" }} +{{- range $key, $value := .Values.contractsInfo.environment }} +{{- $item := get $.Values.contractsInfo.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/contracts-info/cm.yml b/charts/blockscout-stack/templates/contracts-info/cm.yml new file mode 100644 index 00000000..12e64cb7 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/cm.yml @@ -0,0 +1,13 @@ +{{- if .Values.contractsInfo.enabled }} +{{- if .Values.contractsInfo.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contracts-info-cm +data: + {{- range $key, $value := .Values.contractsInfo.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/contracts-info/deployment.yml b/charts/blockscout-stack/templates/contracts-info/deployment.yml new file mode 100644 index 00000000..a96c24e6 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/deployment.yml @@ -0,0 +1,84 @@ +{{- if .Values.contractsInfo.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-contracts-info +spec: + replicas: {{ .Values.contractsInfo.replicas.app }} + strategy: + type: {{ .Values.contractsInfo.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-contracts-info + template: + metadata: + labels: + app: {{ .Release.Name }}-contracts-info + {{- if eq .Values.contractsInfo.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-contracts-info + image: {{ pluck $.Values.global.env .Values.contractsInfo.image | first | default .Values.contractsInfo.image._default | quote }} + resources: + {{- with .Values.contractsInfo.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.contractsInfo.image.pullPolicy }} + ports: + - containerPort: {{ .Values.contractsInfo.docker.targetPort }} + # - containerPort: {{ .Values.contractsInfo.docker.metricsPort }} + # name: http-metrics + env: +{{- include "contractsInfo_env" . | indent 10 }} + {{- if .Values.contractsInfo.files.enabled }} + volumeMounts: + {{- range $key, $value := .Values.contractsInfo.files.list }} + - mountPath: {{ $.Values.contractsInfo.files.mountPath }}/{{ $key }} + name: contracts-info-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.contractsInfo.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.contractsInfo.readinessProbe.path }} + port: {{ .Values.contractsInfo.docker.targetPort }} + scheme: HTTP + {{- with .Values.contractsInfo.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.contractsInfo.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.contractsInfo.livenessProbe.path }} + port: {{ .Values.contractsInfo.docker.targetPort }} + scheme: HTTP + {{- with .Values.contractsInfo.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.contractsInfo.files.enabled }} + volumes: + - configMap: + name: contracts-info-cm + defaultMode: 0777 + name: contracts-info-cm + {{- end }} + restartPolicy: Always + {{- if .Values.contractsInfo.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.contractsInfo.nodeSelector.labels | first | default .Values.contractsInfo.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/contracts-info/ingress.yaml b/charts/blockscout-stack/templates/contracts-info/ingress.yaml new file mode 100644 index 00000000..57f54187 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.contractsInfo.enabled }} +{{- if .Values.contractsInfo.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.contractsInfo.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-contracts-info-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.contractsInfo.ingress.host | first | default .Values.contractsInfo.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: contracts-info-svc + # port: + # number: {{ .Values.contractsInfo.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: contracts-info-svc + port: + number: {{ .Values.contractsInfo.docker.port }} + {{- if .Values.contractsInfo.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.contractsInfo.ingress.host | first | default .Values.contractsInfo.ingress.host._default | quote }} + {{- if .Values.contractsInfo.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-contracts-info-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/contracts-info/service.yml b/charts/blockscout-stack/templates/contracts-info/service.yml new file mode 100644 index 00000000..8d413d78 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/service.yml @@ -0,0 +1,26 @@ +{{- if .Values.contractsInfo.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: contracts-info-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: {{ .Release.Name }}-contracts-info +spec: + type: {{ .Values.contractsInfo.service.type}} + ports: + - port: {{ .Values.contractsInfo.docker.port }} + targetPort: {{ .Values.contractsInfo.docker.targetPort }} + protocol: TCP + name: web + # - port: {{ .Values.contractsInfo.docker.metricsPort }} + # targetPort: {{ .Values.contractsInfo.docker.metricsPort }} + # protocol: TCP + # name: http-metrics + selector: + app: {{ .Release.Name }}-contracts-info +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/contracts-info/serviceMonitor.yml b/charts/blockscout-stack/templates/contracts-info/serviceMonitor.yml new file mode 100644 index 00000000..4f57c5a6 --- /dev/null +++ b/charts/blockscout-stack/templates/contracts-info/serviceMonitor.yml @@ -0,0 +1,14 @@ +# {{- if .Values.contractsInfo.enabled }} +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: {{ .Release.Name }}-contracts-info +# spec: +# endpoints: +# - scrapeTimeout: 10s +# port: http-metrics +# path: /metrics +# selector: +# matchLabels: +# app: {{ .Release.Name }}-contracts-info +# {{- end }} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/_envs.tpl b/charts/blockscout-stack/templates/eth-bytecode-db/_envs.tpl new file mode 100644 index 00000000..de1bdea9 --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "ethBytecodeDb_env" }} +{{- range $key, $value := .Values.ethBytecodeDb.environment }} +{{- $item := get $.Values.ethBytecodeDb.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/deployment.yml b/charts/blockscout-stack/templates/eth-bytecode-db/deployment.yml new file mode 100644 index 00000000..a1ef474c --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/deployment.yml @@ -0,0 +1,76 @@ +{{- if .Values.ethBytecodeDb.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-eth-bytecode-db +spec: + replicas: {{ .Values.ethBytecodeDb.replicas.app }} + strategy: + type: {{ .Values.ethBytecodeDb.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-eth-bytecode-db + template: + metadata: + labels: + app: {{ .Release.Name }}-eth-bytecode-db + {{- if eq .Values.ethBytecodeDb.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }}-eth-bytecode-db + image: {{ pluck $.Values.global.env .Values.ethBytecodeDb.image | first | default .Values.ethBytecodeDb.image._default | quote }} + resources: + {{- with .Values.ethBytecodeDb.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.ethBytecodeDb.image.pullPolicy }} + ports: + - containerPort: {{ .Values.ethBytecodeDb.docker.targetPort }} + - containerPort: {{ .Values.ethBytecodeDb.docker.metricsPort }} + name: http-metrics + env: +{{- include "ethBytecodeDb_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/path + {{- if .Values.ethBytecodeDb.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.ethBytecodeDb.readinessProbe.path }} + port: {{ .Values.ethBytecodeDb.docker.targetPort }} + scheme: HTTP + {{- with .Values.ethBytecodeDb.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.ethBytecodeDb.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.ethBytecodeDb.livenessProbe.path }} + port: {{ .Values.ethBytecodeDb.docker.targetPort }} + scheme: HTTP + {{- with .Values.ethBytecodeDb.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.ethBytecodeDb.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.ethBytecodeDb.nodeSelector.labels | first | default .Values.ethBytecodeDb.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/hpa.yml b/charts/blockscout-stack/templates/eth-bytecode-db/hpa.yml new file mode 100644 index 00000000..ccecf2bb --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/hpa.yml @@ -0,0 +1,16 @@ +{{- if .Values.ethBytecodeDb.enabled }} +{{- if .Values.ethBytecodeDb.hpa.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-eth-bytecode-db +spec: + maxReplicas: {{ .Values.ethBytecodeDb.hpa.maxReplicas }} + minReplicas: {{ .Values.ethBytecodeDb.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-eth-bytecode-db + targetCPUUtilizationPercentage: {{ .Values.ethBytecodeDb.hpa.cpuTarget }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/ingress.yaml b/charts/blockscout-stack/templates/eth-bytecode-db/ingress.yaml new file mode 100644 index 00000000..61c45402 --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.ethBytecodeDb.enabled }} +{{- if .Values.ethBytecodeDb.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.ethBytecodeDb.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-eth-bytecode-db-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.ethBytecodeDb.ingress.host | first | default .Values.ethBytecodeDb.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: ethBytecodeDb-svc + # port: + # number: {{ .Values.ethBytecodeDb.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: eth-bytecode-db-svc + port: + number: {{ .Values.ethBytecodeDb.docker.port }} + {{- if .Values.ethBytecodeDb.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.ethBytecodeDb.ingress.host | first | default .Values.ethBytecodeDb.ingress.host._default | quote }} + {{- if .Values.ethBytecodeDb.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-eth-bytecode-db-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/rds-service.yml b/charts/blockscout-stack/templates/eth-bytecode-db/rds-service.yml new file mode 100644 index 00000000..d1572313 --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/rds-service.yml @@ -0,0 +1,17 @@ +{{- if .Values.ethBytecodeDb.enabled }} +{{- if .Values.ethBytecodeDb.rds.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ .Release.Name }}-eth-bytecode-db-rds-svc + name: db-eth-bytecode-db-svc +spec: + externalName: {{ pluck $.Values.global.env .Values.ethBytecodeDb.rds.endpoint | first | default .Values.ethBytecodeDb.rds.endpoint._default | quote }} + selector: + app: {{ .Release.Name }}-eth-bytecode-db-rds-svc + type: ExternalName +status: + loadBalancer: {} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/service.yml b/charts/blockscout-stack/templates/eth-bytecode-db/service.yml new file mode 100644 index 00000000..a4edf484 --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/service.yml @@ -0,0 +1,22 @@ +{{- if .Values.ethBytecodeDb.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: eth-bytecode-db-svc + labels: + app: {{ .Release.Name }}-eth-bytecode-db +spec: + type: {{ .Values.ethBytecodeDb.service.type}} + ports: + - port: {{ .Values.ethBytecodeDb.docker.port }} + targetPort: {{ .Values.ethBytecodeDb.docker.targetPort }} + protocol: TCP + name: web + - port: {{ .Values.ethBytecodeDb.docker.metricsPort }} + targetPort: {{ .Values.ethBytecodeDb.docker.metricsPort }} + protocol: TCP + name: http-metrics + selector: + app: {{ .Release.Name }}-eth-bytecode-db +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/eth-bytecode-db/serviceMonitor.yml b/charts/blockscout-stack/templates/eth-bytecode-db/serviceMonitor.yml new file mode 100644 index 00000000..017e9246 --- /dev/null +++ b/charts/blockscout-stack/templates/eth-bytecode-db/serviceMonitor.yml @@ -0,0 +1,14 @@ +{{- if .Values.ethBytecodeDb.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-eth-bytecode-db +spec: + endpoints: + - scrapeTimeout: 10s + port: http-metrics + path: /metrics + selector: + matchLabels: + app: {{ .Release.Name }}-eth-bytecode-db +{{- end }} diff --git a/charts/blockscout-stack/templates/frontend/_envs.tpl b/charts/blockscout-stack/templates/frontend/_envs.tpl new file mode 100644 index 00000000..c0c676f9 --- /dev/null +++ b/charts/blockscout-stack/templates/frontend/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "frontend_env" }} +{{- range $key, $value := .Values.frontend.environment }} +{{- $item := get $.Values.frontend.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/frontend/deployment.yml b/charts/blockscout-stack/templates/frontend/deployment.yml new file mode 100644 index 00000000..6bb54a12 --- /dev/null +++ b/charts/blockscout-stack/templates/frontend/deployment.yml @@ -0,0 +1,78 @@ +{{- if .Values.frontend.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-frontend + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "http-metrics" +spec: + replicas: {{ .Values.frontend.replicas.app }} + selector: + matchLabels: + app: {{ .Release.Name }}-frontend + template: + metadata: + {{- if eq .Values.frontend.image.pullPolicy "Always" }} + annotations: + releaseTime: {{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC"| quote }} + {{- end }} + labels: + app: {{ .Release.Name }}-frontend + spec: + # serviceAccountName: vault-auth + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-front + image: {{ pluck $.Values.global.env .Values.frontend.image | first | default .Values.frontend.image._default | quote }} + resources: + {{- with .Values.frontend.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + ports: + - containerPort: {{ .Values.frontend.docker.targetPort }} + env: +{{- include "frontend_env" . | indent 10 }} + # volumeMounts: + # - name: smweb-logs + # mountPath: /usr/local/sm-web-server/log + {{- if .Values.frontend.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.frontend.readinessProbe.path }} + port: {{ .Values.frontend.docker.targetPort }} + scheme: HTTP + {{- with .Values.frontend.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.frontend.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.frontend.livenessProbe.path }} + port: {{ .Values.frontend.docker.targetPort }} + scheme: HTTP + {{- with .Values.frontend.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: smweb-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.frontend.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.frontend.nodeSelector.labels | first | default .Values.frontend.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/frontend/ingress.yaml b/charts/blockscout-stack/templates/frontend/ingress.yaml new file mode 100644 index 00000000..6059c12b --- /dev/null +++ b/charts/blockscout-stack/templates/frontend/ingress.yaml @@ -0,0 +1,49 @@ +{{- if .Values.frontend.enabled }} +{{- if .Values.frontend.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.frontend.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-frontend-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.frontend.ingress.host | first | default .Values.frontend.ingress.host._default | quote }} + http: + paths: + {{- range .Values.frontend.ingress.path.exact }} + - path: {{ . }} + pathType: Exact + backend: + service: + name: {{ $.Release.Name }}-frontend-svc + port: + number: {{ $.Values.frontend.docker.port }} + {{- end}} + {{- range .Values.frontend.ingress.path.prefix }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }}-frontend-svc + port: + number: {{ $.Values.frontend.docker.port }} + {{- end}} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.frontend.ingress.host | first | default .Values.frontend.ingress.host._default | quote }} + {{- if .Values.frontend.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-{{ .Values.frontend.app }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/frontend/service.yml b/charts/blockscout-stack/templates/frontend/service.yml new file mode 100644 index 00000000..c52c496d --- /dev/null +++ b/charts/blockscout-stack/templates/frontend/service.yml @@ -0,0 +1,16 @@ +{{- if .Values.frontend.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-frontend-svc +spec: + type: {{ .Values.frontend.service.type}} + ports: + - port: {{ .Values.frontend.docker.port }} + targetPort: {{ .Values.frontend.docker.targetPort }} + protocol: TCP + name: http + selector: + app: {{ .Release.Name }}-frontend +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/_envs.tpl b/charts/blockscout-stack/templates/geth/_envs.tpl new file mode 100644 index 00000000..c212ad9a --- /dev/null +++ b/charts/blockscout-stack/templates/geth/_envs.tpl @@ -0,0 +1,25 @@ +{{- define "geth_env" }} +{{- range $key, $value := .Values.geth.environment }} +{{- $item := get $.Values.geth.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "client_env" }} +{{- range $key, $value := .Values.geth.client.environment }} +{{- $item := get $.Values.geth.client.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/cm.yaml b/charts/blockscout-stack/templates/geth/cm.yaml new file mode 100644 index 00000000..e5b4b233 --- /dev/null +++ b/charts/blockscout-stack/templates/geth/cm.yaml @@ -0,0 +1,25 @@ +{{- if .Values.geth.enabled }} +{{- if .Values.geth.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: geth-cm +data: + {{- range $key, $value := .Values.geth.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +--- +{{- if .Values.geth.client.files.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: client-cm +data: + {{- range $key, $value := .Values.geth.client.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} + +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/deployment.yml b/charts/blockscout-stack/templates/geth/deployment.yml new file mode 100644 index 00000000..7e88c899 --- /dev/null +++ b/charts/blockscout-stack/templates/geth/deployment.yml @@ -0,0 +1,238 @@ +{{- if .Values.geth.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-geth +spec: + replicas: {{ .Values.geth.replicas.app }} + strategy: + type: Recreate + selector: + matchLabels: + app: {{ .Release.Name }}-geth + template: + metadata: + labels: + app: {{ .Release.Name }}-geth + spec: + {{- if .Values.geth.init.enabled }} + initContainers: + - name: init + image: {{ pluck $.Values.global.env .Values.geth.init.image | first | default .Values.geth.init.image._default | quote }} + resources: + {{- with .Values.geth.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + {{- with .Values.geth.init.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.geth.init.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + env: + {{- include "geth_env" . | indent 10 }} + {{- if .Values.geth.init.volumes.enabled }} + {{- range $key, $value := .Values.geth.init.volumes.list }} + volumeMounts: + - name: {{ $key }} + mountPath: {{ toYaml $value | indent 2 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: geth + image: {{ pluck $.Values.global.env .Values.geth.image | first | default .Values.geth.image._default | quote }} + {{- if .Values.geth.command }} + {{- with .Values.geth.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.geth.args }} + {{- with .Values.geth.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # args: [ "--http", "--http.addr=0.0.0.0", "--http.vhosts=geth-mainnet-full", "--http.api=eth,net,web3,txpool", "--ws", "--ws.addr=0.0.0.0", "--datadir=/data", ] + resources: + {{- with .Values.geth.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + env: + {{- include "geth_env" . | indent 10 }} + ports: + {{- range $key, $value := .Values.geth.ports }} + - containerPort: {{ toYaml $value.number | indent 2 }} + name: {{ $key }} + {{- end }} + volumeMounts: + {{- if .Values.geth.persistence.enabled }} + - name: geth + mountPath: {{ .Values.geth.persistence.mountPath }} + {{- end }} + {{- if .Values.geth.jwt.enabled }} + - mountPath: {{ .Values.geth.jwt.mountPath }} + name: jwt + subPath: jwtsecret + {{- end }} + {{- if .Values.geth.files.enabled }} + {{- range $key, $value := .Values.geth.files.list }} + - mountPath: {{ $.Values.geth.files.mountPath }}/{{ $key }} + name: geth-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.geth.persistence.additionalVolumes }} + {{- range $key, $value := .Values.geth.persistence.additionalVolumes }} + - name: {{ $key }} + mountPath: {{ $value.mountPath }} + {{- end }} + {{- end }} + # {{- if .Values.geth.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.geth.readinessProbe.path }} + # port: {{ .Values.geth.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.geth.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.geth.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.geth.livenessProbe.path }} + # port: {{ .Values.geth.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.geth.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{- if .Values.geth.client.enabled }} + - name: client + image: {{ pluck $.Values.global.env .Values.geth.client.image | first | default .Values.geth.client.image._default | quote }} + {{- if .Values.geth.client.command }} + {{- with .Values.geth.client.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.geth.client.args }} + {{- with .Values.geth.client.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + resources: + {{- with .Values.geth.client.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + env: + {{- include "client_env" . | indent 10 }} + ports: + {{- range $key, $value := .Values.geth.client.ports }} + - containerPort: {{ toYaml $value.number | indent 2 }} + name: {{ $key }} + {{- end }} + {{- if .Values.geth.client.persistence.enabled }} + volumeMounts: + - name: client + mountPath: {{ .Values.geth.client.persistence.mountPath }} + {{- if .Values.geth.jwt.enabled }} + - mountPath: {{ .Values.geth.jwt.mountPath }} + name: jwt + subPath: jwtsecret + {{- end }} + {{- if .Values.geth.client.files.enabled }} + {{- range $key, $value := .Values.geth.client.files.list }} + - mountPath: /root/{{ $key }} + name: client-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.geth.client.persistence.additionalVolumes }} + {{- range $key, $value := .Values.geth.client.persistence.additionalVolumes }} + - name: {{ $key }} + mountPath: {{ $value.mountPath }} + {{- end }} + {{- end }} + {{- end }} + # {{- if .Values.geth.client.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.geth.client.readinessProbe.path }} + # port: {{ .Values.geth.client.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.geth.client.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.geth.client.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.geth.client.livenessProbe.path }} + # port: {{ .Values.geth.client.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.geth.client.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{- end }} + {{- if .Values.geth.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.geth.nodeSelector.labels | first | default .Values.geth.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} + volumes: + - name: jwt + secret: + secretName: jwt + {{- if .Values.geth.files.enabled }} + - configMap: + name: geth-cm + defaultMode: 0777 + name: geth-cm + {{- end }} + {{- if .Values.geth.client.files.enabled }} + - configMap: + name: client-cm + defaultMode: 0777 + name: client-cm + {{- end }} + {{- if .Values.geth.persistence.enabled }} + - name: geth + persistentVolumeClaim: + claimName: {{ .Release.Name }}-geth + {{- end }} + {{- if .Values.geth.client.persistence.enabled }} + - name: client + persistentVolumeClaim: + claimName: {{ .Release.Name }}-client + {{- end }} + {{- if .Values.geth.persistence.additionalVolumes }} + {{- range $key, $value := .Values.geth.persistence.additionalVolumes }} + - name: {{ $key }} + persistentVolumeClaim: + claimName: {{ $key }}-additional-volume + {{- end }} + {{- end }} + {{- if .Values.geth.client.persistence.additionalVolumes }} + {{- range $key, $value := .Values.geth.client.persistence.additionalVolumes }} + - name: {{ $key }} + persistentVolumeClaim: + claimName: {{ $key }}-client-additional-volume + {{- end }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/ingress.yaml b/charts/blockscout-stack/templates/geth/ingress.yaml new file mode 100644 index 00000000..610ce380 --- /dev/null +++ b/charts/blockscout-stack/templates/geth/ingress.yaml @@ -0,0 +1,100 @@ +{{- if .Values.geth.enabled }} +{{- if .Values.geth.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- if .Values.geth.ingress.tls.enabled }} + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- end }} + name: {{ .Release.Name }}-geth-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.geth.ingress.host | first | default .Values.geth.ingress.host._default | quote }} + http: + paths: + - path: "/http(/|$)(.*)" + pathType: Prefix + backend: + service: + name: geth-svc + port: + number: {{ .Values.geth.ports.http.number }} + - path: /ws(/|$)(.*) + pathType: Prefix + backend: + service: + name: geth-svc + port: + number: {{ .Values.geth.ports.ws.number }} + # - path: /discovery(/|$)(.*) + # pathType: Prefix + # backend: + # service: + # name: node-svc + # port: + # number: {{ .Values.node.portDiscovery }} + {{- if .Values.geth.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.geth.ingress.host | first | default .Values.geth.ingress.host._default | quote }} + {{- if .Values.geth.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-geth-tls + {{- end }} + {{- end }} +{{- end }} +--- +{{- if .Values.geth.client.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- if .Values.geth.client.ingress.tls.enabled }} + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- end }} + name: {{ .Release.Name }}-client-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.geth.client.ingress.host | first | default .Values.geth.client.ingress.host._default | quote }} + http: + paths: + - path: "/http(/|$)(.*)" + pathType: Prefix + backend: + service: + name: client-svc + port: + number: {{ .Values.geth.portHttp }} + - path: /ws(/|$)(.*) + pathType: Prefix + backend: + service: + name: client-svc + port: + number: {{ .Values.geth.portWs }} + {{- if .Values.geth.client.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.geth.client.ingress.host | first | default .Values.geth.client.ingress.host._default | quote }} + {{- if .Values.geth.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-client-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/pvc.yaml b/charts/blockscout-stack/templates/geth/pvc.yaml new file mode 100644 index 00000000..5ce4691a --- /dev/null +++ b/charts/blockscout-stack/templates/geth/pvc.yaml @@ -0,0 +1,92 @@ +{{- if .Values.geth.enabled }} +{{- if .Values.geth.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-geth +spec: + {{- if .Values.geth.persistence.storageClass }} + {{- with .Values.geth.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey .Values.geth.persistence.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env .Values.geth.persistence.existingPV | first | default .Values.geth.persistence.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env .Values.geth.persistence.storage | first | default .Values.geth.persistence.storage._default | quote }} +--- +{{- end }} + +{{- if .Values.geth.client.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-client +spec: + {{- if .Values.geth.client.persistence.storageClass }} + storageClassName: {{ .Values.geth.client.persistence.storageClass }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey .Values.geth.client.persistence.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env .Values.geth.client.persistence.existingPV | first | default .Values.geth.client.persistence.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env .Values.geth.client.persistence.storage | first | default .Values.geth.client.persistence.storage._default | quote }} +--- +{{- end }} + +{{- if .Values.geth.persistence.additionalVolumes }} +{{- range $key, $value := .Values.geth.persistence.additionalVolumes }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $key }}-additional-volume +spec: + {{- if $.Values.geth.persistence.storageClass }} + {{- with $.Values.geth.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey $value.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env $value.existingPV | first | default $value.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env $value.storage | first | default $value.storage._default | quote }} +--- +{{- end }} +{{- end }} + +{{- if .Values.geth.client.persistence.additionalVolumes }} +{{- range $key, $value := .Values.geth.client.persistence.additionalVolumes }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $key }}-client-additional-volume +spec: + {{- if $.Values.geth.client.persistence.storageClass }} + {{- with $.Values.geth.client.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey $value.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env $value.existingPV | first | default $value.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env $value.storage | first | default $value.storage._default | quote }} +--- +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/secret.yml b/charts/blockscout-stack/templates/geth/secret.yml new file mode 100644 index 00000000..3c02c054 --- /dev/null +++ b/charts/blockscout-stack/templates/geth/secret.yml @@ -0,0 +1,10 @@ +{{- if .Values.geth.enabled }} +{{- if .Values.geth.jwt.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: jwt +data: + jwtsecret: {{ .Values.geth.jwt.token | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/geth/service.yml b/charts/blockscout-stack/templates/geth/service.yml new file mode 100644 index 00000000..7aecd417 --- /dev/null +++ b/charts/blockscout-stack/templates/geth/service.yml @@ -0,0 +1,36 @@ +{{- if .Values.geth.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: geth-svc +spec: + type: {{ .Values.geth.service.type}} + ports: + {{- range $key, $value := .Values.geth.ports }} + - port: {{ toYaml $value.number | indent 2 }} + targetPort: {{ toYaml $value.number | indent 2 }} + protocol: {{ toYaml $value.protocol | indent 2 }} + name: {{ $key }} + {{- end }} + selector: + app: {{ .Release.Name }}-geth +--- +{{- if .Values.geth.client.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: client-svc +spec: + type: {{ .Values.geth.client.service.type}} + ports: + {{- range $key, $value := .Values.geth.client.ports }} + - port: {{ toYaml $value.number | indent 2 }} + targetPort: {{ toYaml $value.number | indent 2 }} + protocol: {{ toYaml $value.protocol | indent 2 }} + name: {{ $key }} + {{- end }} + selector: + app: {{ .Release.Name }}-geth +--- +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/node/_envs.tpl b/charts/blockscout-stack/templates/node/_envs.tpl new file mode 100644 index 00000000..b3a5f2c1 --- /dev/null +++ b/charts/blockscout-stack/templates/node/_envs.tpl @@ -0,0 +1,51 @@ +{{- define "node_env" }} +{{- range $key, $value := .Values.node.environment }} +{{- $item := get $.Values.node.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "node_common_env" }} +{{- range $key, $value := .Values.node.environmentCommon }} +{{- $item := get $.Values.node.environmentCommon $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "node_dtl_env" }} +{{- range $key, $value := .Values.node.dtl.environment }} +{{- $item := get $.Values.node.dtl.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "node_healthcheck_env" }} +{{- range $key, $value := .Values.node.healthcheck.environment }} +{{- $item := get $.Values.node.healthcheck.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/node/cm.yaml b/charts/blockscout-stack/templates/node/cm.yaml new file mode 100644 index 00000000..d7464a65 --- /dev/null +++ b/charts/blockscout-stack/templates/node/cm.yaml @@ -0,0 +1,16 @@ +{{- if .Values.node.enabled }} +{{- if .Values.node.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-node-cm +data: + {{- range $key, $value := .Values.node.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} + # genesis.json: {{ toYaml .Values.node.files.genesis | indent 2 }} + # init.sh: {{ toYaml .Values.node.files.init | indent 2 }} + # password.txt: "" +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/node/deployment.yml b/charts/blockscout-stack/templates/node/deployment.yml new file mode 100644 index 00000000..aed18df0 --- /dev/null +++ b/charts/blockscout-stack/templates/node/deployment.yml @@ -0,0 +1,220 @@ +{{- if .Values.node.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-node +spec: + replicas: {{ .Values.node.replicas.app }} + strategy: + type: Recreate + selector: + matchLabels: + app: {{ .Release.Name }}-node + template: + metadata: + labels: + app: {{ .Release.Name }}-node + spec: + containers: + - name: {{ .Release.Name }}-node + image: {{ pluck $.Values.global.env .Values.node.image | first | default .Values.node.image._default | quote }} + command: {{ .Values.node.command }} + args: {{ .Values.node.args }} + # args: [ "--http", "--http.addr=0.0.0.0", "--http.vhosts=geth-mainnet-full", "--http.api=eth,net,web3,txpool", "--ws", "--ws.addr=0.0.0.0", "--datadir=/data", ] + resources: + {{- with .Values.node.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + env: + {{- include "node_env" . | indent 10 }} + {{- include "node_common_env" . | indent 10 }} + ports: + - containerPort: {{ .Values.node.portHttp }} + name: noderpchttp + - containerPort: {{ .Values.node.portWs }} + name: noderpctcp + {{- if .Values.node.persistence.enabled }} + volumeMounts: + - name: node + mountPath: "/geth" + {{- if .Values.node.files.enabled }} + {{- range $key, $value := .Values.node.files.list }} + - mountPath: /scripts/{{ $key }} + name: node-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.node.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.persistence.additionalVolumes }} + - name: {{ $key }} + mountPath: {{ $value.mountPath }} + {{- end }} + {{- end }} + {{- end }} + # {{- if .Values.node.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.node.readinessProbe.path }} + # port: {{ .Values.node.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.node.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.node.livenessProbe.path }} + # port: {{ .Values.node.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{ if .Values.node.dtl.enabled }} + - name: {{ .Release.Name }}-dtl + image: {{ pluck $.Values.global.env .Values.node.dtl.image | first | default .Values.node.dtl.image._default | quote }} + env: + {{- include "node_dtl_env" . | indent 10 }} + {{- include "node_common_env" . | indent 10 }} + resources: + {{- with .Values.node.dtl.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + ports: + - containerPort: {{ .Values.node.dtl.port }} + name: dtl + {{- if .Values.node.dtl.persistence.enabled }} + volumeMounts: + - name: dtl + mountPath: "/db" + {{- if .Values.node.dtl.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.dtl.persistence.additionalVolumes }} + - name: {{ $key }} + mountPath: {{ $value.mountPath }} + {{- end }} + {{- end }} + {{- end }} + # {{- if .Values.node.dtl.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.node.dtl.readinessProbe.path }} + # port: {{ .Values.node.dtl.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.dtl.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.node.dtl.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.node.dtl.livenessProbe.path }} + # port: {{ .Values.node.dtl.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.dtl.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{- end }} + {{ if .Values.node.healthcheck.enabled }} + - name: {{ .Release.Name }}-healthcheck + image: {{ pluck $.Values.global.env .Values.node.healthcheck.image | first | default .Values.node.healthcheck.image._default | quote }} + env: + {{- include "node_healthcheck_env" . | indent 10 }} + {{- include "node_common_env" . | indent 10 }} + resources: + {{- with .Values.node.healthcheck.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + ports: + - containerPort: {{ .Values.node.healthcheck.port }} + name: healthcheck + {{- if .Values.node.healthcheck.persistence.enabled }} + volumeMounts: + {{- if .Values.node.healthcheck.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.healthcheck.persistence.additionalVolumes }} + - name: {{ $key }} + mountPath: {{ $value.mountPath }} + {{- end }} + {{- end }} + {{- end }} + # {{- if .Values.node.healthcheck.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.node.healthcheck.readinessProbe.path }} + # port: {{ .Values.node.healthcheck.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.healthcheck.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.node.healthcheck.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.node.healthcheck.livenessProbe.path }} + # port: {{ .Values.node.healthcheck.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.node.healthcheck.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{- end }} + {{- if .Values.node.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.node.nodeSelector.labels | first | default .Values.node.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.node.files.enabled }} + - configMap: + name: {{ .Release.Name }}-node-cm + defaultMode: 0777 + name: node-cm + {{- end }} + {{- if .Values.node.persistence.enabled }} + - name: node + persistentVolumeClaim: + claimName: {{ .Release.Name }}-node + {{- end }} + {{- if .Values.node.dtl.persistence.enabled }} + - name: dtl + persistentVolumeClaim: + claimName: {{ .Release.Name }}-dtl + {{- end }} + {{- if .Values.node.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.persistence.additionalVolumes }} + - name: {{ $key }} + persistentVolumeClaim: + claimName: {{ $key }}-additional-volume + {{- end }} + {{- end }} + {{- if .Values.node.dtl.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.dtl.persistence.additionalVolumes }} + - name: {{ $key }} + persistentVolumeClaim: + claimName: {{ $key }}-dtl-additional-volume + {{- end }} + {{- end }} + {{- if .Values.node.healthcheck.persistence.additionalVolumes }} + {{- range $key, $value := .Values.node.healthcheck.persistence.additionalVolumes }} + - name: {{ $key }} + persistentVolumeClaim: + claimName: {{ $key }}-healthcheck-additional-volume + {{- end }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/node/ingress.yaml b/charts/blockscout-stack/templates/node/ingress.yaml new file mode 100644 index 00000000..a4c28bca --- /dev/null +++ b/charts/blockscout-stack/templates/node/ingress.yaml @@ -0,0 +1,56 @@ +{{- if .Values.node.enabled }} +{{- if .Values.node.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- if .Values.node.ingress.tls.enabled }} + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- end }} + name: {{ .Release.Name }}-node-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.node.ingress.host | first | default .Values.node.ingress.host._default | quote }} + http: + paths: + - path: "/http(/|$)(.*)" + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-node-svc + port: + number: {{ .Values.node.portHttp }} + - path: /ws(/|$)(.*) + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-node-svc + port: + number: {{ .Values.node.portWs }} + {{- if .Values.node.dtl.ingress.enabled }} + - path: /dtl(/|$)(.*) + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-dtl-svc + port: + number: {{ .Values.node.dtl.port }} + {{- end }} + {{- if .Values.node.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.node.ingress.host | first | default .Values.node.ingress.host._default | quote }} + {{- if .Values.node.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-node-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/node/pvc.yaml b/charts/blockscout-stack/templates/node/pvc.yaml new file mode 100644 index 00000000..fb6a4b1e --- /dev/null +++ b/charts/blockscout-stack/templates/node/pvc.yaml @@ -0,0 +1,117 @@ +{{- if .Values.node.enabled }} +{{- if .Values.node.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-node +spec: + {{- if .Values.node.persistence.storageClass }} + {{- with .Values.node.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey .Values.node.persistence.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env .Values.node.persistence.existingPV | first | default .Values.node.persistence.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env .Values.node.persistence.storage | first | default .Values.node.persistence.storage._default | quote }} +--- +{{- end }} +{{- if .Values.node.dtl.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-dtl +spec: + {{- if .Values.node.dtl.persistence.storageClass }} + {{- with .Values.node.dtl.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey .Values.node.dtl.persistence.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env .Values.node.dtl.persistence.existingPV | first | default .Values.node.dtl.persistence.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env .Values.node.dtl.persistence.storage | first | default .Values.node.dtl.persistence.storage._default | quote }} +--- +{{- end }} + +{{- if .Values.node.persistence.additionalVolumes }} +{{- range $key, $value := .Values.node.persistence.additionalVolumes }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $key }}-additional-volume +spec: + {{- if $.Values.node.persistence.storageClass }} + {{- with $.Values.node.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey $value.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env $value.existingPV | first | default $value.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env $value.storage | first | default $value.storage._default | quote }} +--- +{{- end }} +{{- end }} + +{{- if .Values.node.dtl.persistence.additionalVolumes }} +{{- range $key, $value := .Values.node.dtl.persistence.additionalVolumes }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $key }}-dtl-additional-volume +spec: + {{- if $.Values.node.dtl.persistence.storageClass }} + {{- with $.Values.node.dtl.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey $value.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env $value.existingPV | first | default $value.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env $value.storage | first | default $value.storage._default | quote }} +--- +{{- end }} +{{- end }} + +{{- if .Values.node.healthcheck.persistence.additionalVolumes }} +{{- range $key, $value := .Values.node.healthcheck.persistence.additionalVolumes }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $key }}-healthcheck-additional-volume +spec: + {{- if $.Values.node.healthcheck.persistence.storageClass }} + {{- with $.Values.node.healthcheck.persistence.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey $value.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env $value.existingPV | first | default $value.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ pluck $.Values.global.env $value.storage | first | default $value.storage._default | quote }} +--- +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/blockscout-stack/templates/node/service.yml b/charts/blockscout-stack/templates/node/service.yml new file mode 100644 index 00000000..bf6ddc63 --- /dev/null +++ b/charts/blockscout-stack/templates/node/service.yml @@ -0,0 +1,36 @@ +{{- if .Values.node.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-node-svc +spec: + type: {{ .Values.node.service.type}} + ports: + - port: {{ .Values.node.portHttp }} + targetPort: {{ .Values.node.portHttp }} + protocol: TCP + name: http + - port: {{ .Values.node.portWs }} + targetPort: {{ .Values.node.portWs }} + protocol: TCP + name: ws + selector: + app: {{ .Release.Name }}-node +--- +{{- if .Values.node.dtl.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-dtl-svc +spec: + type: {{ .Values.node.dtl.service.type}} + ports: + - port: {{ .Values.node.dtl.port }} + targetPort: {{ .Values.node.dtl.port }} + protocol: TCP + name: dtl + selector: + app: {{ .Release.Name }}-node +--- +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/postgres/_envs.tpl b/charts/blockscout-stack/templates/postgres/_envs.tpl new file mode 100644 index 00000000..ca0951ab --- /dev/null +++ b/charts/blockscout-stack/templates/postgres/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "postgres_env" }} +{{- range $key, $value := .Values.postgres.environment }} +{{- $item := get $.Values.postgres.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/postgres/cm.yaml b/charts/blockscout-stack/templates/postgres/cm.yaml new file mode 100644 index 00000000..4c167f2c --- /dev/null +++ b/charts/blockscout-stack/templates/postgres/cm.yaml @@ -0,0 +1,15 @@ +{{- if .Values.postgres.enabled }} +{{- if .Values.postgres.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-cm +data: + {{- range $key, $value := .Values.postgres.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +--- + +{{- end }} diff --git a/charts/blockscout-stack/templates/postgres/deployment.yaml b/charts/blockscout-stack/templates/postgres/deployment.yaml new file mode 100644 index 00000000..c2608734 --- /dev/null +++ b/charts/blockscout-stack/templates/postgres/deployment.yaml @@ -0,0 +1,104 @@ +{{- if .Values.postgres.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-postgres +spec: + replicas: 1 + strategy: + type: {{ .Values.postgres.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-postgres + template: + metadata: + labels: + app: {{ .Release.Name }}-postgres + spec: + containers: + - name: postgres + image: {{ .Values.postgres.image }} + resources: + {{- with .Values.postgres.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + command: {{ .Values.postgres.command }} + args: {{ .Values.postgres.args }} + imagePullPolicy: "IfNotPresent" + # {{- if .Values.postgres.args }} + # args: + # {{- end }} + ports: + - containerPort: {{ .Values.postgres.port }} + env: +{{- include "postgres_env" . | indent 10 }} + {{- if or ( .Values.postgres.persistence ) ( .Values.postgres.files.enabled ) ( .Values.postgres.customShm.enabled ) }} + volumeMounts: + {{- if .Values.postgres.persistence }} + - mountPath: {{ .Values.postgres.mountPath }} + name: postgredb + subPath: postgres + {{- end }} + {{- if .Values.postgres.files.enabled }} + {{- range $key, $value := .Values.postgres.files.list }} + - mountPath: {{ $.Values.postgres.files.mountPath }}/{{ $key }} + name: postgres-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.postgres.customShm.enabled }} + - mountPath: /dev/shm + name: dshm + {{- end }} + {{- end }} + # {{- if .Values.postgres.readinessProbe.enabled }} + # readinessProbe: + # httpGet: + # path: {{ .Values.postgres.readinessProbe.path }} + # port: {{ .Values.postgres.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.postgres.readinessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + # {{- if .Values.postgres.livenessProbe.enabled }} + # livenessProbe: + # httpGet: + # path: {{ .Values.postgres.livenessProbe.path }} + # port: {{ .Values.postgres.docker.targetPort }} + # scheme: HTTP + # {{- with .Values.postgres.livenessProbe.params }} + # {{ . | toYaml | nindent 12 }} + # {{- end }} + # {{- end }} + {{- if .Values.postgres.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.postgres.nodeSelector.labels | first | default .Values.postgres.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} + {{- if or ( .Values.postgres.persistence ) ( .Values.postgres.files.enabled ) ( .Values.postgres.customShm.enabled ) }} + volumes: + {{- if .Values.postgres.persistence }} + - name: postgredb + persistentVolumeClaim: + claimName: {{ .Release.Name }}-postgres-pv-claim + {{- end }} + {{- if .Values.postgres.customShm.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: {{ .Values.postgres.customShm.sizeLimit }} + {{- end }} + {{- if .Values.postgres.files.enabled }} + - configMap: + name: postgres-cm + defaultMode: 0777 + name: postgres-cm + {{- end }} + {{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/postgres/pvc.yaml b/charts/blockscout-stack/templates/postgres/pvc.yaml new file mode 100644 index 00000000..a923193d --- /dev/null +++ b/charts/blockscout-stack/templates/postgres/pvc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.postgres.enabled }} +{{- if .Values.postgres.persistence }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-postgres-pv-claim +spec: + {{- if .Values.postgres.storageClass }} + {{- with .Values.postgres.storageClass }} + storageClassName: {{ . | toYaml | nindent 6 }} + {{- end }} + {{- end }} + accessModes: + - ReadWriteOnce + {{- if hasKey .Values.postgres.existingPV $.Values.global.env }} + volumeName: {{ pluck $.Values.global.env .Values.postgres.existingPV | first | default .Values.postgres.existingPV._default | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.postgres.storage | quote }} +--- +{{- end }} + +{{- end }} diff --git a/charts/blockscout-stack/templates/postgres/service.yaml b/charts/blockscout-stack/templates/postgres/service.yaml new file mode 100644 index 00000000..5de397b0 --- /dev/null +++ b/charts/blockscout-stack/templates/postgres/service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.postgres.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app: {{ .Release.Name }}-postgres +spec: + type: {{ .Values.postgres.service.type}} + ports: + - port: {{ .Values.postgres.port }} + selector: + app: {{ .Release.Name }}-postgres +{{- end }} diff --git a/charts/blockscout-stack/templates/sig-provider/_envs.tpl b/charts/blockscout-stack/templates/sig-provider/_envs.tpl new file mode 100644 index 00000000..031be552 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "sigProvider_env" }} +{{- range $key, $value := .Values.sigProvider.environment }} +{{- $item := get $.Values.sigProvider.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/sig-provider/deployment.yml b/charts/blockscout-stack/templates/sig-provider/deployment.yml new file mode 100644 index 00000000..fefe5786 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/deployment.yml @@ -0,0 +1,76 @@ +{{- if .Values.sigProvider.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-sig-provider +spec: + replicas: {{ .Values.sigProvider.replicas.app }} + strategy: + type: {{ .Values.sigProvider.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-sig-provider + template: + metadata: + labels: + app: {{ .Release.Name }}-sig-provider + {{- if eq .Values.sigProvider.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }}-sig-provider + image: {{ pluck $.Values.global.env .Values.sigProvider.image | first | default .Values.sigProvider.image._default | quote }} + resources: + {{- with .Values.sigProvider.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.sigProvider.image.pullPolicy }} + ports: + - containerPort: {{ .Values.sigProvider.docker.targetPort }} + - containerPort: {{ .Values.sigProvider.docker.metricsPort }} + name: http-metrics + env: +{{- include "sigProvider_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/path + {{- if .Values.sigProvider.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.sigProvider.readinessProbe.path }} + port: {{ .Values.sigProvider.docker.targetPort }} + scheme: HTTP + {{- with .Values.sigProvider.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sigProvider.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.sigProvider.livenessProbe.path }} + port: {{ .Values.sigProvider.docker.targetPort }} + scheme: HTTP + {{- with .Values.sigProvider.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.sigProvider.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.sigProvider.nodeSelector.labels | first | default .Values.sigProvider.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/sig-provider/hpa.yml b/charts/blockscout-stack/templates/sig-provider/hpa.yml new file mode 100644 index 00000000..ea5a86c5 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/hpa.yml @@ -0,0 +1,16 @@ +{{- if .Values.sigProvider.enabled }} +{{- if .Values.sigProvider.hpa.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-sig-provider +spec: + maxReplicas: {{ .Values.sigProvider.hpa.maxReplicas }} + minReplicas: {{ .Values.sigProvider.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-sig-provider + targetCPUUtilizationPercentage: {{ .Values.sigProvider.hpa.cpuTarget }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/sig-provider/ingress.yaml b/charts/blockscout-stack/templates/sig-provider/ingress.yaml new file mode 100644 index 00000000..bdc1d4e4 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.sigProvider.enabled }} +{{- if .Values.sigProvider.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.sigProvider.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-sig-provider-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.sigProvider.ingress.host | first | default .Values.sigProvider.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: sigProvider-svc + # port: + # number: {{ .Values.sigProvider.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: sig-provider-svc + port: + number: {{ .Values.sigProvider.docker.port }} + {{- if .Values.sigProvider.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.sigProvider.ingress.host | first | default .Values.sigProvider.ingress.host._default | quote }} + {{- if .Values.sigProvider.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-sig-provider-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/sig-provider/service.yml b/charts/blockscout-stack/templates/sig-provider/service.yml new file mode 100644 index 00000000..806209a8 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/service.yml @@ -0,0 +1,22 @@ +{{- if .Values.sigProvider.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: sig-provider-svc + labels: + app: {{ .Release.Name }}-sig-provider +spec: + type: {{ .Values.sigProvider.service.type}} + ports: + - port: {{ .Values.sigProvider.docker.port }} + targetPort: {{ .Values.sigProvider.docker.targetPort }} + protocol: TCP + name: web + - port: {{ .Values.sigProvider.docker.metricsPort }} + targetPort: {{ .Values.sigProvider.docker.metricsPort }} + protocol: TCP + name: http-metrics + selector: + app: {{ .Release.Name }}-sig-provider +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/sig-provider/serviceMonitor.yml b/charts/blockscout-stack/templates/sig-provider/serviceMonitor.yml new file mode 100644 index 00000000..3cb51d05 --- /dev/null +++ b/charts/blockscout-stack/templates/sig-provider/serviceMonitor.yml @@ -0,0 +1,14 @@ +{{- if .Values.sigProvider.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-sig-provider +spec: + endpoints: + - scrapeTimeout: 10s + port: http-metrics + path: /metrics + selector: + matchLabels: + app: {{ .Release.Name }}-sig-provider +{{- end }} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/_envs.tpl b/charts/blockscout-stack/templates/smart-contract-verifier/_envs.tpl new file mode 100644 index 00000000..5618ffee --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "scVerifier_env" }} +{{- range $key, $value := .Values.scVerifier.environment }} +{{- $item := get $.Values.scVerifier.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/deployment.yml b/charts/blockscout-stack/templates/smart-contract-verifier/deployment.yml new file mode 100644 index 00000000..7d8cec39 --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/deployment.yml @@ -0,0 +1,85 @@ +{{- if .Values.scVerifier.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-sc-verifier + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "http-metrics" +spec: + replicas: {{ .Values.scVerifier.replicas.app }} + strategy: + type: {{ .Values.scVerifier.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-sc-verifier + template: + metadata: + labels: + app: {{ .Release.Name }}-sc-verifier + {{- if eq .Values.scVerifier.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + # serviceAccountName: vault-auth + containers: + - name: {{ .Release.Name }}-sc-verifier + image: {{ pluck $.Values.global.env .Values.scVerifier.image | first | default .Values.scVerifier.image._default | quote }} + resources: + {{- with .Values.scVerifier.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.scVerifier.image.pullPolicy }} + ports: + {{- range $key, $value := .Values.scVerifier.ports.http }} + - containerPort: {{ toYaml $value.number | indent 2 }} + name: {{ $key }} + {{- end }} + {{- if .Values.scVerifier.ports.grpc.enabled }} + - containerPort: {{ toYaml .Values.scVerifier.ports.grpc.number | indent 2 }} + name: grpc + {{- end }} + env: +{{- include "scVerifier_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/gkretail/sm-web-server/log + {{- if .Values.scVerifier.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.scVerifier.readinessProbe.path }} + port: {{ .Values.scVerifier.ports.http.http.number }} + scheme: HTTP + {{- with .Values.scVerifier.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.scVerifier.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.scVerifier.livenessProbe.path }} + port: {{ .Values.scVerifier.ports.http.http.number }} + scheme: HTTP + {{- with .Values.scVerifier.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.scVerifier.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.scVerifier.nodeSelector.labels | first | default .Values.scVerifier.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/hpa.yml b/charts/blockscout-stack/templates/smart-contract-verifier/hpa.yml new file mode 100644 index 00000000..0d80ff90 --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/hpa.yml @@ -0,0 +1,16 @@ +{{- if .Values.scVerifier.enabled }} +{{- if .Values.scVerifier.hpa.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-sc-verifier +spec: + maxReplicas: {{ .Values.scVerifier.hpa.maxReplicas }} + minReplicas: {{ .Values.scVerifier.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-sc-verifier + targetCPUUtilizationPercentage: {{ .Values.scVerifier.hpa.cpuTarget }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/ingress.yaml b/charts/blockscout-stack/templates/smart-contract-verifier/ingress.yaml new file mode 100644 index 00000000..fc6733b0 --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/ingress.yaml @@ -0,0 +1,86 @@ +{{- if .Values.scVerifier.enabled }} +{{- if .Values.scVerifier.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.scVerifier.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-sc-verifier-ingress +spec: + rules: + {{- range $key, $value := .Values.scVerifier.ports.http }} + - host: {{ toYaml $value.host | indent 2 }}{{ pluck $.Values.global.env $.Values.scVerifier.ingress.host | first | default $.Values.scVerifier.ingress.host._default }} + http: + paths: + - path: {{ toYaml $value.path | indent 2 }} + pathType: {{ toYaml $value.pathType | indent 2 }} + backend: + service: + name: sc-verifier-svc + port: + number: {{ toYaml $value.number | indent 2 }} + {{- end }} + {{- if .Values.scVerifier.ingress.tls.enabled }} + tls: + - hosts: + {{- range $key, $value := .Values.scVerifier.ports.http }} + - {{ toYaml $value.host | indent 2 }}{{ pluck $.Values.global.env $.Values.scVerifier.ingress.host | first | default $.Values.scVerifier.ingress.host._default }} + {{- end }} + {{- if .Values.scVerifier.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-sc-verifier-tls + {{- end }} + {{- end }} +--- + +{{- if .Values.scVerifier.ports.grpc.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + {{- range .Values.scVerifier.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-sc-verifier-grpc-ingress +spec: + rules: + - host: {{ toYaml .Values.scVerifier.ports.grpc.host | indent 2 }}{{ pluck .Values.global.env .Values.scVerifier.ingress.host | first | default .Values.scVerifier.ingress.host._default }} + http: + paths: + - path: {{ toYaml .Values.scVerifier.ports.grpc.path | indent 2 }} + pathType: {{ toYaml .Values.scVerifier.ports.grpc.pathType | indent 2 }} + backend: + service: + name: sc-verifier-grpc-svc + port: + number: {{ toYaml .Values.scVerifier.ports.grpc.number | indent 2 }} + {{- if .Values.scVerifier.ingress.tls.enabled }} + tls: + - hosts: + - {{ toYaml .Values.scVerifier.ports.grpc.host | indent 2 }}{{ pluck .Values.global.env .Values.scVerifier.ingress.host | first | default .Values.scVerifier.ingress.host._default }} + {{- if .Values.scVerifier.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-sc-verifier-tls + {{- end }} + {{- end }} +{{- end }} + +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/service.yml b/charts/blockscout-stack/templates/smart-contract-verifier/service.yml new file mode 100644 index 00000000..6478db03 --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/service.yml @@ -0,0 +1,38 @@ +{{- if .Values.scVerifier.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: sc-verifier-svc + labels: + app: {{ .Release.Name }}-sc-verifier +spec: + type: {{ .Values.scVerifier.service.type}} + ports: + {{- range $key, $value := .Values.scVerifier.ports.http }} + - port: {{ toYaml $value.number | indent 2 }} + targetPort: {{ toYaml $value.number | indent 2 }} + protocol: {{ toYaml $value.protocol | indent 2 }} + name: {{ $key }} + {{- end }} + selector: + app: {{ .Release.Name }}-sc-verifier +--- +{{- if .Values.scVerifier.ports.grpc.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: sc-verifier-grpc-svc + labels: + app: {{ .Release.Name }}-sc-verifier +spec: + type: {{ .Values.scVerifier.service.type}} + ports: + - port: {{ toYaml .Values.scVerifier.ports.grpc.number | indent 2 }} + targetPort: {{ toYaml .Values.scVerifier.ports.grpc.number | indent 2 }} + protocol: {{ toYaml .Values.scVerifier.ports.grpc.protocol | indent 2 }} + name: grpc + selector: + app: {{ .Release.Name }}-sc-verifier +{{- end }} +--- +{{- end }} diff --git a/charts/blockscout-stack/templates/smart-contract-verifier/serviceMonitor.yml b/charts/blockscout-stack/templates/smart-contract-verifier/serviceMonitor.yml new file mode 100644 index 00000000..5acecdb8 --- /dev/null +++ b/charts/blockscout-stack/templates/smart-contract-verifier/serviceMonitor.yml @@ -0,0 +1,14 @@ +{{- if .Values.scVerifier.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-sc-verifier +spec: + endpoints: + - scrapeTimeout: 10s + port: metrics + path: /metrics + selector: + matchLabels: + app: {{ .Release.Name }}-sc-verifier +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/_envs.tpl b/charts/blockscout-stack/templates/stats/_envs.tpl new file mode 100644 index 00000000..11555358 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "stats_env" }} +{{- range $key, $value := .Values.stats.environment }} +{{- $item := get $.Values.stats.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/cm.yml b/charts/blockscout-stack/templates/stats/cm.yml new file mode 100644 index 00000000..1df344e1 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/cm.yml @@ -0,0 +1,13 @@ +{{- if .Values.stats.enabled }} +{{- if .Values.stats.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: stats-cm +data: + {{- range $key, $value := .Values.stats.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/deployment.yml b/charts/blockscout-stack/templates/stats/deployment.yml new file mode 100644 index 00000000..0522e629 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/deployment.yml @@ -0,0 +1,91 @@ +{{- if .Values.stats.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-stats +spec: + replicas: {{ .Values.stats.replicas.app }} + strategy: + type: {{ .Values.stats.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-stats + template: + metadata: + labels: + app: {{ .Release.Name }}-stats + {{- if eq .Values.stats.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }}-stats + image: {{ pluck $.Values.global.env .Values.stats.image | first | default .Values.stats.image._default | quote }} + resources: + {{- with .Values.stats.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.stats.image.pullPolicy }} + ports: + - containerPort: {{ .Values.stats.docker.targetPort }} + - containerPort: {{ .Values.stats.docker.metricsPort }} + name: http-metrics + env: +{{- include "stats_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/path + {{- if .Values.stats.files.enabled }} + volumeMounts: + {{- range $key, $value := .Values.stats.files.list }} + - mountPath: {{ $.Values.stats.files.mountPath }}/{{ $key }} + name: stats-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.stats.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.stats.readinessProbe.path }} + port: {{ .Values.stats.docker.targetPort }} + scheme: HTTP + {{- with .Values.stats.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.stats.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.stats.livenessProbe.path }} + port: {{ .Values.stats.docker.targetPort }} + scheme: HTTP + {{- with .Values.stats.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.stats.files.enabled }} + volumes: + - configMap: + name: stats-cm + defaultMode: 0777 + name: stats-cm + {{- end }} + {{- if .Values.stats.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.stats.nodeSelector.labels | first | default .Values.stats.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/stats/hpa.yml b/charts/blockscout-stack/templates/stats/hpa.yml new file mode 100644 index 00000000..95895943 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/hpa.yml @@ -0,0 +1,16 @@ +{{- if .Values.stats.enabled }} +{{- if .Values.stats.hpa.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-stats +spec: + maxReplicas: {{ .Values.stats.hpa.maxReplicas }} + minReplicas: {{ .Values.stats.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-stats + targetCPUUtilizationPercentage: {{ .Values.stats.hpa.cpuTarget }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/ingress.yaml b/charts/blockscout-stack/templates/stats/ingress.yaml new file mode 100644 index 00000000..44106de0 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.stats.enabled }} +{{- if .Values.stats.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.stats.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-stats-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.stats.ingress.host | first | default .Values.stats.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: stats-svc + # port: + # number: {{ .Values.stats.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: stats-svc + port: + number: {{ .Values.stats.docker.port }} + {{- if .Values.stats.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.stats.ingress.host | first | default .Values.stats.ingress.host._default | quote }} + {{- if .Values.stats.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-stats-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/rds-service.yml b/charts/blockscout-stack/templates/stats/rds-service.yml new file mode 100644 index 00000000..a200b5aa --- /dev/null +++ b/charts/blockscout-stack/templates/stats/rds-service.yml @@ -0,0 +1,17 @@ +{{- if .Values.stats.enabled }} +{{- if .Values.stats.rds.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ .Release.Name }}-stats-rds-svc + name: db-stats-svc +spec: + externalName: {{ pluck $.Values.global.env .Values.stats.rds.endpoint | first | default .Values.stats.rds.endpoint._default | quote }} + selector: + app: {{ .Release.Name }}-stats-rds-svc + type: ExternalName +status: + loadBalancer: {} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/stats/service.yml b/charts/blockscout-stack/templates/stats/service.yml new file mode 100644 index 00000000..e7c3f060 --- /dev/null +++ b/charts/blockscout-stack/templates/stats/service.yml @@ -0,0 +1,26 @@ +{{- if .Values.stats.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: stats-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: {{ .Release.Name }}-stats +spec: + type: {{ .Values.stats.service.type}} + ports: + - port: {{ .Values.stats.docker.port }} + targetPort: {{ .Values.stats.docker.targetPort }} + protocol: TCP + name: web + - port: {{ .Values.stats.docker.metricsPort }} + targetPort: {{ .Values.stats.docker.metricsPort }} + protocol: TCP + name: http-metrics + selector: + app: {{ .Release.Name }}-stats +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/stats/serviceMonitor.yml b/charts/blockscout-stack/templates/stats/serviceMonitor.yml new file mode 100644 index 00000000..bab3139d --- /dev/null +++ b/charts/blockscout-stack/templates/stats/serviceMonitor.yml @@ -0,0 +1,14 @@ +{{- if .Values.stats.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Release.Name }}-stats +spec: + endpoints: + - scrapeTimeout: 10s + port: http-metrics + path: /metrics + selector: + matchLabels: + app: {{ .Release.Name }}-stats +{{- end }} diff --git a/charts/blockscout-stack/templates/token-info-extractor/_envs.tpl b/charts/blockscout-stack/templates/token-info-extractor/_envs.tpl new file mode 100644 index 00000000..514c51b5 --- /dev/null +++ b/charts/blockscout-stack/templates/token-info-extractor/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "tokenInfoExtractor_env" }} +{{- range $key, $value := .Values.tokenInfoExtractor.environment }} +{{- $item := get $.Values.tokenInfoExtractor.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/token-info-extractor/cm.yml b/charts/blockscout-stack/templates/token-info-extractor/cm.yml new file mode 100644 index 00000000..6af4e3d3 --- /dev/null +++ b/charts/blockscout-stack/templates/token-info-extractor/cm.yml @@ -0,0 +1,13 @@ +{{- if .Values.tokenInfoExtractor.enabled }} +{{- if .Values.tokenInfoExtractor.files.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: token-info-extractor-cm +data: + {{- range $key, $value := .Values.tokenInfoExtractor.files.list }} + {{ $key }}: {{ toYaml $value | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/token-info-extractor/cronjob.yml b/charts/blockscout-stack/templates/token-info-extractor/cronjob.yml new file mode 100644 index 00000000..985d091e --- /dev/null +++ b/charts/blockscout-stack/templates/token-info-extractor/cronjob.yml @@ -0,0 +1,54 @@ +{{- if .Values.tokenInfoExtractor.enabled }} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-token-info-extractor +spec: + schedule: {{ pluck $.Values.global.env .Values.tokenInfoExtractor.schedule | first | default .Values.tokenInfoExtractor.schedule._default | quote }} + concurrencyPolicy: "Forbid" + jobTemplate: + spec: + backoffLimit: 6 + completions: 1 + parallelism: 1 + template: + spec: + restartPolicy: Never + imagePullSecrets: + - name: regcred + containers: + - name: {{ .Release.Name }}-token-info-extractor + image: {{ pluck $.Values.global.env .Values.tokenInfoExtractor.image | first | default .Values.tokenInfoExtractor.image._default | quote }} + resources: + {{- with .Values.tokenInfoExtractor.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: Always + env: +{{- include "tokenInfoExtractor_env" . | indent 16 }} + {{- if .Values.tokenInfoExtractor.files.enabled }} + volumeMounts: + {{- range $key, $value := .Values.tokenInfoExtractor.files.list }} + - mountPath: {{ $.Values.tokenInfoExtractor.files.mountPath }}/{{ $key }} + name: token-info-extractor-cm + subPath: {{ $key }} + {{- end }} + {{- end }} + {{- if .Values.tokenInfoExtractor.files.enabled }} + volumes: + - configMap: + name: token-info-extractor-cm + defaultMode: 0777 + name: token-info-extractor-cm + {{- end }} + {{- if .Values.tokenInfoExtractor.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.tokenInfoExtractor.nodeSelector.labels | first | default .Values.tokenInfoExtractor.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/visualizer/_envs.tpl b/charts/blockscout-stack/templates/visualizer/_envs.tpl new file mode 100644 index 00000000..5967aaab --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/_envs.tpl @@ -0,0 +1,12 @@ +{{- define "visualizer_env" }} +{{- range $key, $value := .Values.visualizer.environment }} +{{- $item := get $.Values.visualizer.environment $key }} +{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}} +- name: {{ $key }} + value: {{ $value | quote }} +{{- else }} +- name: {{ $key }} + value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/visualizer/deployment.yml b/charts/blockscout-stack/templates/visualizer/deployment.yml new file mode 100644 index 00000000..defb49a8 --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/deployment.yml @@ -0,0 +1,76 @@ +{{- if .Values.visualizer.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-visualizer +spec: + replicas: {{ .Values.visualizer.replicas.app }} + strategy: + type: {{ .Values.visualizer.strategy }} + selector: + matchLabels: + app: {{ .Release.Name }}-visualizer + template: + metadata: + labels: + app: {{ .Release.Name }}-visualizer + {{- if eq .Values.visualizer.image.pullPolicy "Always" }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }}-visualizer + image: {{ pluck $.Values.global.env .Values.visualizer.image | first | default .Values.visualizer.image._default | quote }} + resources: + {{- with .Values.visualizer.resources }} + limits: + memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }} + requests: + memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }} + cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }} + {{- end }} + imagePullPolicy: {{ .Values.visualizer.image.pullPolicy }} + ports: + - containerPort: {{ .Values.visualizer.docker.targetPort }} + - containerPort: {{ .Values.visualizer.docker.metricsPort }} + name: http-metrics + env: +{{- include "visualizer_env" . | indent 10 }} + # volumeMounts: + # - name: {{ .Release.Name }}-logs + # mountPath: /usr/local/path + {{- if .Values.visualizer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.visualizer.readinessProbe.path }} + port: {{ .Values.visualizer.docker.targetPort }} + scheme: HTTP + {{- with .Values.visualizer.readinessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.visualizer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.visualizer.livenessProbe.path }} + port: {{ .Values.visualizer.docker.targetPort }} + scheme: HTTP + {{- with .Values.visualizer.livenessProbe.params }} + {{ . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + # volumes: + # - name: {{ .Release.Name }}-logs + # emptyDir: { } + # - name: config + # configMap: + # name: {{ .Release.Name }}-promtail-configmap + restartPolicy: Always + {{- if .Values.visualizer.nodeSelector.enabled }} + nodeSelector: + {{- pluck $.Values.global.env .Values.visualizer.nodeSelector.labels | first | default .Values.visualizer.nodeSelector.labels._default | toYaml | nindent 8 }} + {{- end }} +--- +{{- end}} diff --git a/charts/blockscout-stack/templates/visualizer/hpa.yml b/charts/blockscout-stack/templates/visualizer/hpa.yml new file mode 100644 index 00000000..078e6d6e --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/hpa.yml @@ -0,0 +1,16 @@ +{{- if .Values.visualizer.enabled }} +{{- if .Values.visualizer.hpa.enabled }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-visualizer +spec: + maxReplicas: {{ .Values.visualizer.hpa.maxReplicas }} + minReplicas: {{ .Values.visualizer.hpa.minReplicas }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-visualizer + targetCPUUtilizationPercentage: {{ .Values.visualizer.hpa.cpuTarget }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/visualizer/ingress.yaml b/charts/blockscout-stack/templates/visualizer/ingress.yaml new file mode 100644 index 00000000..e63daa24 --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.visualizer.enabled }} +{{- if .Values.visualizer.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: internal-and-public + nginx.ingress.kubernetes.io/proxy-body-size: 500m + nginx.ingress.kubernetes.io/client-max-body-size: "500M" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "15m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "15m" + cert-manager.io/cluster-issuer: "zerossl-prod" + {{- range .Values.visualizer.ingress.annotations }} + {{ . }} + {{- end}} + name: {{ .Release.Name }}-visualizer-ingress +spec: + rules: + - host: {{ pluck $.Values.global.env .Values.visualizer.ingress.host | first | default .Values.visualizer.ingress.host._default | quote }} + http: + paths: + # - path: "/metrics" + # pathType: Exact + # backend: + # service: + # name: visualizer-svc + # port: + # number: {{ .Values.visualizer.docker.metricsPort }} + - path: "/" + pathType: Prefix + backend: + service: + name: visualizer-svc + port: + number: {{ .Values.visualizer.docker.port }} + {{- if .Values.visualizer.ingress.tls.enabled }} + tls: + - hosts: + - {{ pluck $.Values.global.env .Values.visualizer.ingress.host | first | default .Values.visualizer.ingress.host._default | quote }} + {{- if .Values.visualizer.ingress.tls.createSecret }} + secretName: {{ .Release.Name }}-visualizer-tls + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/blockscout-stack/templates/visualizer/service.yml b/charts/blockscout-stack/templates/visualizer/service.yml new file mode 100644 index 00000000..e10edd87 --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/service.yml @@ -0,0 +1,26 @@ +{{- if .Values.visualizer.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: visualizer-svc + # annotations: + # service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + # service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + # service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app: {{ .Release.Name }}-visualizer +spec: + type: {{ .Values.visualizer.service.type}} + ports: + - port: {{ .Values.visualizer.docker.port }} + targetPort: {{ .Values.visualizer.docker.targetPort }} + protocol: TCP + name: web + # - port: {{ .Values.visualizer.docker.metricsPort }} + # targetPort: {{ .Values.visualizer.docker.metricsPort }} + # protocol: TCP + # name: http-metrics + selector: + app: {{ .Release.Name }}-visualizer +{{- end }} +--- diff --git a/charts/blockscout-stack/templates/visualizer/serviceMonitor.yml b/charts/blockscout-stack/templates/visualizer/serviceMonitor.yml new file mode 100644 index 00000000..3cae0d74 --- /dev/null +++ b/charts/blockscout-stack/templates/visualizer/serviceMonitor.yml @@ -0,0 +1,14 @@ +# {{- if .Values.visualizer.enabled }} +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: {{ .Release.Name }}-visualizer +# spec: +# endpoints: +# - scrapeTimeout: 10s +# port: http-metrics +# path: /metrics +# selector: +# matchLabels: +# app: {{ .Release.Name }}-visualizer +# {{- end }} diff --git a/charts/blockscout-stack/values.yaml b/charts/blockscout-stack/values.yaml new file mode 100644 index 00000000..9f3273fd --- /dev/null +++ b/charts/blockscout-stack/values.yaml @@ -0,0 +1,1751 @@ +global: + env: testnet + +# enable Blockscout deploy +blockscout: + app: blockscout + enabled: false + image: + _default: blockscout/blockscout:latest + + replicas: + app: 1 + docker: + port: 80 + targetPort: 4000 + + # init container + init: + enabled: true + image: + _default: blockscout/blockscout:latest + command: + - /bin/sh + args: + - -c + - bin/blockscout eval "Elixir.Explorer.ReleaseTasks.create_and_migrate()" + volumes: + enabled: false + list: + tmpdir: /tmp/mountdir + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + command: + - /bin/sh + args: + - -c + - bin/blockscout start + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + path: + prefix: + - "/" + exact: {} + + # probes + livenessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "0.5" + requests: + memory: + _default: "1Gi" + cpu: + _default: "0.5" + + # enable service to connect to RDS + rds: + enabled: false + endpoint: + _default: ..rds.amazonaws.com + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + terminationGracePeriodSeconds: 300 + + # Blockscout environment variables + environment: {} + # ENV: + # _default: test + +postgres: + enabled: false + image: postgres:13.8 + port: 5432 + + command: + args: + + customShm: + enabled: false + + strategy: RollingUpdate + + service: + type: ClusterIP + + persistence: false + storageClass: gp3-new + storage: 100Gi + mountPath: /var/lib/postgresql/data + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + + files: + enabled: false + mountPath: /docker-entrypoint-initdb.d + list: {} + # init.sql: | + # CREATE USER myUser; + + # CREATE DATABASE myApp_dev; + # GRANT ALL PRIVILEGES ON DATABASE myApp_dev TO myUser; + + # CREATE DATABASE myApp_test; + # GRANT ALL PRIVILEGES ON DATABASE myApp_test TO myUser; + + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "1Gi" + cpu: + _default: "0.2" + + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + environment: {} + # PGDATA: + # _default: /var/lib/postgresql/data/pgdata + # POSTGRES_USER: + # _default: + # POSTGRES_PASSWORD: + # _default: + # POSTGRES_DB: + # _default: + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + +# enable geth deploy +geth: + enabled: false + image: + _default: ethereum/client-go:stable + + replicas: + app: 1 + + # porthttp and portws required, everything else is optional + ports: + http: + number: 8545 + protocol: TCP + ws: + number: 8546 + protocol: TCP + # port-discovery: + # number: 30303 + # protocol: TCP + + environment: {} + + files: + enabled: false + list: {} + # file.txt: | + # test + mountPath: /tmp/path + + persistence: + enabled: false + mountPath: path + storageClass: gp3-new + storage: + _default: 10Gi + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + # additional volumes + additionalVolumes: {} + # vol1: + # name: vol11 + # mountPath: /opt/bas + # existingPV: {} + # # e2e: 'fgg' + # storage: {} + # # e2e: '10Gi' + + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + command: + - sh + - ./root/init.sh + args: [] + + # init container + init: + enabled: false + image: + _default: blockscout/blockscout:latest + command: + - /bin/bash + args: + - -c + - sleep 100 + volumes: + enabled: false + list: {} + # geth: /tmp/mountdir + + # enable client deploy (Prysm, lighthouse, nimbus, etc.) + client: + enabled: false + image: + _default: gcr.io/prysmaticlabs/prysm/beacon-chain:stable + # command: '["sh","./root/init.sh"]' + # args: '' + ports: + port-tcp: + number: 13000 + protocol: TCP + # port-udp: + # number: 12000 + # protocol: UDP + # port-rpc: + # number: 4000 + # protocol: TCP + # port-monitoring: + # number: 8080 + # protocol: TCP + persistence: + enabled: false + mountPath: path + storageClass: gp3-new + storage: + _default: 100Gi + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + additionalVolumes: {} + # vol1: + # name: vol11 + # mountPath: /opt/bas + # existingPV: {} + # # e2e: 'fgg' + # storage: {} + # # e2e: '10Gi' + files: + enabled: false + list: {} + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: false + host: + # enable https + tls: + enabled: false + createSecret: false + environment: {} + resources: + limits: + memory: + _default: "6Gi" + cpu: + _default: "3" + requests: + memory: + _default: "6Gi" + cpu: + _default: "3" + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + resources: + limits: + memory: + _default: "6Gi" + cpu: + _default: "3" + requests: + memory: + _default: "6Gi" + cpu: + _default: "3" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + host: + # enable https + tls: + enabled: false + createSecret: false + + files: + enabled: false + mountPath: /root + list: {} + + jwt: + enabled: false + token: '' + mountPath: /geth/geth/jwtsecret + +# enable Node l2geth deploy +node: + enabled: false + + image: + _default: ethereumoptimism/l2geth:latest + + replicas: + app: 1 + + command: '["/bin/sh","-c"]' + args: '["/scripts/check-for-chaindata-berlin.sh", "&&", "/scripts/l2geth-start.sh"]' + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + portHttp: 8545 + portWs: 8546 + + persistence: + enabled: false + storageClass: gp3-new + storage: + _default: 10Gi + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + additionalVolumes: {} + # vol1: + # name: vol11 + # mountPath: /opt/bas + # existingPV: {} + # # e2e: 'fgg' + # storage: {} + # # e2e: '10Gi' + + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + files: + enabled: false + list: + check-for-chaindata-berlin.sh: |- + #!/bin/sh + set -exu + + echo running "${0}" + + GETH_DATA_DIR=/geth + GETH_CHAINDATA_DIR=$GETH_DATA_DIR/geth/chaindata + GETH_KEYSTORE_DIR=$GETH_DATA_DIR/keystore + + if [ ! -d "$GETH_KEYSTORE_DIR" ]; then + echo "$GETH_KEYSTORE_DIR missing, running account import" + echo -n "$BLOCK_SIGNER_PRIVATE_KEY_PASSWORD" > "$GETH_DATA_DIR"/password + echo -n "$BLOCK_SIGNER_PRIVATE_KEY" > "$GETH_DATA_DIR"/block-signer-key + geth account import \ + --datadir="$GETH_DATA_DIR" \ + --password="$GETH_DATA_DIR"/password \ + "$GETH_DATA_DIR"/block-signer-key + echo "get account import complete" + fi + + if [ ! -d "$GETH_CHAINDATA_DIR" ]; then + echo "$GETH_CHAINDATA_DIR missing, running init" + geth init --datadir="$GETH_DATA_DIR" "$L2GETH_GENESIS_URL" "$L2GETH_GENESIS_HASH" + echo "geth init complete" + else + echo "$GETH_CHAINDATA_DIR exists, checking for hardfork." + echo "Chain config:" + geth dump-chain-cfg --datadir="$GETH_DATA_DIR" + if geth dump-chain-cfg --datadir="$GETH_DATA_DIR" | grep -q "\"berlinBlock\": $L2GETH_BERLIN_ACTIVATION_HEIGHT"; then + echo "Hardfork already activated." + else + echo "Hardfork not activated, running init." + geth init --datadir="$GETH_DATA_DIR" "$L2GETH_GENESIS_URL" "$L2GETH_GENESIS_HASH" + echo "geth hardfork activation complete" + fi + fi + l2geth-start.sh: |- + #!/bin/sh + set -eou + if [[ -z $DATADIR ]]; then + echo "Must pass DATADIR" + exit 1 + fi + if [[ -z $BLOCK_SIGNER_ADDRESS ]]; then + echo "Must pass BLOCK_SIGNER_ADDRESS" + exit 1 + fi + exec geth \ + --vmodule=eth/*=5,miner=4,rpc=5,rollup=4,consensus/clique=1 \ + --datadir=$DATADIR \ + --password=$DATADIR/password \ + --allow-insecure-unlock \ + --unlock=$BLOCK_SIGNER_ADDRESS \ + --mine \ + --miner.etherbase=$BLOCK_SIGNER_ADDRESS \ + --gcmode=$NODE_TYPE \ + # --metrics \ + # --metrics.influxdb \ + # --metrics.influxdb.endpoint=http://influxdb:8086 \ + # --metrics.influxdb.database=l2geth \ + $@ + + environment: + ############################################################################### + # ↓ OPTIMISM OPTIONS ↓ # + ############################################################################### + + USING_OVM: + _default: 'true' + SEQUENCER_CLIENT_HTTP: + _default: https://goerli.optimism.io + BLOCK_SIGNER_ADDRESS: + _default: 0x27770a9694e4B4b1E130Ab91Bc327C36855f612E + BLOCK_SIGNER_PRIVATE_KEY: + _default: da5deb73dbc9dea2e3916929daaf079f75232d32a2cf37ff8b1f7140ef3fd9db + BLOCK_SIGNER_PRIVATE_KEY_PASSWORD: + _default: pwd + ETH1_CTC_DEPLOYMENT_HEIGHT: + _default: '7017096' + ETH1_SYNC_SERVICE_ENABLE: + _default: 'true' + L2GETH_GENESIS_URL: + _default: https://storage.googleapis.com/optimism/goerli/goerli-devnet-genesis-2022-06.json + L2GETH_GENESIS_HASH: + _default: 0x1067d2037744f17d34e3ceb88b0d654a3798f5d12b79b348085f13f1ec458636 + L2GETH_BERLIN_ACTIVATION_HEIGHT: + _default: 0 + ROLLUP_BACKEND: + _default: l1 + ROLLUP_CLIENT_HTTP: + _default: http://dtl-svc:7878 + ROLLUP_DISABLE_TRANSFERS: + _default: 'false' + ROLLUP_ENABLE_L2_GAS_POLLING: + _default: 'false' + ROLLUP_GAS_PRICE_ORACLE_OWNER_ADDRESS: + _default: 0xc8910a1957d276cE5634B978d908B5ef9fB0e05B + ROLLUP_MAX_CALLDATA_SIZE: + _default: 40000 + ROLLUP_POLL_INTERVAL_FLAG: + _default: 1s + ROLLUP_SYNC_SERVICE_ENABLE: + _default: true + ROLLUP_TIMESTAMP_REFRESH: + _default: 5m + ROLLUP_VERIFIER_ENABLE: + _default: 'true' + + ############################################################################### + # ↓ STANDARD OPTIONS ↓ # + ############################################################################### + + DATADIR: + _default: /geth + CHAIN_ID: + _default: 420 + NETWORK_ID: + _default: 420 + NO_DISCOVER: + _default: 'true' + NO_USB: + _default: 'true' + GASPRICE: + _default: 0 + TARGET_GAS_LIMIT: + _default: '15000000' + RPC_ADDR: + _default: 0.0.0.0 + RPC_API: + _default: eth,rollup,net,web3,debug + RPC_CORS_DOMAIN: + _default: '*' + RPC_ENABLE: + _default: 'true' + RPC_PORT: + _default: 8545 + RPC_VHOSTS: + _default: '*' + WS_ADDR: + _default: 0.0.0.0 + WS_API: + _default: eth,rollup,net,web3,debug + WS_ORIGINS: + _default: '*' + WS: + _default: 'true' + + environmentCommon: + ############################################################################### + # ↓ REQUIRED ↓ # + ############################################################################### + + # Network to run the node on ("mainnet" or "goerli") + NETWORK_NAME: + _default: goerli + + # Type of node to run ("full" or "archive"), note that "archive" is 10x bigger + NODE_TYPE: + _default: archive + + # Reference L2 node to run healthcheck against + HEALTHCHECK__REFERENCE_RPC_PROVIDER: + _default: + + # L1 node to run fault detection against + FAULT_DETECTOR__L1_RPC_PROVIDER: + _default: + + # L1 node to get chain data from + DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT: + _default: + + ############################################################################### + # ↓ NO TOUCHING ↓ # + ############################################################################### + + # Seriously, don't modify these! + RESTART: + _default: unless-stopped + + resources: + limits: + memory: + _default: "6Gi" + cpu: + _default: "3" + requests: + memory: + _default: "6Gi" + cpu: + _default: "3" + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: true + host: + _default: optimism-goerli-node.aws-k8s.blockscout.com + # enable https + tls: + enabled: false + createSecret: false + + dtl: + enabled: true + image: + _default: ethereumoptimism/data-transport-layer:latest + port: 7878 + persistence: + enabled: false + storageClass: gp3-new + storage: + _default: 10Gi + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + additionalVolumes: {} + # vol1: + # name: vol11 + # mountPath: /opt/bas + # existingPV: {} + # # e2e: 'fgg' + # storage: {} + # # e2e: '10Gi' + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: false + resources: + limits: + memory: + _default: "200m" + cpu: + _default: "0.1" + requests: + memory: + _default: "200m" + cpu: + _default: "0.1" + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + environment: {} + # DATA_TRANSPORT_LAYER__ADDRESS_MANAGER: + # _default: 0xa6f73589243a6A7a9023b1Fa0651b1d89c177111 + # DATA_TRANSPORT_LAYER__SYNC_FROM_L1: + # _default: 'true' + # DATA_TRANSPORT_LAYER__SYNC_FROM_L2: + # _default: 'false' + # DATA_TRANSPORT_LAYER__L1_START_HEIGHT: + # _default: '7017096' + # DATA_TRANSPORT_LAYER__CONFIRMATIONS: + # _default: 12 + # DATA_TRANSPORT_LAYER__DANGEROUSLY_CATCH_ALL_ERRORS: + # _default: 'true' + # DATA_TRANSPORT_LAYER__DB_PATH: + # _default: /db + # DATA_TRANSPORT_LAYER__DEFAULT_BACKEND: + # _default: l1 + # DATA_TRANSPORT_LAYER__L1_GAS_PRICE_BACKEND: + # _default: l1 + # DATA_TRANSPORT_LAYER__ENABLE_METRICS: + # _default: 'true' + # DATA_TRANSPORT_LAYER__ETH_NETWORK_NAME: + # _default: goerli + # DATA_TRANSPORT_LAYER__L2_CHAIN_ID: + # _default: 420 + # DATA_TRANSPORT_LAYER__LOGS_PER_POLLING_INTERVAL: + # _default: 2000 + # DATA_TRANSPORT_LAYER__NODE_ENV: + # _default: production + # DATA_TRANSPORT_LAYER__POLLING_INTERVAL: + # _default: 500 + # DATA_TRANSPORT_LAYER__SENTRY_TRACE_RATE: + # _default: 0.05 + # DATA_TRANSPORT_LAYER__SERVER_HOSTNAME: + # _default: 0.0.0.0 + # DATA_TRANSPORT_LAYER__SERVER_PORT: + # _default: 7878 + # DATA_TRANSPORT_LAYER__TRANSACTIONS_PER_POLLING_INTERVAL: + # _default: 1000 + + healthcheck: + enabled: true + image: + _default: ethereumoptimism/replica-healthcheck:latest + port: 7300 + resources: + limits: + memory: + _default: "200m" + cpu: + _default: "0.1" + requests: + memory: + _default: "200m" + cpu: + _default: "0.1" + persistence: + enabled: false + storageClass: gp3-new + storage: + _default: 10Gi + existingPV: {} + # testnet: 'pvc-testnet' + # mainnet: 'pvc-mainnet' + additionalVolumes: {} + # vol1: + # name: vol11 + # mountPath: /opt/bas + # existingPV: {} + # # e2e: 'fgg' + # storage: {} + # # e2e: '10Gi' + # probes + livenessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + environment: + HEALTHCHECK__TARGET_RPC_PROVIDER: + _default: http://node-svc:8545 + + faultDetector: + enabled: false + image: + _default: ethereumoptimism/fault-detector:latest + +# enable Smart-contract-verifier deploy +scVerifier: + enabled: false + image: + _default: ghcr.io/blockscout/smart-contract-verifier:latest + pullPolicy: IfNotPresent + + replicas: + app: 1 + + ports: + http: + http: + number: 8050 + protocol: TCP + host: 'http.' + path: "/" + pathType: Prefix + metrics: + number: 6060 + protocol: TCP + host: "metrics." + path: "/metrics" + pathType: Exact + grpc: + enabled: true + number: 8051 + protocol: TCP + host: 'grpc.' + path: "/" + pathType: Prefix + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health?service= + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health?service= + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # enable Horizontal Pod Autoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: + SMART_CONTRACT_VERIFIER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + SMART_CONTRACT_VERIFIER__SERVER__GRPC__ADDR: + _default: 0.0.0.0:8051 + SMART_CONTRACT_VERIFIER__SOLIDITY__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__SOLIDITY__COMPILERS_DIR: + _default: /tmp/solidity-compilers + SMART_CONTRACT_VERIFIER__SOLIDITY__REFRESH_VERSIONS_SCHEDULE: + _default: 0 0 * * * * * + + # It depends on the OS you are running the service on + # SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL: + # _default: https://solc-bin.ethereum.org/linux-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/macosx-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/windows-amd64/list.json + + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ACCESS_KEY: + _default: + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__SECRET_KEY: + _default: + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__REGION: + _default: "" + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ENDPOINT: + _default: + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__BUCKET: + _default: + + SMART_CONTRACT_VERIFIER__SOURCIFY__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__SOURCIFY__API_URL: + _default: + SMART_CONTRACT_VERIFIER__SOURCIFY__VERIFICATION_ATTEMPTS: + _default: 3 + SMART_CONTRACT_VERIFIER__SOURCIFY__REQUEST_TIMEOUT: + _default: 10 + + SMART_CONTRACT_VERIFIER__METRICS__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__METRICS__ADDR: + _default: 0.0.0.0:6060 + SMART_CONTRACT_VERIFIER__METRICS__ROUTE: + _default: /metrics + + SMART_CONTRACT_VERIFIER__JAEGER__ENABLED: + _default: 'false' + SMART_CONTRACT_VERIFIER__JAEGER__AGENT_ENDPOINT: + _default: + +# enable stats deploy +stats: + enabled: false + image: + _default: ghcr.io/blockscout/stats:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + # enable service to connect to RDS + rds: + enabled: false + endpoint: + _default: ..rds.amazonaws.com + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # if we want to mount some files in container + files: + enabled: false + list: {} + # file.txt: | + # test + mountPath: /tmp/path + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: false + path: /health + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: /health + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # enable Horizontal Pod Autoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: {} + # DATABASE_URL: + # # postgres pod + # _default: postgresql://:@postgres:5432/ + # # RDS + # _default: postgresql://:@db-stats-svc:5432/ + +# enable visualizer deploy +visualizer: + enabled: false + image: + _default: ghcr.io/blockscout/visualizer:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: + VISUALIZER__SERVER__HTTP__ENABLED: + _default: 'true' + VISUALIZER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + VISUALIZER__SERVER__GRPC__ENABLED: + _default: 'false' + +frontend: + # set this value same as in blockscout to use one URL for blockscout and frontend + app: frontend + enabled: false + + image: + _default: ghcr.io/blockscout/frontend:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + ingress: + enabled: true + annotations: {} + host: + _default: blockscout-frontend.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + path: + prefix: + - "/" + exact: {} + + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: false + path: /api/healthz + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: false + path: /api/healthz + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 30 + + environment: {} + # NEXT_PUBLIC_APP_PROTOCOL: + # _default: http + # NEXT_PUBLIC_APP_HOST: + # _default: localhost + # NEXT_PUBLIC_APP_PORT: + # _default: 3000 + # NEXT_PUBLIC_BLOCKSCOUT_VERSION: + # _default: v4.1.7-beta + # NEXT_PUBLIC_FOOTER_GITHUB_LINK: + # _default: https://github.com/blockscout/blockscout + # NEXT_PUBLIC_FOOTER_TWITTER_LINK: + # _default: https://www.twitter.com/blockscoutcom + # NEXT_PUBLIC_APP_INSTANCE: + # _default: local + # NEXT_PUBLIC_FOOTER_TELEGRAM_LINK: + # _default: https://t.me/poa_network + # NEXT_PUBLIC_FOOTER_STAKING_LINK: + # _default: https://duneanalytics.com/maxaleks/xdai-staking + # NEXT_PUBLIC_NETWORK_NAME: + # _default: POA + # NEXT_PUBLIC_NETWORK_SHORT_NAME: + # _default: POA + # NEXT_PUBLIC_NETWORK_ASSETS_PATHNAME: + # _default: poa + # NEXT_PUBLIC_NETWORK_TYPE: + # _default: poa + # NEXT_PUBLIC_NETWORK_SUBTYPE: + # _default: core + # NEXT_PUBLIC_NETWORK_ID: + # _default: 99 + # NEXT_PUBLIC_NETWORK_CURRENCY: + # _default: POA + # NEXT_PUBLIC_NETWORK_TOKEN_ADDRESS: + # _default: 0x029a799563238d0e75e20be2f4bda0ea68d00172 + # NEXT_PUBLIC_IS_ACCOUNT_SUPPORTED: + # _default: 'true' + # NEXT_PUBLIC_FEATURED_NETWORKS: + # _default: "[{'title':'Gnosis Chain','basePath':'/xdai/mainnet','group':'mainnets'},{'title':'Optimism on Gnosis Chain','basePath':'/xdai/optimism','group':'mainnets','icon':'https://www.fillmurray.com/60/60'},{'title':'Arbitrum on xDai','basePath':'/xdai/aox','group':'mainnets'},{'title':'Ethereum','basePath':'/eth/mainnet','group':'mainnets'},{'title':'Ethereum Classic','basePath':'/etx/mainnet','group':'mainnets'},{'title':'POA','basePath':'/poa/core','group':'mainnets'},{'title':'RSK','basePath':'/rsk/mainnet','group':'mainnets'},{'title':'Gnosis Chain Testnet','basePath':'/xdai/testnet','group':'testnets'},{'title':'POA Sokol','basePath':'/poa/sokol','group':'testnets'},{'title':'ARTIS Σ1','basePath':'/artis/sigma1','group':'other'},{'title':'LUKSO L14','basePath':'/lukso/l14','group':'other'},{'title':'Astar','basePath':'/astar','group':'other'}]" + # NEXT_PUBLIC_SENTRY_DSN: + # _default: https://fdcd971162e04694bf03564c5be3d291@o1222505.ingest.sentry.io/4503902500421632 + # SENTRY_CSP_REPORT_URI: + # _default: https://o1222505.ingest.sentry.io/api/4503902500421632/security/?sentry_key=fdcd971162e04694bf03564c5be3d291 + +# enable blockscout-allowance +allowance: + enabled: false + + image: + _default: ghcr.io/blockscout/blockscout-allowance:main + + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + ingress: + enabled: true + annotations: {} + host: + _default: blockscout-allowance.apps.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + path: + prefix: + - "/" + exact: {} + + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + + # probes + livenessProbe: + enabled: true + path: /healthz + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /healthz + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + environment: {} + +# enable sig-provider deploy +sigProvider: + enabled: false + image: + _default: ghcr.io/blockscout/sig-provider:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health?service= + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health?service= + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: {} + # ENV: + # _default: 'true' + +# enable eth-bytecode-db deploy +ethBytecodeDb: + enabled: false + image: + _default: ghcr.io/blockscout/eth-bytecode-db:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + # enable service to connect to RDS + rds: + enabled: false + endpoint: + _default: ..rds.amazonaws.com + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: {} + # ENV: + # _default: 'true' + # DATABASE_URL: + # # postgres pod + # _default: postgresql://:@postgres:5432/ + # # RDS + # _default: postgresql://:@db-eth-bytecode-db-svc:5432/ + +# enable admin-rs deploy +adminRs: + enabled: false + image: + _default: ghcr.io/blockscout/visualizer:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + # metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + # if we want to mount some files in container + files: + enabled: false + list: {} + # file.txt: | + # test + mountPath: /tmp/path + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + environment: {} + # ENV: + # _default: 'test' + +# enable admin-ts deploy +adminTs: + enabled: false + image: + _default: ghcr.io/blockscout/visualizer:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8080 + # metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /admin + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /admin + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + environment: {} + # ENV: + # _default: 'test' + +# enable contracts-info deploy +contractsInfo: + enabled: false + image: + _default: ghcr.io/blockscout/visualizer:main + pullPolicy: IfNotPresent + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + # metricsPort: 6060 + + strategy: RollingUpdate + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: false + annotations: {} + host: + _default: + # enable https + tls: + enabled: false + # do we need to create a secret or use existing one (for example, wildcard) + createSecret: false + + # if we want to mount some files in container + files: + enabled: false + list: {} + # file.txt: | + # test + mountPath: /tmp/path + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 100 + periodSeconds: 100 + timeoutSeconds: 30 + readinessProbe: + enabled: true + path: /health + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + + environment: {} + # ENV: + # _default: 'test' + +# enable token-info-extractor deploy +tokenInfoExtractor: + enabled: false + image: + _default: ghcr.io/blockscout/token-info-extractor:main + schedule: + _default: "0 20 * * *" + # if we want to mount some files in container + files: + enabled: true + list: + networks.json: | + { + "networks": { + "goerli": { + "chain_id": 5 + }, + "ethereum": { + "chain_id": 1 + } + } + } + mountPath: /app/config + + resources: + limits: + memory: + _default: "256Mi" + cpu: + _default: "250m" + requests: + memory: + _default: "96Mi" + cpu: + _default: "100m" + + # node label + nodeSelector: + enabled: false + labels: + _default: + app: blockscout + + environment: {} + # ENV: + # _default: 'test' diff --git a/charts/blockscout-stack/values/e2e/.sops.yaml b/charts/blockscout-stack/values/e2e/.sops.yaml new file mode 100644 index 00000000..ca70dd5a --- /dev/null +++ b/charts/blockscout-stack/values/e2e/.sops.yaml @@ -0,0 +1,6 @@ + +--- +creation_rules: + - path_regex: ^(.+/)?secrets\.yaml$ + pgp: >- + 99E83B7490B1A9F51781E6055317CE0D5CE1230B diff --git a/charts/blockscout-stack/values/e2e/secrets.yaml b/charts/blockscout-stack/values/e2e/secrets.yaml new file mode 100644 index 00000000..de90dadf --- /dev/null +++ b/charts/blockscout-stack/values/e2e/secrets.yaml @@ -0,0 +1,104 @@ +blockscout: + environment: + ACCOUNT_USERNAME: + _default: ENC[AES256_GCM,data:n9Wc7xjBFdWHJNaKBwpVVykz3FbBtqicKdf6yD/kMLKuts/0Rv8vfQ20gSahIvSbbno=,iv:FRyRAwelWF1PHqbIJX09MH+VVqW53luYraLYq/A21j4=,tag:YUejqoXCZjWNUhRZ9emd+g==,type:str] + ACCOUNT_PASSWORD: + _default: ENC[AES256_GCM,data:JVEI0zxaV0pNe74DDB75gt0=,iv:v05W/HN2vzF85yuYWjJYDm1IWgYd2UdeMEnXgfVbYfo=,tag:+8afW2VG1z8ke78vM4N+Lw==,type:str] + MAILSLURP_API_KEY: + _default: ENC[AES256_GCM,data:8RffJ77fEUMK41bBeFbJDaqvvbVgtoSKbVItKkWl3TaV7V605qQLdRPPo9pc4wpWDYtMDPZ7du9rjjr8R16jpg==,iv:voau83nNEXZN65F/ZEno0TOEToCEHBNt7tiAFigIqlI=,tag:Q9Ozhcnz32aNmYiVg3c6Rw==,type:str] + MAILSLURP_EMAIL_ID: + _default: ENC[AES256_GCM,data:xTJjX9TJvcWNHGtlIPrsyI1FrQfTx5mz/ImA2PQjPWzo59q5,iv:mhu9H73Dg6q8aYhPU7+ly5HGJddUmLi3AuoAWePbvtc=,tag:wyi0Y7FH8zTwjtft5nAsLg==,type:str] + ACCOUNT_AUTH0_DOMAIN: + _default: ENC[AES256_GCM,data:dhZF85GiypKiyY3TBIuZfNhtTk+qMU0Kz9k=,iv:kEfANVJvafgxvjR7tYQc1S5JUJVfULPJJCKovBeBGgI=,tag:3Ct3Fe3Z3ptMTEnJyr7Ikg==,type:str] + ACCOUNT_AUTH0_CLIENT_ID: + _default: ENC[AES256_GCM,data:EwwKe/7UIwJ+zPX+/fIIT3dLXU/h7Ac1ekPWiAvJgSs=,iv:doEqk3GNyp824eCGMeRw2USmx1D0MXfArfQDlqdQ73o=,tag:h6Z/dDUcV1gWhu/Tv4yMOQ==,type:str] + ACCOUNT_AUTH0_CLIENT_SECRET: + _default: ENC[AES256_GCM,data:aKiCLKsF8pUKiBw5BxUOfFjTmDnDIR/2rnTut1hGMedi9Tjvt1nQURSe24v3B4TVrFORx6RnT/09euTmzr9jmw==,iv:paEP96vIgO08T85xf6Ql01jWQ2zZ9nhqeXGBXFOaKLI=,tag:ddWyGN91N8U/HWG57bIM0Q==,type:str] + ACCOUNT_AUTH0_CALLBACK_URL: + _default: ENC[AES256_GCM,data:bp3LCOqwW9lQ8UI1FIQ4BHm+1Wycu9ODqyFgE3akxtYuOiPP/GbZ3Eeqwc/sUbhWUKsgIJvFwBogTIrHuLZAhdts5fNHZjM/,iv:h1Uos1aqWP30CcHjUeAwfaIjKBIFlto7D8eFNBDVQsc=,tag:GIvsLdcOjpgTHzp7uzvYFw==,type:str] + ACCOUNT_AUTH0_LOGOUT_RETURN_URL: + _default: ENC[AES256_GCM,data:Kog5QPhKrgTtLSn+bSRFj4L0jhiTjddNacNlLskZo9JZdiDBlbG0UGK6XzHv/w/rvTMnS/JWA31boVtfLONQbA==,iv:c2kqODmzI5o+MfFbmvEM+mDRpl++jiZ7z1DauOuk2cw=,tag:jdUPszjSTO6TmCbxx44U+A==,type:str] + ACCOUNT_AUTH0_LOGOUT_URL: + _default: ENC[AES256_GCM,data:FpIq9cXpqmBXpmVBj9seZB7vpbuJ5q+Iz5ChgL7+g6dgosufrO93tl4wsQk=,iv:DM4qKBrIyeQOmMMSPhEKiW26kEL0yHVA58na8tXZX0o=,tag:kTEy1KUinGUfe/cq1UARQA==,type:str] + ACCOUNT_SENDGRID_API_KEY: + _default: ENC[AES256_GCM,data:/oy/lGAzJbsueQU9BFeuwuWa4gJZyDIW4ZajqtahQMtQaAqyU3ycjt32Bjb01Z7YlC7amG143seQbomnMGVyBGaS3CdX,iv:LZplkaThZNz9P9RGgEo/mV1VBPkGyIqqkY5y4aWM2Pg=,tag:bXThS8axsfTGox0yspLLhg==,type:str] + ACCOUNT_SENDGRID_SENDER: + _default: ENC[AES256_GCM,data:jnaN7XRQnjAJ1oOcswIBiBE8ZWqT4Q==,iv:WJHNTmwzE5FgZcu8hqoSiwWjYlr9fARW0nZY+ci/2eI=,tag:Ks+yhmJCA9hscHUYk3e+9g==,type:str] + ACCOUNT_SENDGRID_TEMPLATE: + _default: ENC[AES256_GCM,data:26r5ti5xVwlf5Fr4vtNxmk1mYxg5DjcI9IO12WSI8dIlcA==,iv:hc9YA3Y0Lney3/+fpTeVEX0GuuxdhNJFpd4B30mGHOc=,tag:8k/GfGHzdylAwTs0QWFXQg==,type:str] + ACCOUNT_PUBLIC_TAGS_AIRTABLE_URL: + _default: ENC[AES256_GCM,data:b/+BmS5vj6rtKGFHdODTiMGAU05WG0MTT9rQtFXLkKPL+zv4ehKRB9vDa/FwlTNldkOFooIdDfys2H4fuKw=,iv:PvMXWccd47dZNdSWMnrSZceSTcgRNLelCB3F/UjcSkU=,tag:iwwRZrEUqyR5B84iUh5vkQ==,type:str] + ACCOUNT_PUBLIC_TAGS_AIRTABLE_API_KEY: + _default: ENC[AES256_GCM,data:iB6TmQnrDZWUBA+DDzvKzB4=,iv:tdkeUx/29qRS7goAsLnvVhf8bBhZ4clIdKsb38knYQs=,tag:w0+iUNGkzN5ZGdD6Cvm3yQ==,type:str] + ACCOUNT_CLOAK_KEY: + _default: ENC[AES256_GCM,data:kmbDlujc+JB7VNsMEwnlTXIC9zuN0smaYKYvmfMCVk484qe+1fbmhgeW0rM=,iv:b/sPf2xfGJgMgDL4UIF7K5iFuKJD3XfLIUI86E/Ltno=,tag:/lJj8VKQlYeDpsGYbqkVAg==,type:str] + SECRET_KEY_BASE: + _default: ENC[AES256_GCM,data:pojKRWQIlKeiqpGxEPe0p3n2VGe5zgBMvowU5jZzNofnoRXtgXPKdFpsWNPVzYtxFUOliNt5YmuIoQfobE1eaWqk2HVmQkvluSsJZuodkipFvc5bo5P1wzJGeOJ/hd+7dxYsdjKhqpWU1+OETpEy9VTxNCU8DzaIWPCddrS4Kt4=,iv:U7eTYtpNFcqXDbvGHX+P2WnQWhzBKMO3xZBiZVLXN4w=,tag:j0nNFBZhOBbI87bA8XjizQ==,type:str] + DATABASE_URL: + _default: ENC[AES256_GCM,data:9MKvBnelyJTdRBUuwL5oqmyBB4fphgYnQdKTzdL12gpNbDBdZTDVTeU/RHyL2rcuaHKLN6yEG10N6MZ4dEXAciQ=,iv:Uj3KA7kyRETJmW3LK41ziJsIpuq50PcggH7wDDOCSIw=,tag:gUswuDk7AefQerkqoRpKPg==,type:str] + ACCOUNT_DATABASE_URL: + _default: ENC[AES256_GCM,data:b6ZuCyEkINzvv2osvlQP8iTh4fwoivVCPOEKy5QRHs0cbVW4f3bp//HATPuAhD2T3MA/OSyqv5Xh6DpRjKPBV68=,iv:Yon9UJXtBmAXUX/G7BSKsbCT64eqM0nJ3AiMvgTxeRM=,tag:jWb4JgTI4b/bEbhgTuPBXg==,type:str] + ACCOUNT_REDIS_URL: + _default: ENC[AES256_GCM,data:a+lfkUrRstKt8sc/SqlDqr2d0iub9hy3ttzLklGirIuakYay5druY5Yma8WA5fy/E/LgsP0xTIbE2Xvd23L33tpOWeh1KuLsiM0W+D6NIInf,iv:s3mMrzKfw0OMsYScu1xaqfK6uTgR/Pp57FR+nvuK1lA=,tag:nkk22fDDQEr7UIKfCxTtHA==,type:str] + RE_CAPTCHA_SECRET_KEY: + _default: ENC[AES256_GCM,data:R7dHYaSltCfRURRFtC/ZDQqW98/ws5o9oZtWnQ9/vl43PunNJjFLfQ==,iv:Qv06ImZLkM+hpNraqt+zJCBKtLGiq86ganmAQrAVzS0=,tag:6J0pC2fcCZrwMTt7TLFGjg==,type:str] + RE_CAPTCHA_CLIENT_KEY: + _default: ENC[AES256_GCM,data:BzRSKbSYNNPpq9uJvG6SDc/89hJvT3u7JoMq7dKjR34feo+REfSdPQ==,iv:cyr1WIekT3VTGnY4G02kuqJs3VHTE1d4zoW6xZ3XngU=,tag:lDgPTw352l8vIxUWfyK27Q==,type:str] +scVerifier: + environment: + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ACCESS_KEY: + _default: ENC[AES256_GCM,data:bxOvS8QN4H+JoRfL/TQwS9dFNiWX61ux,iv:OuzPIIg/lv0ygj8J2O9t0RvBqrWd4vKOireWtHOaFTA=,tag:k9ge/tzMHmIAmTnIGjPyuQ==,type:str] + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__SECRET_KEY: + _default: ENC[AES256_GCM,data:97X6T2I1bZzNDR3Nb1tyc0GACKl4SECeQkb+iI0yDWcZbpMJRH56MQ==,iv:7JRq5nyr0nTjib0c0Rld5dANRtkc2d0KAfBCErFngls=,tag:Gq3iBeGmK0jeo0z94bvrlQ==,type:str] + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__BUCKET: + _default: ENC[AES256_GCM,data:p89bs0/NjUsmQ8ms/A==,iv:W/gXfPIAajBlK2KGn2NLaTyYwgQixbTtLjZKdL02ZI0=,tag:HaIqLb9suYmB5fJI1/Ghsg==,type:str] +postgres: + environment: + POSTGRES_PASSWORD: + _default: ENC[AES256_GCM,data:sL3yuVfpyRw=,iv:Dx+UOVcVaPjyeXaIMMEMRJC32L50R8TPK3iwR/APmJs=,tag:DSAw2Q45skw0pvctx1gPBQ==,type:str] + POSTGRES_DB: + _default: ENC[AES256_GCM,data:AeTupGw/FWZTMA==,iv:hMwGd/ctSD2gzDEfQ9dNb0XjAO2IBhhV+47meWDhQio=,tag:qF169hU9fjQ5J7pjtJSgYw==,type:str] +geth: + files: + list: + genesis.json: ENC[AES256_GCM,data:52IK/W78eh0vT1APmAXroNL8iHTR/1ojT7ZizAHD1Tdrcg8Gw/xdD9P9Ow2WqZEoLgkMbokOU5ESVMJTQatwSKm3lP83i0wKx7JIQ+JtxyyR3XyY3rblTY3R4v5f+ckiqRYDstzdMnt4XhOQAm6Q07JlN97spwdplNtWFPqTzIEv5/zF6AqDmUcgKT3cKqbafo5ahVOHPg/lt2LrsvuSGM/ENlq3OE6Z9JmZG7nKVrMRkqEleVcb8SLeOFRv+7rSiGhJ6Se1818I4dnWjQCx/KTLpiZJtwZmz2Vurrk2AskcN91P0SK8cDWiR2oR3OP2dke05luhB7EBHHkEXb/62FAhOk0wtBWEkVWSWDMSaPA2fhCciw3d+A/RM0iV9krzw4n4+WyPhSt43a0gVovSxRUkxfJGGqZj5GRT9j8E8bRLi9ZBdGbkGbEUmbv8cgYpMooBTj6rlzPHGP2kv7yJ4NngY6APws6NkIIK0OkHAsP1HFTF07Up5FEtFkUG9Tqr18RU62GnkWPyXvB0aFAHf60mCDkPGove4IPO74xOGUS2cMHxFR7NFo5lyzVwN1ndvkTpxh4JE2v7Nenn65etZq6vbX5O6xBrCBquM9XjZqRaolX0pdYOG8/jdrjNd2EyNimYFDjJ5VejjZV0Un/Z7vO+SHzKpiy+EaWAUNoIix7/XGk0/oL9n3B290t+9EmpqTAu/7CS5E5pq2F6wuDLqpkIZoW2Gxyg3qm7c9xPB2Wl9e6xG3Am8gsQZQ7wVSrmNIgmEFvTI2TufN/5OCxTOJhvoAkuA3EJvpWU9EsjmYAqy8uHa0gu4J+WN17yh2uMeMDKDg2vvekn+FYP0SrpFkBcQ4W2InTQF0BVmwIlrta6wBDVcKT37XxLGpV5C6W5HzMOQ/fnHnEauO4YY8HMvqtyV4wCbibbaM24/NvcYA9EeOKNmLAart4ZVK74jgZyFQVM0mTXm+uU0u8jLXuEAQt+vVSywuQr8Qa7VsWMjegW7+O5zPNJmv7AsB3eQz8kXTLGy4+BQ7PzXMnnuv1krDk70vK7e46oIj7Kmnguf+MQKHlmV+PXBbqjLeSdlfk+oUpoSCikWiPI1fBR41AY0DBgO68qb7b992ezpC25MSI69NX1/JYl/VDoO+2n6WrSUqDYHjQ7xbq+7n4QB3RiavQyASTeXNsNyxIlR+ZsZC29fZlssQKyY1653zVYwUVpBxUAuHX2ytqEMzUoodCFf3sXA4lUGJMEgq6/rsSpVwBt2xB83yWFCFQm/hJRqy3ZCmlk4DYVd/MVc/t2ODvQdg==,iv:HEVGR7XavGkCVRQs/ytln2gn5IIu4x42jeAhK8mAc00=,tag:7DcGtafYe2/qfpAUgqO3Xg==,type:str] + init.sh: ENC[AES256_GCM,data:cjFeSh57rgxDBxEYmMTLzIze//1jpqZuD2F9GAz4bapY0ykJS5VljH6Z62wfYM80Nhvy07xkQN1nuu5UHAdissr4QSFokpKZjCzbz+venbw/ug4dL0NDE8h2X6o3ciQJPe8jC6Ei+blRqkpiXEiDh6GDhOWNpCn6gLcAJPtePg/KiS/KAFm3PnOgjf+iGacuv4J2kzALlin9D6QQYsNyYHhjTH9YrBZZguAvPKdgQGGM3OniaJxx4FcET8aMjIrzVhD4ESwm/rFpKBF11HM1JysIjKOFDS65Z1sm62gdtk6iV6pEthr3Db2XJQL/BBPeL9VHUnLsC6GgZOvxML0rJcyO9yBlhwbtR65EymkSdacB5NXVzCig8Fb2IMhAHmGyEiFnFMBqOgUPwug95VfqTCwEvaxrEbOsGk5j/8w1ZkwTVE9OqlQziCM4gBrASxTRuclCVGazU1GQ4UiJb6i0bjDOP3/78h5PpmbO8NSGvU8IJCIik8G1UIsMpAsmTD8DbUC3ui5JC1VA9v4lu0r7awPOiaW/0anZkoE2FxJK/NsnrODTLXNlYcg7/STCHHSlwoev4E0ANMidGtTv+pamH40KtMxF4PlVbRJbG+FKQMOVuO5R4MJje3EteEyU4ph6hgZD6V1rYpG8iJNkF4RrCr6ZkfUbdp9mgAgiFNtINTyt0Uc868AGUHpRyre9y4fmf88p6IcF/oO1lyF3WeQf4D9zRShbUwnrx0ryPGtgz2idVuPOOJKUGYY9sQ==,iv:c7YKsFJsuMQjBOdyrUWHBD9s7S2lzuHi96Wt+52J4kc=,tag:hR2Y6CsWqCLyQRhKJFTe8A==,type:str] + password.txt: "" +frontend: + environment: + NEXT_PUBLIC_NETWORK_TOKEN_ADDRESS: + _default: ENC[AES256_GCM,data:iDjScwB2WgiYgk0xQZRlvL7/+TcdvHfdpx361OKX+cuJaNo5Mmlge73S,iv:JI66Yl+fJC8QiRaKcLzLwYo2O+chqWGZOhmzIVF1gfM=,tag:g+6pI9D1xnoAt57DdNAJMQ==,type:str] + NEXT_PUBLIC_AUTH0_CLIENT_ID: + _default: ENC[AES256_GCM,data:j45ae8bg6TtnePS5BvABQRxUOwqQhHHRkldqLxBUGcc=,iv:oX+aAz+TWvyRgRnWhWDGlYVLblSl8REET3r0CCY9QUw=,tag:dZo6HxAgJPOc8EL3uuGIPw==,type:str] +stats: + environment: + STATS__DB_URL: + _default: ENC[AES256_GCM,data:2bJ3ZiRPwRcM7l8ekR0g3aiFNa7LujTCsBCIdBCrb6bEFWAET40EKX8LMgC3vyzdiAM=,iv:hyf2vkUhMlCxSHvvMWfrv53KAvInuRAjO2i/wMtx9b4=,tag:18WPm0Q79dF99ltQZH5JoA==,type:str] + STATS__BLOCKSCOUT_DB_URL: + _default: ENC[AES256_GCM,data:LA3a1Wjw1A4HNJyniXK/eIW+imtcoHasWtczn8WpugATFmm68SgDYM47eviHIySb/AJOBFX1Gph1/cLL3CDcCw4=,iv:YUSlq0mP1TMI8Z8jwmyltUkYVYEU0i1cvk9vavIq48Y=,tag:4TM7dof1nzYvDV16aFaPwA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-02-20T15:17:53Z" + mac: ENC[AES256_GCM,data:cWvb+8LZ1wi4P10tu8o6YP2UtzYA2QsXxTch7V3fV5PpsNgjfgyqVmm4c2TAXX7VuJCMd3RukKtju48CYxV9pbPb+dzDqDOzT5IuU8atJ8/wdDLPieVc/+D1tLbu8jH3l/P6MvdiazpONM0vJ+3SxQSQ4EBZ+fjITYuy8b9aZ/k=,iv:y4iZyB2aNivty9Z2ehN1OCRKio2AoGizWunALKZPYHw=,tag:nVzHnbpEaWLuHi7k35/J3g==,type:str] + pgp: + - created_at: "2022-09-22T09:52:10Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA1MXzg1c4SMLAQf/WD1CUDjWm2YTR58vg+T8WwLdFWpmLdqRlJVnKCPg0E13 + dJXaLmNf2wVLFfVJg3pVpIT9LXphER+y+85ZTm6GUA0HZz8UrklfuIL1xprptcHY + ocLPI7Jq6zbOEfakHlQX6AdA6Nl2DxZGSb0QWjjkC5UX9PfeTYQheHToiRwWEX2A + RrSm2yxzM6SXjUw6/895Il9lWzyJPbBp2EIeOqr2RkobPWRHJox7Sm0Mi91VXWMH + P8lQZjMBOE9n72IYjFydMQume8ScSB7lPiZ09xwoZzuXKNsR23IG6bGyRtlRbCxd + IcKV00fgMrHdBBsyND9MWLwgEGqxp4YZbbPOFOGNP9JcAYTNI81+c/1BA3VWtg+N + BTEI2wP8/HXD9sfl7tVx0Lh/o48vIxe3Lu/obZaqaRn/HcYgXTqvUezEkna5gxs9 + n+sKHNBJnKLcNrF6WRahhOYApGff/aabgxlG1Ec= + =m714 + -----END PGP MESSAGE----- + fp: 99E83B7490B1A9F51781E6055317CE0D5CE1230B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/charts/blockscout-stack/values/e2e/values.yaml b/charts/blockscout-stack/values/e2e/values.yaml new file mode 100644 index 00000000..d60a484f --- /dev/null +++ b/charts/blockscout-stack/values/e2e/values.yaml @@ -0,0 +1,610 @@ +global: + env: e2e +# enable Blockscout deploy +blockscout: + app: blockscout + enabled: true + image: + _default: &image blockscout/blockscout:latest + replicas: + app: 1 + docker: + port: 80 + targetPort: 4000 + # init container + init: + enabled: true + image: + _default: *image + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: true + annotations: + - 'nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.blockscout-main.test.aws-k8s.blockscout.com, https://*.test.aws-k8s.blockscout.com, http://localhost:3000"' + - 'nginx.ingress.kubernetes.io/cors-allow-credentials: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH' + - 'nginx.ingress.kubernetes.io/enable-cors: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token"' + # - 'nginx.ingress.kubernetes.io/rewrite-target: /$2' + host: + _default: blockscout.test.aws-k8s.blockscout.com + # enable https + # + tls: + enabled: true + path: + prefix: + # - "/poa/sokol(/|$)(.*)" + - "/" + # probes + livenessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + readinessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "1" + requests: + memory: + _default: "1Gi" + cpu: + _default: "1" + # enable service to connect to RDS + rds: + enabled: false + endpoint: + _default: ..rds.amazonaws.com + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + # Blockscout environment variables + environment: + ENV: + _default: test + RESOURCE_MODE: + _default: account + PUBLIC: + _default: 'false' + PORT: + _default: 4000 + PORT_PG: + _default: 5432 + PORT_NETWORK_HTTP: + _default: 8545 + PORT_NETWORK_WS: + _default: 8546 + ETHEREUM_JSONRPC_VARIANT: + _default: geth + ETHEREUM_JSONRPC_TRACE_URL: + _default: http://geth-svc:8545 + ETHEREUM_JSONRPC_HTTP_URL: + _default: http://geth-svc:8545 + ETHEREUM_JSONRPC_WS_URL: + _default: ws://geth-svc:8546 + COIN: + _default: DAI + MIX_ENV: + _default: prod + ECTO_USE_SSL: + _default: 'false' + MICROSERVICE_SC_VERIFIER_URL: + _default: http://sc-verifier-svc:8050 + ACCOUNT_ENABLED: + _default: 'true' + CACHE_TOKEN_HOLDERS_COUNTER_PERIOD: + _default: '10' + CACHE_TOKEN_TRANSFERS_COUNTER_PERIOD: + _default: '10' + CACHE_BLOCK_COUNT_PERIOD: + _default: '10' + DISABLE_REALTIME_INDEXER: + _default: 'false' + BLOCKSCOUT_HOST: + _default: 'blockscout.test.aws-k8s.blockscout.com' + NETWORK_PATH: + _default: "/" + APPS_MENU: + _default: 'true' + EXTERNAL_APPS: + _default: '[{"title": "Marketplace", "url": "/apps"}]' + JSON_RPC: + _default: http://geth-svc:8545 + API_V2_ENABLED: + _default: 'true' + MICROSERVICE_SC_VERIFIER_ENABLED: + _default: 'true' + +postgres: + enabled: true + image: postgres:13.8 + port: 5432 + + command: '["docker-entrypoint.sh", "-c"]' + args: '["max_connections=300"]' + + customShm: + enabled: false + + files: + enabled: true + mountPath: /docker-entrypoint-initdb.d + list: + init.sql: | + CREATE DATABASE stats; + GRANT ALL PRIVILEGES ON DATABASE stats TO postgres; + + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "1" + requests: + memory: + _default: "1Gi" + cpu: + _default: "1" + + environment: + POSTGRES_USER: + _default: 'postgres' + POSTGRES_HOST_AUTH_METHOD: + _default: 'trust' +# enable geth deploy +geth: + enabled: true + image: + _default: ethereum/client-go:stable + replicas: + app: 1 + ports: + http: + number: 8545 + protocol: TCP + ws: + number: 8546 + protocol: TCP + auth: + number: 8551 + protocol: TCP + command: + - /bin/sh + - -c + - |- + /root/init.sh --fakepow --dev --dev.period=1 --datadir=/root/.ethereum/devnet --keystore=/root/.ethereum/devnet/keystore --password=/root/password.txt --unlock=0 --unlock=1 --mine --miner.threads=1 --miner.etherbase=0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266 --ipcpath=/root/geth.ipc --http --http.vhosts=* --http.addr=0.0.0.0 --http.port=8545 --http.api=eth,net,web3,debug,txpool --ws --ws.origins=* --ws.addr=0.0.0.0 --ws.port=8546 --ws.api=eth,net,web3,debug,txpool --graphql --graphql.corsdomain=* --allow-insecure-unlock --rpc.allow-unprotected-txs --http.corsdomain=* --vmdebug --networkid=1337 --rpc.txfeecap=0 + environment: {} + persistence: + enabled: false + resources: + limits: + memory: + _default: "2Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "2Gi" + cpu: + _default: "0.2" + # node label + nodeSelector: + enabled: true + labels: + app: blockscout + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: true + host: + _default: node.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: false + jwt: + enabled: false + files: + enabled: true +# enable Smart-contract-verifier deploy +scVerifier: + enabled: true + image: + _default: ghcr.io/blockscout/smart-contract-verifier:main + # enable ingress + ingress: + enabled: true + host: + _default: verifier.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + resources: + limits: + memory: + _default: "2Gi" + cpu: + _default: "2" + requests: + memory: + _default: "2Gi" + cpu: + _default: "2" + environment: + SMART_CONTRACT_VERIFIER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + SMART_CONTRACT_VERIFIER__SERVER__GRPC__ADDR: + _default: 0.0.0.0:8051 + # SMART_CONTRACT_VERIFIER__SOLIDITY__ENABLED: + # _default: 'true' + SMART_CONTRACT_VERIFIER__SOLIDITY__COMPILERS_DIR: + _default: /tmp/solidity-compilers + SMART_CONTRACT_VERIFIER__SOLIDITY__REFRESH_VERSIONS_SCHEDULE: + _default: 0 0 * * * * * + # It depends on the OS you are running the service on + # SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL: + # _default: https://solc-bin.ethereum.org/linux-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/macosx-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/windows-amd64/list.json + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__REGION: + _default: "" + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ENDPOINT: + _default: https://storage.googleapis.com + SMART_CONTRACT_VERIFIER__SOURCIFY__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__SOURCIFY__API_URL: + _default: https://sourcify.dev/server/ + SMART_CONTRACT_VERIFIER__SOURCIFY__VERIFICATION_ATTEMPTS: + _default: 3 + SMART_CONTRACT_VERIFIER__SOURCIFY__REQUEST_TIMEOUT: + _default: 10 + SMART_CONTRACT_VERIFIER__METRICS__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__METRICS__ADDR: + _default: 0.0.0.0:6060 + SMART_CONTRACT_VERIFIER__METRICS__ROUTE: + _default: /metrics + SMART_CONTRACT_VERIFIER__JAEGER__ENABLED: + _default: 'false' + RUST_LOG: + _default: 'debug' + +# enable stats deploy +stats: + enabled: true + image: + _default: ghcr.io/blockscout/stats:main + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: true + annotations: + - 'nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.blockscout-main.test.aws-k8s.blockscout.com, https://*.test.aws-k8s.blockscout.com, https://*.blockscout.com, http://localhost:3000"' + - 'nginx.ingress.kubernetes.io/cors-allow-credentials: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH' + - 'nginx.ingress.kubernetes.io/enable-cors: "true"' + host: + _default: stats-e2e.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + app: blockscout + + environment: + RUST_LOG: + _default: info + STATS__RUN_MIGRATIONS: + _default: true + STATS__TRACING__FORMAT: + _default: json + STATS__METRICS__ENABLED: + _default: true + +frontend: + app: blockscout + enabled: true + image: + _default: ghcr.io/blockscout/frontend:main + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + ingress: + enabled: true + # annotations: + # - 'nginx.ingress.kubernetes.io/use-regex: "true"' + host: + _default: blockscout.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + path: + exact: + # - "/(apps|auth/profile|account)" + - "/" + prefix: + # - "/(apps|auth/profile|account)" + - "/account" + - "/accounts" + - "/apps" + - "/_next" + - "/node-api" + - "/static" + - "/auth/profile" + - "/txs" + - "/tx" + - "/blocks" + - "/block" + - "/login" + - "/address" + - "/stats" + - "/token" + - "/tokens" + - "/search-results" + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.4" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + # node label + nodeSelector: + enabled: true + labels: + app: blockscout + environment: + NEXT_PUBLIC_BLOCKSCOUT_VERSION: + _default: v4.1.8-beta + NEXT_PUBLIC_FOOTER_GITHUB_LINK: + _default: https://github.com/blockscout/blockscout + NEXT_PUBLIC_FOOTER_TWITTER_LINK: + _default: https://www.twitter.com/blockscoutcom + NEXT_PUBLIC_APP_ENV: + _default: preview + NEXT_PUBLIC_APP_INSTANCE: + _default: unknown + NEXT_PUBLIC_FOOTER_TELEGRAM_LINK: + _default: https://t.me/poa_network + NEXT_PUBLIC_FOOTER_STAKING_LINK: + _default: https://duneanalytics.com/maxaleks/xdai-staking + NEXT_PUBLIC_NETWORK_NAME: + _default: Sokol + NEXT_PUBLIC_NETWORK_SHORT_NAME: + _default: POA + NEXT_PUBLIC_NETWORK_ASSETS_PATHNAME: + _default: poa + NEXT_PUBLIC_NETWORK_TYPE: + _default: poa_core + NEXT_PUBLIC_NETWORK_ID: + _default: 77 + NEXT_PUBLIC_NETWORK_CURRENCY_NAME: + _default: POA Network Sokol + NEXT_PUBLIC_NETWORK_CURRENCY_SYMBOL: + _default: SPOA + NEXT_PUBLIC_NETWORK_CURRENCY_DECIMALS: + _default: 18 + NEXT_PUBLIC_NETWORK_VERIFICATION_TYPE: + _default: validation + NEXT_PUBLIC_IS_ACCOUNT_SUPPORTED: + _default: 'true' + NEXT_PUBLIC_FEATURED_NETWORKS: + _default: https://raw.githubusercontent.com/blockscout/frontend-configs/main/configs/featured-networks/eth-goerli.json + NEXT_PUBLIC_API_HOST: + _default: blockscout.test.aws-k8s.blockscout.com + NEXT_PUBLIC_APP_HOST: + _default: blockscout.test.aws-k8s.blockscout.com + NEXT_PUBLIC_API_BASE_PATH: + _default: / + NEXT_PUBLIC_MARKETPLACE_SUBMIT_FORM: + _default: https://airtable.com/shrqUAcjgGJ4jU88C + NEXT_PUBLIC_MARKETPLACE_CONFIG_URL: + _default: https://raw.githubusercontent.com/blockscout/frontend-configs/main/configs/marketplace/eth-goerli.json + NEXT_PUBLIC_LOGOUT_URL: + _default: https://blockscoutcom.us.auth0.com/v2/logout + NEXT_PUBLIC_LOGOUT_RETURN_URL: + _default: http://blockscout.test.aws-k8s.blockscout.com/auth/logout + NEXT_PUBLIC_STATS_API_HOST: + _default: https://stats-e2e.test.aws-k8s.blockscout.com + NEXT_PUBLIC_NETWORK_RPC_URL: + _default: https://core.poa.network +# enable blockscout-allowance +allowance: + enabled: false + + image: + _default: ghcr.io/blockscout/blockscout-allowance:main + + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + ingress: + enabled: true + annotations: {} + host: + _default: blockscout-allowance.apps.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + createSecret: false + path: + prefix: + - "/" + exact: {} + + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + environment: {} + +# enable visualizer deploy +visualizer: + enabled: true + image: + _default: ghcr.io/blockscout/visualizer:latest + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + # metricsPort: 6060 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: true + host: + _default: visualizer.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + createSecret: false + + resources: + limits: + memory: + _default: "0.05Gi" + cpu: + _default: "0.05" + requests: + memory: + _default: "0.05Gi" + cpu: + _default: "0.05" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + readinessProbe: + enabled: true + path: /health + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: + VISUALIZER__SERVER__HTTP__ENABLED: + _default: 'true' + VISUALIZER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + VISUALIZER__SERVER__GRPC__ENABLED: + _default: 'false' + +# enable sig-provider deploy +sigProvider: + enabled: true + image: + _default: ghcr.io/blockscout/sig-provider:main + docker: + targetPort: 8043 + + # enable ingress + ingress: + enabled: true + host: + _default: sig-provider.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + createSecret: false + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + + environment: + SIG_PROVIDER__METRICS__ENABLED: + _default: 'true' + SIG_PROVIDER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8043 + SIG_PROVIDER__SERVER__GRPC__ENABLED: + _default: 'false' diff --git a/charts/blockscout-stack/values/gnosis/.sops.yaml b/charts/blockscout-stack/values/gnosis/.sops.yaml new file mode 100644 index 00000000..ca70dd5a --- /dev/null +++ b/charts/blockscout-stack/values/gnosis/.sops.yaml @@ -0,0 +1,6 @@ + +--- +creation_rules: + - path_regex: ^(.+/)?secrets\.yaml$ + pgp: >- + 99E83B7490B1A9F51781E6055317CE0D5CE1230B diff --git a/charts/blockscout-stack/values/gnosis/secrets.yaml b/charts/blockscout-stack/values/gnosis/secrets.yaml new file mode 100644 index 00000000..82333f13 --- /dev/null +++ b/charts/blockscout-stack/values/gnosis/secrets.yaml @@ -0,0 +1,106 @@ +blockscout: + environment: + ACCOUNT_USERNAME: + _default: ENC[AES256_GCM,data:n9Wc7xjBFdWHJNaKBwpVVykz3FbBtqicKdf6yD/kMLKuts/0Rv8vfQ20gSahIvSbbno=,iv:FRyRAwelWF1PHqbIJX09MH+VVqW53luYraLYq/A21j4=,tag:YUejqoXCZjWNUhRZ9emd+g==,type:str] + ACCOUNT_PASSWORD: + _default: ENC[AES256_GCM,data:JVEI0zxaV0pNe74DDB75gt0=,iv:v05W/HN2vzF85yuYWjJYDm1IWgYd2UdeMEnXgfVbYfo=,tag:+8afW2VG1z8ke78vM4N+Lw==,type:str] + MAILSLURP_API_KEY: + _default: ENC[AES256_GCM,data:8RffJ77fEUMK41bBeFbJDaqvvbVgtoSKbVItKkWl3TaV7V605qQLdRPPo9pc4wpWDYtMDPZ7du9rjjr8R16jpg==,iv:voau83nNEXZN65F/ZEno0TOEToCEHBNt7tiAFigIqlI=,tag:Q9Ozhcnz32aNmYiVg3c6Rw==,type:str] + MAILSLURP_EMAIL_ID: + _default: ENC[AES256_GCM,data:xTJjX9TJvcWNHGtlIPrsyI1FrQfTx5mz/ImA2PQjPWzo59q5,iv:mhu9H73Dg6q8aYhPU7+ly5HGJddUmLi3AuoAWePbvtc=,tag:wyi0Y7FH8zTwjtft5nAsLg==,type:str] + ACCOUNT_AUTH0_DOMAIN: + _default: ENC[AES256_GCM,data:dhZF85GiypKiyY3TBIuZfNhtTk+qMU0Kz9k=,iv:kEfANVJvafgxvjR7tYQc1S5JUJVfULPJJCKovBeBGgI=,tag:3Ct3Fe3Z3ptMTEnJyr7Ikg==,type:str] + ACCOUNT_AUTH0_CLIENT_ID: + _default: ENC[AES256_GCM,data:pSld6tuuYhncmzE5gGc3SADX/tdAEb5LEZnSL1mpnEc=,iv:DzM79h6dfNfgIGfyOR619Xds7tMFeyqg/lB44mhJV3Y=,tag:o7jJy6muYkcPFF7XbdtpYA==,type:str] + ACCOUNT_AUTH0_CLIENT_SECRET: + _default: ENC[AES256_GCM,data:UuREfWlWDbWBes9xhENm06vuySG5GjN3yE9AtYGy/kMZXPk33wZbbuNWgxX8Q8IOJx8DvmNXUE5/h1nh6vVPnA==,iv:BDmJCwipEkVZ/WM5j8F5LyUAtEtcpXzgkIzeyKZFvSU=,tag:2aUN9626VX6zgpfzd1qKBw==,type:str] + ACCOUNT_AUTH0_CALLBACK_URL: + _default: ENC[AES256_GCM,data:plsc90jh5ggPoyejhUsAWUA4XdiScMD9cSXgQU/j1xu005KHQudUAVEoWXIhb444gvufy5IQA5V1Eu5kagWk6w2BFNKGMkLw,iv:9QMEHCQ54s8/bFICXU05kZWUnIgV1KCzYpjdaG4KNFA=,tag:IQgfWKdffIRnb3/3EFSb7g==,type:str] + ACCOUNT_AUTH0_LOGOUT_RETURN_URL: + _default: ENC[AES256_GCM,data:jS7AbTVuIjk89s00wO5QzN6R+G61G4YQd+KfyVgXLTT7192fZU89yPYaJkVJZvxJzDp6xcN7viSHWLYmgTl5nQ==,iv:shI+ibsp/fHHPlZ5L9JRt6qcGIHKiSPQKIeLzbydfOU=,tag:XDtNLFOowaMjBvfR6OJoVA==,type:str] + ACCOUNT_AUTH0_LOGOUT_URL: + _default: ENC[AES256_GCM,data:FpIq9cXpqmBXpmVBj9seZB7vpbuJ5q+Iz5ChgL7+g6dgosufrO93tl4wsQk=,iv:DM4qKBrIyeQOmMMSPhEKiW26kEL0yHVA58na8tXZX0o=,tag:kTEy1KUinGUfe/cq1UARQA==,type:str] + ACCOUNT_SENDGRID_API_KEY: + _default: ENC[AES256_GCM,data:bThnhRnrnTvQ+4f/p7tH0j3F7IoHx9/9JUfOEnU+xkuoXTJvDOlrsj1PVgj0fQeYrE9cDv2lCO3esad3VajzA96Xbqav,iv:qDAg8am06D9LFcryySEa/1P82lyvOSC9BeTOtzpUEas=,tag:flUEez9YvQdewKJIYJycEA==,type:str] + ACCOUNT_SENDGRID_SENDER: + _default: ENC[AES256_GCM,data:jnaN7XRQnjAJ1oOcswIBiBE8ZWqT4Q==,iv:WJHNTmwzE5FgZcu8hqoSiwWjYlr9fARW0nZY+ci/2eI=,tag:Ks+yhmJCA9hscHUYk3e+9g==,type:str] + ACCOUNT_SENDGRID_TEMPLATE: + _default: ENC[AES256_GCM,data:26r5ti5xVwlf5Fr4vtNxmk1mYxg5DjcI9IO12WSI8dIlcA==,iv:hc9YA3Y0Lney3/+fpTeVEX0GuuxdhNJFpd4B30mGHOc=,tag:8k/GfGHzdylAwTs0QWFXQg==,type:str] + ACCOUNT_PUBLIC_TAGS_AIRTABLE_URL: + _default: ENC[AES256_GCM,data:b/+BmS5vj6rtKGFHdODTiMGAU05WG0MTT9rQtFXLkKPL+zv4ehKRB9vDa/FwlTNldkOFooIdDfys2H4fuKw=,iv:PvMXWccd47dZNdSWMnrSZceSTcgRNLelCB3F/UjcSkU=,tag:iwwRZrEUqyR5B84iUh5vkQ==,type:str] + ACCOUNT_PUBLIC_TAGS_AIRTABLE_API_KEY: + _default: ENC[AES256_GCM,data:aekJKcQxlb0xsS9MVoJ4+rI=,iv:RJQQsxoSfzSSL949za2BO6r/qta/jcdcjncSWKhLTr0=,tag:5YtSW7877zoyUyjpWng+Dw==,type:str] + ACCOUNT_CLOAK_KEY: + _default: ENC[AES256_GCM,data:kmbDlujc+JB7VNsMEwnlTXIC9zuN0smaYKYvmfMCVk484qe+1fbmhgeW0rM=,iv:b/sPf2xfGJgMgDL4UIF7K5iFuKJD3XfLIUI86E/Ltno=,tag:/lJj8VKQlYeDpsGYbqkVAg==,type:str] + SECRET_KEY_BASE: + _default: ENC[AES256_GCM,data:pojKRWQIlKeiqpGxEPe0p3n2VGe5zgBMvowU5jZzNofnoRXtgXPKdFpsWNPVzYtxFUOliNt5YmuIoQfobE1eaWqk2HVmQkvluSsJZuodkipFvc5bo5P1wzJGeOJ/hd+7dxYsdjKhqpWU1+OETpEy9VTxNCU8DzaIWPCddrS4Kt4=,iv:U7eTYtpNFcqXDbvGHX+P2WnQWhzBKMO3xZBiZVLXN4w=,tag:j0nNFBZhOBbI87bA8XjizQ==,type:str] + DATABASE_URL: + _default: ENC[AES256_GCM,data:9MKvBnelyJTdRBUuwL5oqmyBB4fphgYnQdKTzdL12gpNbDBdZTDVTeU/RHyL2rcuaHKLN6yEG10N6MZ4dEXAciQ=,iv:Uj3KA7kyRETJmW3LK41ziJsIpuq50PcggH7wDDOCSIw=,tag:gUswuDk7AefQerkqoRpKPg==,type:str] + ACCOUNT_DATABASE_URL: + _default: ENC[AES256_GCM,data:b6ZuCyEkINzvv2osvlQP8iTh4fwoivVCPOEKy5QRHs0cbVW4f3bp//HATPuAhD2T3MA/OSyqv5Xh6DpRjKPBV68=,iv:Yon9UJXtBmAXUX/G7BSKsbCT64eqM0nJ3AiMvgTxeRM=,tag:jWb4JgTI4b/bEbhgTuPBXg==,type:str] + ACCOUNT_REDIS_URL: + _default: ENC[AES256_GCM,data:a+lfkUrRstKt8sc/SqlDqr2d0iub9hy3ttzLklGirIuakYay5druY5Yma8WA5fy/E/LgsP0xTIbE2Xvd23L33tpOWeh1KuLsiM0W+D6NIInf,iv:s3mMrzKfw0OMsYScu1xaqfK6uTgR/Pp57FR+nvuK1lA=,tag:nkk22fDDQEr7UIKfCxTtHA==,type:str] + ETHEREUM_JSONRPC_TRACE_URL: + _default: ENC[AES256_GCM,data:WE/3lqciAdzCtJa9+mmscccn1l7WACx0Hw==,iv:+NTsqnzegDVtj6fOFboBeM0zkJgLWmeV+7IcXPFDChQ=,tag:T0wbtz0uJSK2UbPcR4aR4w==,type:str] + ETHEREUM_JSONRPC_HTTP_URL: + _default: ENC[AES256_GCM,data:JAPSPrqPW6cvLxZitWk1MjXfzwVsYqehBw==,iv:lxoIh4jsLN19zQv/+CNz7rqCXrW054S+zk6XN+Nr22w=,tag:V6IRiLNsh+nSFuvRoEZYww==,type:str] + ETHEREUM_JSONRPC_WS_URL: + _default: ENC[AES256_GCM,data:Lfib9uOw1+M7v/1OG7w0FjoZDRX9BwE=,iv:kRUXdJz2WtYLbM6LXovAADeQ84HsXJ9zPGh2gdoepfQ=,tag:ft0oQiJob7Q2I79CKRTy1A==,type:str] +scVerifier: + environment: + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ACCESS_KEY: + _default: ENC[AES256_GCM,data:WcboKrQ0ffyMGvR//cWuCT7sz+06Rvc3,iv:ceUD/0rajquxo3E1VX73rzuTXg+YSd9fadDSss4/F2M=,tag:zw+ZVcKdZ2QxOQ4RDpiDhg==,type:str] + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__SECRET_KEY: + _default: ENC[AES256_GCM,data:0Q4fPSKx3wu1jRW4a1TKGwdcuRG3iustHqoQRnzHZKBcXonHoa0qjw==,iv:GzYkKZ0RCpyMINHZSPiG7yT384J0wMrnTFYMnOy9EYU=,tag:IX/JNcxw1R3UHlpvdihRNA==,type:str] + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__BUCKET: + _default: ENC[AES256_GCM,data:p89bs0/NjUsmQ8ms/A==,iv:W/gXfPIAajBlK2KGn2NLaTyYwgQixbTtLjZKdL02ZI0=,tag:HaIqLb9suYmB5fJI1/Ghsg==,type:str] +postgres: + environment: + POSTGRES_PASSWORD: + _default: ENC[AES256_GCM,data:sL3yuVfpyRw=,iv:Dx+UOVcVaPjyeXaIMMEMRJC32L50R8TPK3iwR/APmJs=,tag:DSAw2Q45skw0pvctx1gPBQ==,type:str] + POSTGRES_DB: + _default: ENC[AES256_GCM,data:AeTupGw/FWZTMA==,iv:hMwGd/ctSD2gzDEfQ9dNb0XjAO2IBhhV+47meWDhQio=,tag:qF169hU9fjQ5J7pjtJSgYw==,type:str] +geth: + files: + list: + genesis.json: ENC[AES256_GCM,data:52IK/W78eh0vT1APmAXroNL8iHTR/1ojT7ZizAHD1Tdrcg8Gw/xdD9P9Ow2WqZEoLgkMbokOU5ESVMJTQatwSKm3lP83i0wKx7JIQ+JtxyyR3XyY3rblTY3R4v5f+ckiqRYDstzdMnt4XhOQAm6Q07JlN97spwdplNtWFPqTzIEv5/zF6AqDmUcgKT3cKqbafo5ahVOHPg/lt2LrsvuSGM/ENlq3OE6Z9JmZG7nKVrMRkqEleVcb8SLeOFRv+7rSiGhJ6Se1818I4dnWjQCx/KTLpiZJtwZmz2Vurrk2AskcN91P0SK8cDWiR2oR3OP2dke05luhB7EBHHkEXb/62FAhOk0wtBWEkVWSWDMSaPA2fhCciw3d+A/RM0iV9krzw4n4+WyPhSt43a0gVovSxRUkxfJGGqZj5GRT9j8E8bRLi9ZBdGbkGbEUmbv8cgYpMooBTj6rlzPHGP2kv7yJ4NngY6APws6NkIIK0OkHAsP1HFTF07Up5FEtFkUG9Tqr18RU62GnkWPyXvB0aFAHf60mCDkPGove4IPO74xOGUS2cMHxFR7NFo5lyzVwN1ndvkTpxh4JE2v7Nenn65etZq6vbX5O6xBrCBquM9XjZqRaolX0pdYOG8/jdrjNd2EyNimYFDjJ5VejjZV0Un/Z7vO+SHzKpiy+EaWAUNoIix7/XGk0/oL9n3B290t+9EmpqTAu/7CS5E5pq2F6wuDLqpkIZoW2Gxyg3qm7c9xPB2Wl9e6xG3Am8gsQZQ7wVSrmNIgmEFvTI2TufN/5OCxTOJhvoAkuA3EJvpWU9EsjmYAqy8uHa0gu4J+WN17yh2uMeMDKDg2vvekn+FYP0SrpFkBcQ4W2InTQF0BVmwIlrta6wBDVcKT37XxLGpV5C6W5HzMOQ/fnHnEauO4YY8HMvqtyV4wCbibbaM24/NvcYA9EeOKNmLAart4ZVK74jgZyFQVM0mTXm+uU0u8jLXuEAQt+vVSywuQr8Qa7VsWMjegW7+O5zPNJmv7AsB3eQz8kXTLGy4+BQ7PzXMnnuv1krDk70vK7e46oIj7Kmnguf+MQKHlmV+PXBbqjLeSdlfk+oUpoSCikWiPI1fBR41AY0DBgO68qb7b992ezpC25MSI69NX1/JYl/VDoO+2n6WrSUqDYHjQ7xbq+7n4QB3RiavQyASTeXNsNyxIlR+ZsZC29fZlssQKyY1653zVYwUVpBxUAuHX2ytqEMzUoodCFf3sXA4lUGJMEgq6/rsSpVwBt2xB83yWFCFQm/hJRqy3ZCmlk4DYVd/MVc/t2ODvQdg==,iv:HEVGR7XavGkCVRQs/ytln2gn5IIu4x42jeAhK8mAc00=,tag:7DcGtafYe2/qfpAUgqO3Xg==,type:str] + init.sh: ENC[AES256_GCM,data:cjFeSh57rgxDBxEYmMTLzIze//1jpqZuD2F9GAz4bapY0ykJS5VljH6Z62wfYM80Nhvy07xkQN1nuu5UHAdissr4QSFokpKZjCzbz+venbw/ug4dL0NDE8h2X6o3ciQJPe8jC6Ei+blRqkpiXEiDh6GDhOWNpCn6gLcAJPtePg/KiS/KAFm3PnOgjf+iGacuv4J2kzALlin9D6QQYsNyYHhjTH9YrBZZguAvPKdgQGGM3OniaJxx4FcET8aMjIrzVhD4ESwm/rFpKBF11HM1JysIjKOFDS65Z1sm62gdtk6iV6pEthr3Db2XJQL/BBPeL9VHUnLsC6GgZOvxML0rJcyO9yBlhwbtR65EymkSdacB5NXVzCig8Fb2IMhAHmGyEiFnFMBqOgUPwug95VfqTCwEvaxrEbOsGk5j/8w1ZkwTVE9OqlQziCM4gBrASxTRuclCVGazU1GQ4UiJb6i0bjDOP3/78h5PpmbO8NSGvU8IJCIik8G1UIsMpAsmTD8DbUC3ui5JC1VA9v4lu0r7awPOiaW/0anZkoE2FxJK/NsnrODTLXNlYcg7/STCHHSlwoev4E0ANMidGtTv+pamH40KtMxF4PlVbRJbG+FKQMOVuO5R4MJje3EteEyU4ph6hgZD6V1rYpG8iJNkF4RrCr6ZkfUbdp9mgAgiFNtINTyt0Uc868AGUHpRyre9y4fmf88p6IcF/oO1lyF3WeQf4D9zRShbUwnrx0ryPGtgz2idVuPOOJKUGYY9sQ==,iv:c7YKsFJsuMQjBOdyrUWHBD9s7S2lzuHi96Wt+52J4kc=,tag:hR2Y6CsWqCLyQRhKJFTe8A==,type:str] + password.txt: "" +frontend: + environment: + NEXT_PUBLIC_NETWORK_TOKEN_ADDRESS: + _default: ENC[AES256_GCM,data:iDjScwB2WgiYgk0xQZRlvL7/+TcdvHfdpx361OKX+cuJaNo5Mmlge73S,iv:JI66Yl+fJC8QiRaKcLzLwYo2O+chqWGZOhmzIVF1gfM=,tag:g+6pI9D1xnoAt57DdNAJMQ==,type:str] + NEXT_PUBLIC_AUTH0_CLIENT_ID: + _default: ENC[AES256_GCM,data:j45ae8bg6TtnePS5BvABQRxUOwqQhHHRkldqLxBUGcc=,iv:oX+aAz+TWvyRgRnWhWDGlYVLblSl8REET3r0CCY9QUw=,tag:dZo6HxAgJPOc8EL3uuGIPw==,type:str] +stats: + environment: + STATS__DB_URL: + _default: ENC[AES256_GCM,data:2bJ3ZiRPwRcM7l8ekR0g3aiFNa7LujTCsBCIdBCrb6bEFWAET40EKX8LMgC3vyzdiAM=,iv:hyf2vkUhMlCxSHvvMWfrv53KAvInuRAjO2i/wMtx9b4=,tag:18WPm0Q79dF99ltQZH5JoA==,type:str] + STATS__BLOCKSCOUT_DB_URL: + _default: ENC[AES256_GCM,data:LA3a1Wjw1A4HNJyniXK/eIW+imtcoHasWtczn8WpugATFmm68SgDYM47eviHIySb/AJOBFX1Gph1/cLL3CDcCw4=,iv:YUSlq0mP1TMI8Z8jwmyltUkYVYEU0i1cvk9vavIq48Y=,tag:4TM7dof1nzYvDV16aFaPwA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-01-31T13:50:01Z" + mac: ENC[AES256_GCM,data:X8ahskOGU7WgLovvSe2acqF64CxPShbXmLU6zK64PgrRONp4oLmqC0hHb0zFp2VSQl4tTyTToodUD2mYcehaWLp9Zs/Ht8ZB2F8vhig4T5piltUYRA8auTu0xK9Sfpm59pkT7WGuXjmyneKqhY0nm8612bbZGs0k23XIq6IAl5Y=,iv:0ZIid3HxG4cbr1xIMP0MnCnXUJwIK9G4dSpIH6f4Pb8=,tag:mJ7gFR6r5Xi+XwIcrNgEsw==,type:str] + pgp: + - created_at: "2022-09-22T09:52:10Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA1MXzg1c4SMLAQf/WD1CUDjWm2YTR58vg+T8WwLdFWpmLdqRlJVnKCPg0E13 + dJXaLmNf2wVLFfVJg3pVpIT9LXphER+y+85ZTm6GUA0HZz8UrklfuIL1xprptcHY + ocLPI7Jq6zbOEfakHlQX6AdA6Nl2DxZGSb0QWjjkC5UX9PfeTYQheHToiRwWEX2A + RrSm2yxzM6SXjUw6/895Il9lWzyJPbBp2EIeOqr2RkobPWRHJox7Sm0Mi91VXWMH + P8lQZjMBOE9n72IYjFydMQume8ScSB7lPiZ09xwoZzuXKNsR23IG6bGyRtlRbCxd + IcKV00fgMrHdBBsyND9MWLwgEGqxp4YZbbPOFOGNP9JcAYTNI81+c/1BA3VWtg+N + BTEI2wP8/HXD9sfl7tVx0Lh/o48vIxe3Lu/obZaqaRn/HcYgXTqvUezEkna5gxs9 + n+sKHNBJnKLcNrF6WRahhOYApGff/aabgxlG1Ec= + =m714 + -----END PGP MESSAGE----- + fp: 99E83B7490B1A9F51781E6055317CE0D5CE1230B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/charts/blockscout-stack/values/gnosis/values.yaml b/charts/blockscout-stack/values/gnosis/values.yaml new file mode 100644 index 00000000..f77ca9b6 --- /dev/null +++ b/charts/blockscout-stack/values/gnosis/values.yaml @@ -0,0 +1,547 @@ +global: + env: gnosis +# enable Blockscout deploy +blockscout: + app: blockscout + enabled: true + image: + _default: &image blockscout/blockscout:latest + replicas: + app: 1 + docker: + port: 80 + targetPort: 4000 + # init container + init: + enabled: true + image: + _default: *image + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: true + annotations: + - 'nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.blockscout-main.test.aws-k8s.blockscout.com, https://*.test.aws-k8s.blockscout.com, http://localhost:3000"' + - 'nginx.ingress.kubernetes.io/cors-allow-credentials: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH' + - 'nginx.ingress.kubernetes.io/enable-cors: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token"' + # - 'nginx.ingress.kubernetes.io/rewrite-target: /$2' + host: + _default: blockscout-gnosis.test.aws-k8s.blockscout.com + # enable https + # + tls: + enabled: true + path: + prefix: + # - "/poa/sokol(/|$)(.*)" + - "/" + # probes + livenessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 100 + periodSeconds: 100 + readinessProbe: + enabled: true + path: / + params: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "1" + requests: + memory: + _default: "1Gi" + cpu: + _default: "1" + # enable service to connect to RDS + rds: + enabled: false + endpoint: + _default: ..rds.amazonaws.com + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + # Blockscout environment variables + environment: + ENV: + _default: test + RESOURCE_MODE: + _default: account + PUBLIC: + _default: 'false' + PORT: + _default: 4000 + PORT_PG: + _default: 5432 + PORT_NETWORK_HTTP: + _default: 8545 + PORT_NETWORK_WS: + _default: 8546 + ETHEREUM_JSONRPC_VARIANT: + _default: nethermind + COIN: + _default: DAI + MIX_ENV: + _default: prod + ECTO_USE_SSL: + _default: 'false' + MICROSERVICE_SC_VERIFIER_URL: + _default: http://sc-verifier-svc:8043 + ACCOUNT_ENABLED: + _default: 'true' + DISABLE_REALTIME_INDEXER: + _default: 'false' + BLOCKSCOUT_HOST: + _default: 'blockscout-gnosis.test.aws-k8s.blockscout.com' + NETWORK_PATH: + _default: "/" + ETHEREUM_JSONRPC_DISABLE_ARCHIVE_BALANCES: + _default: 'true' + APPS_MENU: + _default: 'true' + EXTERNAL_APPS: + _default: '[{"title": "Marketplace", "url": "/apps"}]' + JSON_RPC: + _default: http://geth-svc:8545 + API_V2_ENABLED: + _default: 'true' + +postgres: + enabled: true + image: postgres:13.8 + port: 5432 + + command: '["docker-entrypoint.sh", "-c"]' + args: '["max_connections=300"]' + + customShm: + enabled: false + + files: + enabled: true + mountPath: /docker-entrypoint-initdb.d + list: + init.sql: | + CREATE DATABASE stats; + GRANT ALL PRIVILEGES ON DATABASE stats TO postgres; + + resources: + limits: + memory: + _default: "1Gi" + cpu: + _default: "1" + requests: + memory: + _default: "1Gi" + cpu: + _default: "1" + + environment: + POSTGRES_USER: + _default: 'postgres' + POSTGRES_HOST_AUTH_METHOD: + _default: 'trust' +# enable Smart-contract-verifier deploy +scVerifier: + enabled: true + image: + _default: ghcr.io/blockscout/smart-contract-verifier:main + replicas: + app: 1 + ports: + http: + number: 8050 + protocol: TCP + host: 'http.' + path: "/" + pathType: Prefix + grpc: + number: 8051 + protocol: TCP + host: 'grpc.' + path: "/" + pathType: Prefix + metrics: + number: 6060 + protocol: TCP + host: "metrics." + path: "/metrics" + pathType: Exact + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + # enable ingress + ingress: + enabled: true + host: + _default: verifier-gnosis.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + # node label + nodeSelector: + enabled: true + labels: + app: blockscout + # probes + livenessProbe: + enabled: true + # path: /health + readinessProbe: + enabled: true + # path: /health + # enable Horizontal Pod Autoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + environment: + SMART_CONTRACT_VERIFIER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + SMART_CONTRACT_VERIFIER__SERVER__GRPC__ADDR: + _default: 0.0.0.0:8051 + # SMART_CONTRACT_VERIFIER__SOLIDITY__ENABLED: + # _default: 'true' + SMART_CONTRACT_VERIFIER__SOLIDITY__COMPILERS_DIR: + _default: /tmp/solidity-compilers + SMART_CONTRACT_VERIFIER__SOLIDITY__REFRESH_VERSIONS_SCHEDULE: + _default: 0 0 * * * * * + # It depends on the OS you are running the service on + # SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL: + # _default: https://solc-bin.ethereum.org/linux-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/macosx-amd64/list.json + #SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL=https://solc-bin.ethereum.org/windows-amd64/list.json + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__REGION: + _default: "" + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__S3__ENDPOINT: + _default: https://storage.googleapis.com + SMART_CONTRACT_VERIFIER__SOURCIFY__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__SOURCIFY__API_URL: + _default: https://sourcify.dev/server/ + SMART_CONTRACT_VERIFIER__SOURCIFY__VERIFICATION_ATTEMPTS: + _default: 3 + SMART_CONTRACT_VERIFIER__SOURCIFY__REQUEST_TIMEOUT: + _default: 10 + SMART_CONTRACT_VERIFIER__METRICS__ENABLED: + _default: 'true' + SMART_CONTRACT_VERIFIER__METRICS__ADDR: + _default: 0.0.0.0:6060 + SMART_CONTRACT_VERIFIER__METRICS__ROUTE: + _default: /metrics + SMART_CONTRACT_VERIFIER__JAEGER__ENABLED: + _default: 'false' + +# enable stats deploy +stats: + enabled: true + image: + _default: ghcr.io/blockscout/stats:main + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + metricsPort: 6060 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: true + annotations: + - 'nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.blockscout-main.test.aws-k8s.blockscout.com, https://*.test.aws-k8s.blockscout.com, https://*.blockscout.com, http://localhost:3000"' + - 'nginx.ingress.kubernetes.io/cors-allow-credentials: "true"' + - 'nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH' + - 'nginx.ingress.kubernetes.io/enable-cors: "true"' + host: + _default: stats-gnosis.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + + resources: + limits: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + requests: + memory: + _default: "0.5Gi" + cpu: + _default: "0.25" + + # node label + nodeSelector: + enabled: true + app: blockscout + + environment: + RUST_LOG: + _default: info + STATS__RUN_MIGRATIONS: + _default: true + STATS__TRACING__FORMAT: + _default: json + STATS__METRICS__ENABLED: + _default: true + +frontend: + app: blockscout + enabled: true + image: + _default: ghcr.io/blockscout/frontend:main + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + ingress: + enabled: true + # annotations: + # - 'nginx.ingress.kubernetes.io/use-regex: "true"' + host: + _default: blockscout-gnosis.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + path: + exact: + # - "/(apps|auth/profile|account)" + - "/" + prefix: + # - "/(apps|auth/profile|account)" + - "/account" + - "/apps" + - "/_next" + - "/node-api" + - "/static" + - "/auth/profile" + - "/txs" + - "/tx" + - "/blocks" + - "/block" + - "/login" + - "/address" + - "/stats" + - "/token" + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + # node label + nodeSelector: + enabled: true + labels: + app: blockscout + environment: + NEXT_PUBLIC_BLOCKSCOUT_VERSION: + _default: v4.1.8-beta + NEXT_PUBLIC_FOOTER_GITHUB_LINK: + _default: https://github.com/blockscout/blockscout + NEXT_PUBLIC_FOOTER_TWITTER_LINK: + _default: https://www.twitter.com/blockscoutcom + NEXT_PUBLIC_APP_ENV: + _default: preview + NEXT_PUBLIC_APP_INSTANCE: + _default: unknown + NEXT_PUBLIC_FOOTER_TELEGRAM_LINK: + _default: https://t.me/poa_network + NEXT_PUBLIC_FOOTER_STAKING_LINK: + _default: https://duneanalytics.com/maxaleks/xdai-staking + NEXT_PUBLIC_NETWORK_NAME: + _default: Sokol + NEXT_PUBLIC_NETWORK_SHORT_NAME: + _default: POA + NEXT_PUBLIC_NETWORK_ASSETS_PATHNAME: + _default: poa + NEXT_PUBLIC_NETWORK_TYPE: + _default: poa_core + NEXT_PUBLIC_NETWORK_ID: + _default: 77 + NEXT_PUBLIC_NETWORK_CURRENCY_NAME: + _default: POA Network Sokol + NEXT_PUBLIC_NETWORK_CURRENCY_SYMBOL: + _default: SPOA + NEXT_PUBLIC_NETWORK_CURRENCY_DECIMALS: + _default: 18 + NEXT_PUBLIC_NETWORK_VERIFICATION_TYPE: + _default: validation + NEXT_PUBLIC_IS_ACCOUNT_SUPPORTED: + _default: 'true' + NEXT_PUBLIC_FEATURED_NETWORKS: + _default: "[{'title':'Gnosis Chain','url':'https://blockscout.com/xdai/mainnet','group':'mainnets','type':'xdai_mainnet'},{'title':'Optimism on Gnosis Chain','url':'https://blockscout.com/xdai/optimism','group':'mainnets','icon':'https://www.fillmurray.com/60/60','type':'xdai_optimism'},{'title':'Arbitrum on xDai','url':'https://blockscout.com/xdai/aox','group':'mainnets'},{'title':'Ethereum','url':'https://blockscout.com/eth/mainnet','group':'mainnets','type':'eth_mainnet'},{'title':'Ethereum Classic','url':'https://blockscout.com/etx/mainnet','group':'mainnets','type':'etc_mainnet'},{'title':'POA','url':'https://blockscout.com/poa/core','group':'mainnets','type':'poa_core'},{'title':'RSK','url':'https://blockscout.com/rsk/mainnet','group':'mainnets','type':'rsk_mainnet'},{'title':'Gnosis Chain Testnet','url':'https://blockscout.com/xdai/testnet','group':'testnets','type':'xdai_testnet'},{'title':'POA Sokol','url':'https://blockscout.com/poa/sokol','group':'testnets','type':'poa_sokol'},{'title':'ARTIS Σ1','url':'https://blockscout.com/artis/sigma1','group':'other','type':'artis_sigma1'},{'title':'LUKSO L14','url':'https://blockscout.com/lukso/l14','group':'other','type':'lukso_l14'},{'title':'Astar','url':'https://blockscout.com/astar','group':'other','type':'astar'}]" + NEXT_PUBLIC_API_HOST: + _default: blockscout-gnosis.test.aws-k8s.blockscout.com + NEXT_PUBLIC_APP_HOST: + _default: blockscout-gnosis.test.aws-k8s.blockscout.com + NEXT_PUBLIC_API_BASE_PATH: + _default: / + NEXT_PUBLIC_MARKETPLACE_SUBMIT_FORM: + _default: https://airtable.com/shrqUAcjgGJ4jU88C + NEXT_PUBLIC_MARKETPLACE_APP_LIST: + _default: "[{'author': 'Blockscout', 'id': 'token-approval-tracker', 'title': 'Token Approval Tracker', 'logo': 'https://approval-tracker.apps.blockscout.com/icon-192.png', 'categories': ['security', 'tools'], 'shortDescription': 'Token Approval Tracker shows all approvals for any ERC20-compliant tokens and NFTs and lets to revoke them or adjust the approved amount.', 'site': 'https://docs.blockscout.com/for-users/blockscout-apps/token-approval-tracker', 'description': 'Token Approval Tracker shows all approvals for any ERC20-compliant tokens and NFTs and lets to revoke them or adjust the approved amount.', 'url': 'https://approval-tracker.apps.blockscout.com/'},{'author': 'Revoke', 'id': 'revoke.cash', 'title':'Revoke.cash', 'logo': 'https://revoke.cash/assets/images/revoke.svg', 'categories': ['security', 'tools'], 'shortDescription': 'Revoke.cash comes in as a preventative tool to manage your token allowances and practice proper wallet hygiene. By regularly revoking active allowances you reduce the chances of becoming the victim of allowance exploits.', 'site': 'https://revoke.cash/about', 'description': 'Revoke.cash comes in as a preventative tool to manage your token allowances and practice proper wallet hygiene. By regularly revoking active allowances you reduce the chances of becoming the victim of allowance exploits.', 'url': 'https://revoke.cash/'},{'author': 'Hop', 'id': 'hop-exchange', 'title': 'Hop', 'logo': 'https://goerli.hop.exchange/static/media/hop-logo-black.36655970.svg', 'categories': ['tools'], 'shortDescription': 'Hop is a scalable rollup-to-rollup general token bridge. It allows users to send tokens from one rollup or sidechain to another almost immediately without having to wait for the networks challenge period.', 'site': 'https://help.hop.exchange/hc/en-us/articles/4405172445197-What-is-Hop-Protocol-', 'description': 'Hop is a scalable rollup-to-rollup general token bridge. It allows users to send tokens from one rollup or sidechain to another almost immediately without having to wait for the networks challenge period.', 'url': 'https://goerli.hop.exchange'}, {'author': 'Aave', 'id': 'aave', 'title': 'Aave', 'logo': 'https://staging.aave.com/aaveLogo.svg', 'categories': ['tools'], 'shortDescription': 'Aave is a decentralised non-custodial liquidity market protocol where users can participate as suppliers or borrowers. Suppliers provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion.', 'site': 'https://docs.aave.com/faq/', 'description': 'Aave is a decentralised non-custodial liquidity market protocol where users can participate as suppliers or borrowers. Suppliers provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion.', 'url': 'https://staging.aave.com/'}]" + NEXT_PUBLIC_LOGOUT_URL: + _default: https://blockscoutcom.us.auth0.com/v2/logout + NEXT_PUBLIC_LOGOUT_RETURN_URL: + _default: http://blockscout-gnosis.test.aws-k8s.blockscout.com/auth/logout + NEXT_PUBLIC_STATS_API_HOST: + _default: https://stats-gnosis.test.aws-k8s.blockscout.com +# enable blockscout-allowance +allowance: + enabled: false + + image: + _default: ghcr.io/blockscout/blockscout-allowance:main + + replicas: + app: 1 + docker: + port: 80 + targetPort: 3000 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + ingress: + enabled: true + annotations: {} + host: + _default: blockscout-allowance.apps.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + createSecret: false + path: + prefix: + - "/" + exact: {} + + resources: + limits: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + requests: + memory: + _default: "0.3Gi" + cpu: + _default: "0.2" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + environment: {} + +# enable visualizer deploy +visualizer: + enabled: true + image: + _default: ghcr.io/blockscout/visualizer:latest + + replicas: + app: 1 + docker: + port: 80 + targetPort: 8050 + # metricsPort: 6060 + + service: + # ClusterIP, NodePort or LoadBalancer + type: ClusterIP + + # enable ingress + ingress: + enabled: true + host: + _default: visualizer-gnosis.test.aws-k8s.blockscout.com + # enable https + tls: + enabled: true + createSecret: false + + resources: + limits: + memory: + _default: "0.05Gi" + cpu: + _default: "0.05" + requests: + memory: + _default: "0.05Gi" + cpu: + _default: "0.05" + + # node label + nodeSelector: + enabled: true + labels: + _default: + app: blockscout + + # probes + livenessProbe: + enabled: true + path: /health + readinessProbe: + enabled: true + path: /health + + # enable Horizontal Pod Autoscaler + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 10 + cpuTarget: 90 + + environment: + VISUALIZER__SERVER__HTTP__ENABLED: + _default: 'true' + VISUALIZER__SERVER__HTTP__ADDR: + _default: 0.0.0.0:8050 + VISUALIZER__SERVER__GRPC__ENABLED: + _default: 'false'