Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

feature: Helm chart for Kubernetes deployment #1124

Closed
wants to merge 2 commits into from
Closed

feature: Helm chart for Kubernetes deployment #1124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a1de3cb
Adding helm chart support
ausias-armesto May 16, 2023
602f811
helm: Add build and push helper script
tolbrino Jul 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,6 @@ dump.rdb
**/venv

*.DS_Store*

# helm packages
safe-client-gateway-*.tgz
1 change: 1 addition & 0 deletions charts/safe-client-gateway/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
values-testing.yaml
8 changes: 8 additions & 0 deletions charts/safe-client-gateway/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v2
name: safe-client-gateway
version: 0.1.1
appVersion: v3.53.0
description: A Helm chart for installing Safe Client Gateway
type: application
icon: "https://raw.githubusercontent.com/safe-global/safe-core-sdk/main/assets/logo.png"
56 changes: 56 additions & 0 deletions charts/safe-client-gateway/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# Safe Client Gateway Chart

This chart packages the Safe Client Gateway resources. The chart assumes that there is already an existing Redis instance available and connection attribute should be passed in the values of the Helm Chart

## Parameters

### Common parameters

| Name | Description | Value |
| ------------------ | -------------------------------------------------- | ----- |
| `nameOverride` | String to partially override common.names.fullname | `""` |
| `fullnameOverride` | String to fully override common.names.fullname | `""` |

### Installation Parameters

| Name | Description | Value |
| -------------------------- | ---------------------------------------------------------------- | ----------------------------------- |
| `replicas` | Replicas for deployment | `1` |
| `strategy` | Strategy for deployment | `Recreate` |
| `commonLabels` | Labels to add to all related objects | `{}` |
| `commonAnnotations` | Annotations to to all related objects | `{}` |
| `ingress.ingressClassName` | Name of the ingress class name to be used | `""` |
| `ingress.hostname` | Default host for the ingress record | `safe-client-gateway.cluster.local` |
| `ingress.annotations` | Annotations to be added to ingress resources | `{}` |
| `nodeSelector` | Object containing node selection constraint to deployment | `{}` |
| `resources` | Resource specification to deployment | `{}` |
| `tolerations` | Tolerations specifications to deployment | `[]` |
| `affinity` | Affinity specifications to deployment | `{}` |
| `image.registry` | Docker registry to deployment | `registry.hub.docker.com` |
| `image.repository` | Docker image repository to deployment | `safeglobal/safe-client-gateway` |
| `image.tag` | Docker image tag to deployment | `""` |
| `image.pullPolicy` | Pull policy to deployment as deinfed in | `IfNotPresent` |
| `service.type` | service type | `ClusterIP` |
| `service.ports.number` | service port number | `80` |
| `service.ports.name` | service port name | `api` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |

### Config Service Parameters

| Name | Description | Value |
| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `config.configServiceEndpoint` | The Base URL of the Safe Config Service | `https://safe.cluster.local/cfg/` |
| `config.secretKey` | Rocket Secret Key. | `""` |
| `config.webToken` | Client Gateway Web Token | `""` |
| `config.transactionServiceToken` | Client Gateway Web Token | `""` |
| `config.secretReferenceKey` | Reference to an existing secret containing the following entries: ROCKET_SECRET_KEY, WEBHOOK_TOKEN, TRANSACTION_SERVICE_AUTH_TOKEN | `""` |
| `config.extraEnvVars` | Add additional extra environment vairables to the configMap | `{}` |
| `config.logLevel` | Allowed hosts | `normal` |
| `config.redis.secretReferenceKey` | Reference to an existing secret containing the following entries: REDIS_URI | `""` |
| `config.redis.password` | Redis user's password | `""` |
| `config.redis.host` | Redis server host | `""` |
| `config.redis.port` | Redis server port | `6379` |
| `config.redisMainnet.secretReferenceKey` | Reference to an existing secret containing the following entries: REDIS_URI_MAINNET | `""` |
| `config.redisMainnet.password` | Redis user's password | `""` |
| `config.redisMainnet.host` | Redis server host | `""` |
| `config.redisMainnet.port` | Redis server port | `6379` |
1 change: 1 addition & 0 deletions charts/safe-client-gateway/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[INFO] Safe Config Service Helm chart deployed successfully
64 changes: 64 additions & 0 deletions charts/safe-client-gateway/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "safe-client-gateway.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "safe-client-gateway.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "safe-client-gateway.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Default labels
*/}}
{{- define "safe-client-gateway.labels" -}}
helm.sh/chart: {{ include "safe-client-gateway.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ include "safe-client-gateway.name" . }}

{{- end }}

{{/*
Redis Secret
*/}}
{{- define "safe-client-gateway.redis-secret" -}}
{{- if .Values.config.redis.secretReferenceKey -}}
{{- .Values.config.redis.secretReferenceKey }}
{{- else -}}
{{ include "safe-client-gateway.name" . }}-redis
{{- end -}}
{{- end -}}

{{/*
Redis Mainnet Secret
*/}}
{{- define "safe-client-gateway.redis-mainnet-secret" -}}
{{- if .Values.config.redisMainnet.secretReferenceKey -}}
{{- .Values.config.redisMainnet.secretReferenceKey }}
{{- else -}}
{{ include "safe-client-gateway.name" . }}-redis-mainnet
{{- end -}}
{{- end -}}
37 changes: 37 additions & 0 deletions charts/safe-client-gateway/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
data:
ROCKET_ADDRESS: 0.0.0.0
SCHEME: http
EXCHANGE_API_BASE_URI: http://api.exchangeratesapi.io/latest

CONFIG_SERVICE_URI: {{ .Values.config.configServiceEndpoint }}
ROCKET_LOG_LEVEL: {{ .Values.config.logLevel }}
ROCKET_PORT: {{ .Values.service.ports.number | quote }}

# Hardcoded parameters
FEATURE_FLAG_NESTED_DECODING: "true"
FEATURE_FLAG_BALANCES_RATE_IMPLEMENTATION: "false"
RUST_LOG: "safe_client_gateway=error,safe_client_gateway::monitoring=info"
LOG_ALL_ERROR_RESPONSES: "false"
VPC_TRANSACTION_SERVICE_URI: "true"
CONCURRENT_BALANCE_TOKEN_REQUESTS: "5"
INTERNAL_CLIENT_CONNECT_TIMEOUT: "10000"
SAFE_APP_INFO_REQUEST_TIMEOUT: "10000"
CHAIN_INFO_REQUEST_TIMEOUT: "15000"
{{- if .Values.config.extraEnvVars }}
{{ .Values.config.extraEnvVars | toYaml | nindent 2 }}
{{- end }}
89 changes: 89 additions & 0 deletions charts/safe-client-gateway/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
strategy:
type: {{ .Values.strategy }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ include "safe-client-gateway.name" . }}
app.kubernetes.io/name: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/instance: {{ include "safe-client-gateway.name" . }}
app.kubernetes.io/name: {{ .Release.Name }}
spec:
containers:
- name: config
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else }}
resources:
limits:
cpu: 2000m
memory: 8192Mi
requests:
cpu: 1000m
memory: 2048Mi
{{- end }}
envFrom:
- configMapRef:
name: {{ include "safe-client-gateway.fullname" . }}
- secretRef:
{{- if .Values.config.secretReferenceKey }}
name: {{ .Values.config.secretReferenceKey }}
{{- else }}
name: {{ include "safe-client-gateway.fullname" . }}
{{- end }}
- secretRef:
name: {{ include "safe-client-gateway.redis-secret" . }}
- secretRef:
name: {{ include "safe-client-gateway.redis-mainnet-secret" . }}
ports:
- containerPort: {{ .Values.service.ports.number }}
name: {{ .Values.service.ports.name }}
protocol: TCP
# volumeMounts:
# - name: tmp-volume
# mountPath: /tmp
serviceAccountName: {{ include "safe-client-gateway.fullname" . }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
# volumes:
# - name: tmp-volume
# emptyDir: {}

34 changes: 34 additions & 0 deletions charts/safe-client-gateway/templates/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.ingress.annotations }}
{{- .Values.ingress.annotations | toYaml | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
rules:
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ include "safe-client-gateway.fullname" . }}
port:
name: {{ .Values.service.ports.name }}
tls:
- hosts:
- {{ .Values.ingress.hostname }}
secretName: {{ .Values.ingress.hostname }}-tls
53 changes: 53 additions & 0 deletions charts/safe-client-gateway/templates/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "safe-client-gateway.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "safe-client-gateway.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
21 changes: 21 additions & 0 deletions charts/safe-client-gateway/templates/secret-redis-mainnet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
{{- if not .Values.config.redisMainnet.secretReferenceKey }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "safe-client-gateway.fullname" . }}-redis-mainnet
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "safe-client-gateway.labels" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- .Values.commonLabels | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- .Values.commonAnnotations | toYaml | nindent 4 }}
{{- end }}
type: Opaque
data:
# Format redis://redis-ha.redis.svc.cluster.stage:6379/0
REDIS_URI_MAINNET: "{{- printf "redis://%s@%s:%s" .Values.config.redisMainnet.password .Values.config.redisMainnet.host .Values.config.redisMainnet.port | b64enc -}}"
{{- end }}
Loading
Loading