From 25e5167b0a0d4a96e59b472e77cddc19117ae186 Mon Sep 17 00:00:00 2001 From: Max Kaplan Date: Sun, 14 Jul 2024 14:02:54 -0400 Subject: [PATCH 1/2] nethermind: adding secret name override --- charts/nethermind/templates/statefulset.yaml | 25 +++++++++++------ charts/nethermind/values.yaml | 28 ++++++++++++++++++++ 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/charts/nethermind/templates/statefulset.yaml b/charts/nethermind/templates/statefulset.yaml index 275a7ddf7..b9c160abf 100644 --- a/charts/nethermind/templates/statefulset.yaml +++ b/charts/nethermind/templates/statefulset.yaml @@ -114,7 +114,7 @@ spec: --JsonRpc.Port={{ .Values.jsonrpc.ports.rest }} --JsonRpc.WebSocketsPort={{ .Values.jsonrpc.ports.websocket }} {{- end }} - {{- if .Values.global.JWTSecret }} + {{- if or .Values.global.JWTSecret .Values.global.secretNameOverride }} --JsonRpc.JwtSecretFile=/secret/jwtsecret --JsonRpc.EnginePort={{ .Values.jsonrpc.engine.port }} --JsonRpc.EngineHost={{ .Values.jsonrpc.engine.host }} @@ -160,7 +160,7 @@ spec: containerPort: {{ .Values.jsonrpc.ports.websocket }} protocol: TCP {{- end }} - {{- if .Values.global.JWTSecret }} + {{- if or .Values.global.JWTSecret .Values.global.secretNameOverride }} - name: engine protocol: TCP containerPort: {{ .Values.jsonrpc.engine.port }} @@ -181,13 +181,16 @@ spec: volumeMounts: - name: data mountPath: /data/nethermind - {{- if .Values.global.JWTSecret }} + {{- if or .Values.global.JWTSecret .Values.global.secretNameOverride }} - name: jwtsecret mountPath: /secret readOnly: true {{- end }} - name: env-nodeport mountPath: /env + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.jsonrpc.enabled }} @@ -199,11 +202,14 @@ spec: value: "{{ .Values.sidecar.bindAddr }}:{{ .Values.sidecar.bindPort }}" - name: CLIENT_PORT value: {{ .Values.jsonrpc.ports.rest | quote }} - {{- if .Values.global.JWTSecret }} + {{- if or .Values.global.JWTSecret .Values.global.secretNameOverride }} - name: CLIENT_AUTHORIZATIONTYPE value: "bearer" - name: CLIENT_JWTSECRET - value: {{ .Values.global.JWTSecret | quote }} + valueFrom: + secretKeyRef: + name: {{ coalesce .Values.global.secretNameOverride (include "common.names.fullname" .) }} + key: jwtsecret {{- end }} ports: - containerPort: {{ .Values.sidecar.bindPort }} @@ -235,10 +241,10 @@ spec: {{- end }} {{- end }} volumes: - {{- if .Values.global.JWTSecret }} + {{- if or .Values.global.JWTSecret .Values.global.secretNameOverride }} - name: jwtsecret secret: - secretName: {{ include "common.names.fullname" . }} + secretName: {{ coalesce .Values.global.secretNameOverride (include "common.names.fullname" .) }} {{- end }} - name: env-nodeport emptyDir: {} @@ -246,6 +252,9 @@ spec: - name: data emptyDir: {} {{- else }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: data @@ -261,4 +270,4 @@ spec: resources: requests: storage: {{ .Values.persistence.size | quote }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/nethermind/values.yaml b/charts/nethermind/values.yaml index 8732d9d53..d283fbe36 100644 --- a/charts/nethermind/values.yaml +++ b/charts/nethermind/values.yaml @@ -16,6 +16,12 @@ global: ## JWTSecret: "" + ## If you would like the JSON Web Token (JWT) to be managed by a secert outside + ## of this chart, an existing secret name can be passed here. If specified, JWTSecret should not be set. + ## jwtsecret should be the key of the token in the secret. + ## + secretNameOverride: "" + ## Credentials to fetch images from private registry ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## @@ -405,3 +411,25 @@ metrics: ## Custom Prometheus rules ## rules: [] + +## Specify extra volumes which can be useful for for things like SecretProviderClass. +## Useful if secretNameOverride is passed. +## ref: https://kubernetes.io/docs/concepts/storage/volumes/ +## +extraVolumes: {} +# - name: vault +# csi: +# driver: secrets-store.csi.k8s.io +# readOnly: true +# volumeAttributes: +# secretProviderClass: "nethermind" + +## Specify extra volume mounts which can be useful for things like SecretProviderClass. +## Useful if secretNameOverride is passed. +## ref: https://kubernetes.io/docs/concepts/storage/volumes/ +## +extraVolumeMounts: {} +# An example is listed below on how to specify an extra volume mount using SecretProviderClass +# - name: 'vault' +# mountPath: '/mnt/secrets-store' +# readOnly: true \ No newline at end of file From 46a3032ce2de769297837748debde736496cc4e3 Mon Sep 17 00:00:00 2001 From: Max Kaplan Date: Wed, 17 Jul 2024 21:02:54 -0400 Subject: [PATCH 2/2] bumping nethermind chart version --- charts/nethermind/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nethermind/Chart.yaml b/charts/nethermind/Chart.yaml index 5f74e1cb5..37ce19982 100644 --- a/charts/nethermind/Chart.yaml +++ b/charts/nethermind/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: nethermind description: .NET Core Ethereum client type: application -version: 2.5.4 +version: 2.5.5 appVersion: "v1.27.0" icon: https://storage.googleapis.com/stakewise-charts/stakewise.png keywords: