forked from taikoxyz/taiko-helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
332 lines (291 loc) · 8.78 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
# -- Overrides the chart's name
nameOverride: ""
# -- Overrides the chart's computed fullname
fullnameOverride: ""
# -- Number of replicas
replicas: 1
image:
# -- web3signer container image repository
repository: consensys/web3signer
# -- web3signer container image tag
tag: latest
# -- web3signer container pull policy
pullPolicy: IfNotPresent
# -- Extra args for the web3signer container
extraArgs: []
## Example for web3signer network selection
# - --network=mainnet
# -- Command replacement for the web3signer container
customCommand: [] # Only change this if you need to change the default command
# -- Config file
# @default -- See `values.yaml`
config: |
data-path: "/data"
http-listen-port: {{ .Values.httpPort }}
http-listen-host: 0.0.0.0
http-host-allowlist: "*"
{{- if .Values.slashingprotectiondb.enabled }}
eth2.slashing-protection-db-url: "jdbc:postgresql://{{ .Release.Name }}-slashingprotectiondb/{{ .Values.slashingprotectiondb.primary.name }}"
eth2.slashing-protection-db-username: {{ .Values.slashingprotectiondb.primary.initdb.user }}
eth2.slashing-protection-db-password: {{ .Values.slashingprotectiondb.primary.initdb.password }}
eth2.slashing-protection-pruning-enabled: true
{{- end }}
{{- if .Values.serviceMonitor.enabled }}
metrics-enabled: true
metrics-port: {{ .Values.metricsPort }}
metrics-host: 0.0.0.0
metrics-host-allowlist: "*"
{{- end }}
ingress:
# -- Ingress resource for the HTTP API
enabled: false
# -- Annotations for Ingress
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# -- Ingress host
hosts:
- host: chart-example.local
paths: []
# -- Ingress TLS
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# - HTTP port for web3signer interface
httpPort: 9000
# - Metrics port for web3signer interface
metricsPort: 9001
service:
# -- Service type
type: ClusterIP
# -- Affinity configuration for pods
affinity: {}
# -- Image pull secrets for Docker images
imagePullSecrets: []
# -- Annotations for the StatefulSet
annotations: {}
# -- Liveness probe
# @default -- See `values.yaml`
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 120
# -- Readiness probe
# @default -- See `values.yaml`
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 10
# -- Node selector for pods
nodeSelector: {}
# -- Pod labels
podLabels: {}
# -- Pod annotations
podAnnotations: {}
# -- Pod management policy
podManagementPolicy: OrderedReady
# -- Pod priority class
priorityClassName: null
# -- Resource requests and limits
resources: {}
# limits:
# cpu: 500m
# memory: 2Gi
# requests:
# cpu: 300m
# memory: 1Gi
# -- The security context for pods
# @default -- See `values.yaml`
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
# -- The security context for containers
# @default -- See `values.yaml`
containerSecurityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- How long to wait until the pod is forcefully terminated
terminationGracePeriodSeconds: 300
# -- Tolerations for pods
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# -- Topology Spread Constraints for pods
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints: []
# -- Define the PodDisruptionBudget spec
# If not set then a PodDisruptionBudget will not be created
podDisruptionBudget: {}
# minAvailable: 1
# maxUnavailable: 1
# -- Update stategy for the Statefulset
updateStrategy:
# -- Update stategy type
type: RollingUpdate
# -- Additional init containers
initContainers: []
# - name: my-init-container
# image: busybox:latest
# command: ['sh', '-c', 'echo hello']
# -- Additional containers
extraContainers: []
# -- Additional volumes
extraVolumes: []
# -- Additional volume mounts
extraVolumeMounts: []
# -- Additional ports. Useful when using extraContainers
extraPorts: []
# -- Additional env variables
extraEnv: []
# -- Additional env variables injected via a created secret
secretEnv: {}
initChownData:
# -- Init container to set the correct permissions to access data directories
enabled: true
image:
# -- Container repository
repository: busybox
# -- Container tag
tag: "1.34.1"
# -- Container pull policy
pullPolicy: IfNotPresent
# -- Resource requests and limits
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
# -- Uses an EmptyDir when not enabled
enabled: true
# -- Use an existing PVC when persistence.enabled
existingClaim: null
# -- Access mode for the volume claim template
accessModes:
- ReadWriteOnce
# -- Requested size for volume claim template
size: 1Gi
# -- Use a specific storage class
# E.g 'local-path' for local storage to achieve best performance
# Read more (https://github.com/rancher/local-path-provisioner)
storageClassName: null
# -- Annotations for volume claim template
annotations: {}
# -- Selector for volume claim template
selector: {}
# matchLabels:
# app.kubernetes.io/name: something
serviceMonitor:
# -- If true, a ServiceMonitor CRD is created for a prometheus operator
# https://github.com/coreos/prometheus-operator
enabled: false
# -- Path to scrape
path: /metrics
# -- Alternative namespace for ServiceMonitor
namespace: null
# -- Additional ServiceMonitor labels
labels: {}
# -- Additional ServiceMonitor annotations
annotations: {}
# -- ServiceMonitor scrape interval
interval: 1m
# -- ServiceMonitor scheme
scheme: http
# -- ServiceMonitor TLS configuration
tlsConfig: {}
# -- ServiceMonitor scrape timeout
scrapeTimeout: 30s
# -- ServiceMonitor relabelings
relabelings: []
slashingprotectiondb:
# -- If enabled a postgres chart will be deployed as a dependency to be used as a slashing protection database
enabled: true
auth:
enablePostgresUser: true
postgresPassword: postgres
primary:
name: web3signer
extraVolumes:
- name: sql-scripts
emptyDir: {}
extraVolumeMounts:
- name: sql-scripts
mountPath: "/sql-scripts"
initContainers:
- name: init-sql-migration-scripts
image: bash:latest
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
runAsUser: 0
command:
- bash
- -cex
- |
cd /sql-scripts
BASE_URL="https://raw.githubusercontent.com/ConsenSys/web3signer/master/slashing-protection/src/main/resources/migrations/postgresql"
MIGRATIONS=(
"V00001__initial.sql"
"V00002__removeUniqueConstraints.sql"
"V00003__addLowWatermark.sql"
"V00004__addGenesisValidatorsRoot.sql"
"V00005__xnor_source_target_low_watermark.sql"
"V00006__signed_data_indexes.sql"
"V00007__add_db_version.sql"
"V00008__signed_data_unique_constraints.sql"
"V00009__upsert_validators.sql"
"V00010__validator_enabled_status.sql"
"V00011__bigint_indexes.sql"
"V00012__add_highwatermark_metadata.sql"
)
for MIGRATION in "${MIGRATIONS[@]}"; do
if [ ! -f "/sql-scripts/$MIGRATION" ]; then
wget "$BASE_URL/$MIGRATION"
fi
done
volumeMounts:
- name: sql-scripts
mountPath: "/sql-scripts"
initdb:
user: postgres
password: postgres
scripts:
init_01_db.sh: |
#!/bin/sh
export PGPASSWORD=postgres
DB_EXISTS=$(psql -U postgres -h 127.0.0.1 -t -c "SELECT 1 FROM pg_database WHERE datname='web3signer'")
if [ -z "$DB_EXISTS" ]; then
psql -U postgres -h 127.0.0.1 -c "CREATE DATABASE web3signer;"
fi
init_02_db.sh: |
#!/bin/sh
export PGPASSWORD=postgres
cd /sql-scripts
for FILE in *.sql; do
COMPLETED_FILE="${FILE}.completed"
if [ ! -f "$COMPLETED_FILE" ]; then
psql -U postgres -h 127.0.0.1 -d web3signer -f $FILE && touch "$COMPLETED_FILE"
fi
done
persistence:
# -- Uses an EmptyDir when not enabled
enabled: true
size: 1Gi