From 0149888d3ba42a61820516e0969ec56eee83ab97 Mon Sep 17 00:00:00 2001 From: Nick Zenchik Date: Tue, 10 Dec 2024 21:23:18 +0400 Subject: [PATCH] [blockscout-stack] Adding support for NFT storage --- .github/workflows/pre-release.yaml | 34 ++++ charts/blockscout-stack/CHANGELOG.md | 7 + charts/blockscout-stack/Chart.yaml | 2 +- .../templates/blockscout-deployment.yaml | 173 ++++++++++++++++++ .../templates/blockscout-migration-job.yaml | 4 + .../templates/blockscout-secret.yaml | 21 +++ .../templates/blockscout-service.yaml | 74 ++++++++ charts/blockscout-stack/values.yaml | 15 ++ 8 files changed, 329 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pre-release.yaml diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml new file mode 100644 index 0000000..752f0b3 --- /dev/null +++ b/.github/workflows/pre-release.yaml @@ -0,0 +1,34 @@ +name: Pre Release Charts + +on: + pull_request: + +jobs: + release: + permissions: + contents: write # to push chart release and create a release (helm/chart-releaser-action) + + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Fetch history + run: git fetch --prune --unshallow + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Set up Helm + uses: azure/setup-helm@v3.5 + with: + version: v3.11.2 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.5.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: true + CR_RELEASE_NAME_TEMPLATE: {{ .Name }}-{{ .Version }}-rc + CR_MAKE_RELEASE_LATEST: false \ No newline at end of file diff --git a/charts/blockscout-stack/CHANGELOG.md b/charts/blockscout-stack/CHANGELOG.md index d6b6669..deec97b 100644 --- a/charts/blockscout-stack/CHANGELOG.md +++ b/charts/blockscout-stack/CHANGELOG.md @@ -1,5 +1,12 @@ # ChangeLog +## 1.9.0 + +### Feature + +- Adding support for NFT storage +- Adding security context for migration jobs + ## 1.8.0 ### Feature diff --git a/charts/blockscout-stack/Chart.yaml b/charts/blockscout-stack/Chart.yaml index a60134a..da3386d 100644 --- a/charts/blockscout-stack/Chart.yaml +++ b/charts/blockscout-stack/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.8.0 +version: 1.9.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/blockscout-stack/templates/blockscout-deployment.yaml b/charts/blockscout-stack/templates/blockscout-deployment.yaml index 5aac089..5306b0f 100644 --- a/charts/blockscout-stack/templates/blockscout-deployment.yaml +++ b/charts/blockscout-stack/templates/blockscout-deployment.yaml @@ -36,6 +36,8 @@ spec: {{- if and .Values.blockscout.init.enabled (not .Values.blockscout.separateApi.enabled) }} initContainers: - name: init-migrations + securityContext: + {{- toYaml .Values.blockscout.securityContext | nindent 12 }} image: "{{ .Values.blockscout.image.repository }}:{{ .Values.blockscout.image.tag }}" resources: {{- toYaml .Values.blockscout.resources | nindent 12 }} @@ -116,6 +118,17 @@ spec: - name: http containerPort: 4000 protocol: TCP + {{- if and .Values.blockscout.nftStorage.enabled (not .Values.blockscout.separateApi.enabled) }} + - name: epmd + containerPort: 4369 + protocol: TCP + - name: epmd-dyn-1 + containerPort: 9138 + protocol: TCP + - name: epmd-dyn-2 + containerPort: 9139 + protocol: TCP + {{- end }} env: {{- if .Values.blockscout.separateApi.enabled }} - name: APPLICATION_MODE @@ -126,6 +139,20 @@ spec: {{- end }} - name: PORT value: "4000" + {{- if and .Values.blockscout.nftStorage.enabled (not .Values.blockscout.separateApi.enabled) }} + - name: NFT_MEDIA_HANDLER_ENABLED + value: 'true' + - name: NFT_MEDIA_HANDLER_REMOTE_DISPATCHER_NODE_MODE_ENABLED + value: 'true' + - name: RELEASE_NODE + value: 'indexer@{{ .Release.Name }}-blockscout-svc.{{ .Release.Namespace }}.svc.cluster.local' + - name: RELEASE_DISTRIBUTION + value: 'name' + - name: NFT_MEDIA_HANDLER_BACKFILL_ENABLED + value: 'true' + - name: ERL_AFLAGS + value: "-kernel inet_dist_listen_min 9138 inet_dist_listen_max 9139" + {{- end }} - name: CHAIN_ID value: {{ .Values.config.network.id | quote }} {{- if and .Values.config.network.currency.symbol (not .Values.config.network.currency.dualToken) }} @@ -278,6 +305,17 @@ spec: - name: http containerPort: 4000 protocol: TCP + {{- if .Values.blockscout.nftStorage.enabled }} + - name: epmd + containerPort: 4369 + protocol: TCP + - name: epmd-dyn-1 + containerPort: 9138 + protocol: TCP + - name: epmd-dyn-2 + containerPort: 9139 + protocol: TCP + {{- end }} env: - name: APPLICATION_MODE value: "indexer" @@ -291,6 +329,20 @@ spec: value: "true" - name: API_V1_WRITE_METHODS_DISABLED value: "true" + {{- if .Values.blockscout.nftStorage.enabled }} + - name: NFT_MEDIA_HANDLER_ENABLED + value: 'true' + - name: NFT_MEDIA_HANDLER_REMOTE_DISPATCHER_NODE_MODE_ENABLED + value: 'true' + - name: RELEASE_NODE + value: 'indexer@{{ .Release.Name }}-blockscout-indexer-svc.{{ .Release.Namespace }}.svc.cluster.local' + - name: RELEASE_DISTRIBUTION + value: 'name' + - name: NFT_MEDIA_HANDLER_BACKFILL_ENABLED + value: 'true' + - name: ERL_AFLAGS + value: "-kernel inet_dist_listen_min 9138 inet_dist_listen_max 9139" + {{- end }} {{- if and .Values.config.network.currency.symbol (not .Values.config.network.currency.dualToken) }} - name: COIN value: {{ .Values.config.network.currency.symbol | quote }} @@ -356,4 +408,125 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +--- +{{- if .Values.blockscout.nftStorage.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "blockscout-stack.fullname" . }}-blockscout-resizer + labels: + app: {{ .Release.Name }}-blockscout-resizer + {{- include "blockscout-stack.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.blockscout.replicaCount }} + selector: + matchLabels: + app: {{ .Release.Name }}-blockscout-resizer + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/blockscout-secret.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: {{ .Release.Name }}-blockscout-resizer + {{- include "blockscout-stack.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "blockscout-stack.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.blockscout.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-blockscout + securityContext: + {{- toYaml .Values.blockscout.securityContext | nindent 12 }} + image: "{{ .Values.blockscout.image.repository }}:{{ .Values.blockscout.image.tag }}" + resources: + {{- toYaml .Values.blockscout.nftStorage.resources | nindent 12 }} + imagePullPolicy: {{ .Values.blockscout.image.pullPolicy }} + {{- with .Values.blockscout.command }} + command: {{ . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.blockscout.args }} + args: {{ . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 4000 + protocol: TCP + - name: epmd + containerPort: 4369 + protocol: TCP + - name: epmd-dyn-1 + containerPort: 9140 + protocol: TCP + - name: epmd-dyn-2 + containerPort: 9141 + protocol: TCP + env: + - name: PORT + value: "4000" + - name: NFT_MEDIA_TMP_DIR + value: './images' + - name: NFT_MEDIA_HANDLER_ENABLED + value: 'true' + - name: NFT_MEDIA_HANDLER_REMOTE_DISPATCHER_NODE_MODE_ENABLED + value: 'true' + - name: NFT_MEDIA_HANDLER_IS_WORKER + value: 'true' + - name: NFT_MEDIA_HANDLER_NODES_MAP + {{- if .Values.blockscout.separateApi.enabled }} + value: '{"indexer@{{ .Release.Name }}-blockscout-indexer-svc.{{ .Release.Namespace }}.svc.cluster.local": "/{{ .Release.Name }}"}' + {{- else }} + value: '{"indexer@{{ .Release.Name }}-blockscout-svc.{{ .Release.Namespace }}.svc.cluster.local": "/{{ .Release.Name }}"}' + {{- end }} + - name: RELEASE_NODE + value: 'worker@{{ .Release.Name }}-blockscout-resizer-svc.{{ .Release.Namespace }}.svc.cluster.local' + - name: RELEASE_DISTRIBUTION + value: 'name' + - name: ERL_AFLAGS + value: "-kernel inet_dist_listen_min 9140 inet_dist_listen_max 9141" + envFrom: + - secretRef: + name: {{ include "blockscout-stack.fullname" . }}-blockscout-resizer + {{- if .Values.blockscout.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.blockscout.readinessProbe.path }} + port: http + scheme: HTTP + {{- with .Values.blockscout.readinessProbe.params }} + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.blockscout.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.blockscout.livenessProbe.path }} + port: http + scheme: HTTP + {{- with .Values.blockscout.livenessProbe.params }} + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.blockscout.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . | toYaml | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/blockscout-stack/templates/blockscout-migration-job.yaml b/charts/blockscout-stack/templates/blockscout-migration-job.yaml index a1aa806..e336cee 100644 --- a/charts/blockscout-stack/templates/blockscout-migration-job.yaml +++ b/charts/blockscout-stack/templates/blockscout-migration-job.yaml @@ -12,10 +12,14 @@ metadata: spec: template: spec: + securityContext: + {{- toYaml .Values.blockscout.podSecurityContext | nindent 8 }} containers: - name: blockscout-migrations image: "{{ .Values.blockscout.image.repository }}:{{ .Values.blockscout.image.tag }}" imagePullPolicy: {{ .Values.blockscout.image.pullPolicy }} + securityContext: + {{- toYaml .Values.blockscout.securityContext | nindent 12 }} {{- with .Values.blockscout.init.command }} command: {{ . | toYaml | nindent 12 }} {{- end }} diff --git a/charts/blockscout-stack/templates/blockscout-secret.yaml b/charts/blockscout-stack/templates/blockscout-secret.yaml index 692b9c3..3f2483f 100644 --- a/charts/blockscout-stack/templates/blockscout-secret.yaml +++ b/charts/blockscout-stack/templates/blockscout-secret.yaml @@ -7,7 +7,28 @@ metadata: {{- include "blockscout-stack.labels" . | nindent 4 }} type: Opaque data: +{{- if .Values.blockscout.nftStorage.enabled }} + RELEASE_COOKIE: {{ .Values.blockscout.nftStorage.cookie | b64enc }} + NFT_MEDIA_HANDLER_AWS_PUBLIC_BUCKET_URL: {{ .Values.blockscout.nftStorage.bucketUrl | b64enc }} +{{- end }} {{- range $key, $value := .Values.blockscout.envFromSecret }} {{ $key }}: {{ $value | b64enc }} {{- end }} +--- +{{- if .Values.blockscout.nftStorage.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "blockscout-stack.fullname" . }}-blockscout-resizer + labels: + {{- include "blockscout-stack.labels" . | nindent 4 }} +type: Opaque +data: + RELEASE_COOKIE: {{ .Values.blockscout.nftStorage.cookie | b64enc }} + NFT_MEDIA_HANDLER_AWS_BUCKET_HOST: {{ .Values.blockscout.nftStorage.bucketHost | b64enc }} + NFT_MEDIA_HANDLER_AWS_ACCESS_KEY_ID: {{ .Values.blockscout.nftStorage.accessKey | b64enc }} + NFT_MEDIA_HANDLER_AWS_SECRET_ACCESS_KEY: {{ .Values.blockscout.nftStorage.secretKey | b64enc }} + NFT_MEDIA_HANDLER_AWS_BUCKET_NAME: {{ .Values.blockscout.nftStorage.bucketName | b64enc }} + NFT_MEDIA_HANDLER_AWS_PUBLIC_BUCKET_URL: {{ .Values.blockscout.nftStorage.bucketUrl | b64enc }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/blockscout-stack/templates/blockscout-service.yaml b/charts/blockscout-stack/templates/blockscout-service.yaml index 6f74ccb..0417d3e 100644 --- a/charts/blockscout-stack/templates/blockscout-service.yaml +++ b/charts/blockscout-stack/templates/blockscout-service.yaml @@ -13,6 +13,80 @@ spec: targetPort: http protocol: TCP name: http + {{- if and .Values.blockscout.nftStorage.enabled (not .Values.blockscout.separateApi.enabled) }} + - port: 4369 + targetPort: epmd + protocol: TCP + name: epmd + - port: 9138 + targetPort: 9138 + protocol: TCP + name: epmd-dyn-1 + - port: 9139 + targetPort: 9139 + protocol: TCP + name: epmd-dyn-2 + {{- end }} selector: app: {{ include "blockscout-stack.fullname" . }}-blockscout +--- +{{- if .Values.blockscout.separateApi.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "blockscout-stack.fullname" . }}-blockscout-indexer-svc + labels: + app: {{ .Release.Name }}-blockscout-indexer-svc + {{- include "blockscout-stack.labels" . | nindent 4 }} +spec: + type: {{ .Values.blockscout.service.type }} + ports: + - port: {{ .Values.blockscout.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.blockscout.nftStorage.enabled }} + - port: 4369 + targetPort: epmd + protocol: TCP + name: epmd + - port: 9138 + targetPort: 9138 + protocol: TCP + name: epmd-dyn-1 + - port: 9139 + targetPort: 9139 + protocol: TCP + name: epmd-dyn-2 + {{- end }} + selector: + app: {{ .Release.Name }}-blockscout-indexer +{{- end }} +--- +{{- if .Values.blockscout.nftStorage.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "blockscout-stack.fullname" . }}-blockscout-resizer-svc + labels: + app: {{ .Release.Name }}-blockscout-resizer-svc + {{- include "blockscout-stack.labels" . | nindent 4 }} +spec: + type: {{ .Values.blockscout.service.type }} + ports: + - port: 4369 + targetPort: epmd + protocol: TCP + name: epmd + - port: 9140 + targetPort: 9140 + protocol: TCP + name: epmd-dyn-1 + - port: 9141 + targetPort: 9141 + protocol: TCP + name: epmd-dyn-2 + selector: + app: {{ .Release.Name }}-blockscout-resizer +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/blockscout-stack/values.yaml b/charts/blockscout-stack/values.yaml index 35aa29f..54b0da0 100644 --- a/charts/blockscout-stack/values.yaml +++ b/charts/blockscout-stack/values.yaml @@ -75,6 +75,21 @@ blockscout: requests: cpu: 500m memory: 1Gi + nftStorage: + enabled: false + cookie: secret + bucketHost: xxx.r2.cloudflarestorage.com + accessKey: "" + secretKey: "" + bucketName: nft + bucketUrl: https://pub-xxx.r2.dev + resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi ## Blockscout ENV vars ## ref: https://docs.blockscout.com/setup/env-variables ##