Allow to advertise p2p service via NodePort or LodeBalancer, allow to use secrets from elsewhere

charts/charon/templates/configmap.yaml

@@ -61,9 +61,6 @@ data:
   {{- if .Values.config.p2pRelays }}
   CHARON_P2P_RELAYS: {{ .Values.config.p2pRelays | quote }}
   {{- end }}
-  {{- if .Values.config.p2pTcpAddress }}
-  CHARON_P2P_TCP_ADDRESS: {{ .Values.config.p2pTcpAddress }}:{{ .Values.p2pPort }}
-  {{- end }}
   {{- if .Values.config.privateKeyFile }}
   CHARON_PRIVATE_KEY_FILE: {{ .Values.config.privateKeyFile | quote }}
   {{- end }}
@@ -82,3 +79,22 @@ data:
   {{- if .Values.config.validatorApiAddress }}
   CHARON_VALIDATOR_API_ADDRESS: {{ .Values.config.validatorApiAddress }}:{{ .Values.httpPort }}
   {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "release.name" . }}-init
+  labels:
+  {{- include "charon.labels" . | nindent 4 }}
+data:
+  init.sh: |
+    #!/bin/sh
+    echo "Namespace: ${POD_NAMESPACE} Pod: ${POD_NAME}";
+  {{- if eq .Values.p2pPort.type "LoadBalancer" }}
+      until [ -n "$(kubectl -n ${POD_NAMESPACE} get svc/${POD_NAME} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" ]; do echo "Waiting for load balancer to get an IP" && sleep 10; done;
+      export EXTERNAL_IP=$(kubectl -n ${POD_NAMESPACE} get svc/${POD_NAME} -o jsonpath='{.status.loadBalancer.ingress[0].ip}');
+  {{- else if eq .Values.p2pPort.type "NodePort" }}
+      export EXTERNAL_IP=$(kubectl get nodes "${NODE_NAME}" -o jsonpath='{.status.addresses[?(@.type=="ExternalIP")].address}');
+  {{- end }}
+      echo "EXTERNAL_IP=$EXTERNAL_IP"     >> /env/init-nodeport;
+      cat /env/init-nodeport;

charts/charon/templates/deployment.yaml

@@ -48,11 +48,57 @@ spec:
       {{- if .Values.initContainers }}
         {{- tpl (toYaml .Values.initContainers | nindent 8) $ }}
       {{- end }}
+        - name: init
+          image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+          imagePullPolicy: {{ .Values.initImage.pullPolicy }}
+          securityContext:
+            runAsNonRoot: false
+            runAsUser: 0
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                  fieldRef:
+                    fieldPath: metadata.namespace
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          command: ['/bin/sh', '/scripts/init.sh']
+          volumeMounts:
+            - name: env-nodeport
+              mountPath: /env
+            - name: scripts-init
+              mountPath: /scripts
       containers:
-        - args:
-          - run
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           command:
-          - /usr/local/bin/charon
+            - /bin/sh
+            - -c
+            - |
+              {{- if ne .Values.p2pPort.type "ClusterIP" }}
+              . /env/init-nodeport
+              {{- end }}
+              exec charon run \
+              {{- if eq .Values.p2pPort.type "ClusterIP" }}
+              --p2p-tcp-address={{ .Values.config.p2pTcpAddress }}:{{ .Values.p2pPort.port }}
+              {{- else }}
+              --p2p-tcp-address={{ .Values.config.p2pTcpAddress }}:{{ .Values.p2pPort.nodePort }} \
+              --p2p-external-ip=$EXTERNAL_IP
+              {{- end }}
           env:
           - name: KUBERNETES_CLUSTER_DOMAIN
             value: {{ .Values.kubernetesClusterDomain }}
@@ -62,24 +108,24 @@ spec:
           envFrom:
           - configMapRef:
               name: {{ include "release.name" . }}
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-          name: {{ .Chart.Name }}
-          {{- with .Values.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             {{- toYaml .Values.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
           readinessProbe:
             {{- toYaml .Values.readinessProbe | nindent 12 }}
+          {{- end }}
           ports:
             - containerPort: {{ .Values.httpPort }}
               name: validator-api
               protocol: TCP
-            - containerPort: {{ .Values.p2pPort }}
+            - containerPort: {{ .Values.p2pPort.port }}
               name: p2p-tcp
               protocol: TCP
+            - containerPort: {{ .Values.p2pPort.port }}
+              name: p2p-udp
+              protocol: UDP
             - containerPort: {{ .Values.monitoringPort }}
               name: monitoring
               protocol: TCP
@@ -91,6 +137,8 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
+            - name: env-nodeport
+              mountPath: /env
           {{- if .Values.extraVolumeMounts -}}
             {{ toYaml .Values.extraVolumeMounts | nindent 12 }}
           {{- end }}
@@ -105,6 +153,12 @@ spec:
       {{- if .Values.extraVolumes -}}
         {{ toYaml .Values.extraVolumes | nindent 8 }}
       {{- end }}
+        - name: env-nodeport
+          emptyDir: {}
+        - name: scripts-init
+          configMap:
+            name: {{ include "release.name" . }}-init
+      {{- if .Values.secrets.enabled }}
         - name: charon-enr-private-key
           projected:
             sources:
@@ -115,4 +169,9 @@ spec:
             sources:
             - secret:
                 name: {{ .Values.secrets.clusterlock }}
-
+      {{- else }}
+        - name: cluster-lock
+          emptyDir: {}
+        - name: charon-enr-private-key
+          emptyDir: {}
+      {{- end }}

charts/charon/templates/prometheus-configmap.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: prometheus
+  name: {{ include "release.name" . }}-prometheus
 data:
   prometheus.yaml: |
     global:

charts/charon/templates/prometheus-deployment.yaml

@@ -3,17 +3,17 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    app: prometheus
-  name: prometheus
+    app: {{ include "release.name" . }}-prometheus
+  name: {{ include "release.name" . }}-prometheus
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: prometheus
+      app: {{ include "release.name" . }}-prometheus
   template:
     metadata:
       labels:
-        app: prometheus
+        app: {{ include "release.name" . }}-prometheus
     spec:
       containers:
       - args:
@@ -27,11 +27,15 @@ spec:
         - mountPath: /etc/prometheus/prometheus.yaml
           name: prometheus
           subPath: prometheus.yaml
+        {{- with .Values.centralMonitoring.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       securityContext:
         runAsUser: 0
       volumes:
       - configMap:
           defaultMode: 420
-          name: prometheus
+          name: {{ include "release.name" . }}-prometheus
         name: prometheus
-{{- end }}
+{{- end }}

charts/charon/templates/prometheus-service.yaml

@@ -2,14 +2,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: prometheus
+  name: {{ include "release.name" . }}-prometheus
 spec:
   ports:
   - port: 9090
     protocol: TCP
     targetPort: 9090
   selector:
-    app: prometheus
+    app: {{ include "release.name" . }}-prometheus
   sessionAffinity: None
   type: ClusterIP
 {{- end }}

charts/charon/templates/service-p2p.yaml

@@ -0,0 +1,39 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "release.name" . }}-p2p
+  labels:
+    {{- include "charon.labels" . | nindent 4 }}
+    type: p2p
+  {{- with .Values.p2pPort.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ $.Values.p2pPort.type }}
+  externalTrafficPolicy: Local
+  ports:
+  {{- if eq .Values.p2pPort.type "NodePort" }}
+    - name: p2p-tcp
+      port: {{ .Values.p2pPort.port }}
+      protocol: TCP
+      targetPort: {{ .Values.p2pPort.nodePort }}
+      nodePort: {{ .Values.p2pPort.nodePort }}
+    - name: p2p-udp
+      port: {{ .Values.p2pPort.port }}
+      protocol: UDP
+      targetPort: {{ .Values.p2pPort.nodePort }}
+      nodePort: {{ .Values.p2pPort.nodePort }}
+  {{- else }}
+    - port: {{ .Values.p2pPort.port }}
+      targetPort: p2p-tcp
+      protocol: TCP
+      name: p2p-tcp
+    - port: {{ .Values.p2pPort.port}}
+      targetPort: p2p-udp
+      protocol: UDP
+      name: p2p-udp
+  {{- end }}
+  selector:
+    {{- include "charon.selectorLabels" . | nindent 4 }}

charts/charon/templates/service.yaml

@@ -11,10 +11,6 @@ spec:
       targetPort: validator-api
       protocol: TCP
       name: validator-api
-    - port: {{ .Values.p2pPort }}
-      targetPort: p2p-tcp
-      protocol: TCP
-      name: p2p-tcp
     - port: {{ .Values.monitoringPort }}
       targetPort: monitoring
       protocol: TCP

charts/charon/values.yaml

@@ -8,6 +8,11 @@ image:
   pullPolicy: IfNotPresent
   tag: v1.2.0
 
+initImage:
+  repository: "bitnami/kubectl"
+  tag: "1.30.3"
+  pullPolicy: IfNotPresent
+
 # -- Credentials to fetch images from private registry
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
@@ -133,12 +138,28 @@ podDisruptionBudget:
 # -- HTTP Port
 httpPort: 3600
 
-# -- Engine Port (Auth Port)
-p2pPort: 3610
-
 # -- Monitoring Port
 monitoringPort: 3620
 
+## When p2pPort.type is NodePort, your P2P port will be exposed via service type NodePort.
+## This will generate a service with a port binding via NodePort.
+## This is useful if you want to expose and announce your node to the Internet.
+##
+p2pPort:
+  ## @param p2pPort.annotations
+  ##
+  annotations: {}
+  ## @param p2pPort.type
+  ## Options: NodePort, LoadBalancer, ClusterIP
+  type: NodePort
+  ## @param p2pNodePort.nodePort The port allocation will be set to this value
+  ##
+  nodePort: 32000
+  ## @param p2pPort.port The default P2P port for charon service
+  ##
+  port: 3610
+
+
 # -- Jaeger Port
 jaegerPort: 6831
 
@@ -199,9 +220,6 @@ config:
   # -- The DNS hostname advertised by libp2p. This may be used to advertise an external DNS.
   p2pExternalHostname: ""
 
-  # -- The IP address advertised by libp2p. This may be used to advertise an external IP.
-  p2pExternalIp: ""
-
   # -- Comma-separated list of libp2p relay URLs or multiaddrs. (default [https://0.relay.obol.tech/enr])
   p2pRelays: "https://0.relay.obol.tech/enr"
 
@@ -228,6 +246,7 @@ config:
 
 # -- Kubernetes secrets names
 secrets:
+  enabled: true
   # -- validators keys
   validatorKeys: "validator-keys"
   # -- charon enr private key
@@ -282,13 +301,15 @@ serviceMonitor:
 
 # -- Configure liveness probes
 livenessProbe:
+  enabled: true
   initialDelaySeconds: 60
   periodSeconds: 120
   httpGet:
     path: /livez
     port: monitoring
 # -- Configure readiness probes
 readinessProbe:
+  enabled: true
   initialDelaySeconds: 10
   periodSeconds: 10
   httpGet:
@@ -303,4 +324,3 @@ centralMonitoring:
   promEndpoint: "https://vm.monitoring.gcp.obol.tech/write"
   # -- The authentication token to the central prometheus
   token: ""
-