From 37394ac2d2327190881278582c8cb31da0c8356d Mon Sep 17 00:00:00 2001 From: ironoa Date: Thu, 21 Oct 2021 13:09:38 +0200 Subject: [PATCH] added basic auth, exposed 9096, ports refactoring --- README.md | 2 + charts/ipfs-cluster/Chart.yaml | 2 +- charts/ipfs-cluster/templates/_helpers.tpl | 5 +++ .../templates/configmap-bootstrap.yaml | 1 - charts/ipfs-cluster/templates/service.yaml | 44 ++++++++++++------- .../ipfs-cluster/templates/statefulset.yaml | 10 ++++- helmfile.d/10-ipfs-cluster.yaml | 2 +- 7 files changed, 46 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 085887a..a08887f 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,5 @@ # ipfs-cluster-chart Helm Chart for: https://cluster.ipfs.io/documentation/guides/k8s/ + +NOTE: all the secrets are hardcoded and will be replaced \ No newline at end of file diff --git a/charts/ipfs-cluster/Chart.yaml b/charts/ipfs-cluster/Chart.yaml index 41591ba..5ace123 100644 --- a/charts/ipfs-cluster/Chart.yaml +++ b/charts/ipfs-cluster/Chart.yaml @@ -1,4 +1,4 @@ description: IPFS Cluster chart name: ipfs-cluster -version: v0.0.1 +version: v0.0.2 apiVersion: v2 diff --git a/charts/ipfs-cluster/templates/_helpers.tpl b/charts/ipfs-cluster/templates/_helpers.tpl index 15d5c40..606c072 100644 --- a/charts/ipfs-cluster/templates/_helpers.tpl +++ b/charts/ipfs-cluster/templates/_helpers.tpl @@ -26,4 +26,9 @@ {{/* Returns the service name http */}} {{- define "ipfs-cluster.serviceNameHttp" -}} {{ .Release.Name }}-http +{{- end }} + +{{/* Returns the service name local */}} +{{- define "ipfs-cluster.serviceNameLocal" -}} +{{ .Release.Name }}-local {{- end }} \ No newline at end of file diff --git a/charts/ipfs-cluster/templates/configmap-bootstrap.yaml b/charts/ipfs-cluster/templates/configmap-bootstrap.yaml index b14b0d8..9b7f668 100644 --- a/charts/ipfs-cluster/templates/configmap-bootstrap.yaml +++ b/charts/ipfs-cluster/templates/configmap-bootstrap.yaml @@ -67,6 +67,5 @@ data: ipfs config --json Swarm.ConnMgr.HighWater 2000 ipfs config --json Datastore.BloomFilterSize 1048576 ipfs config Datastore.StorageMax 100GB - #ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["http://157.245.16.171:5001", "http://localhost:3000", "http://127.0.0.1:5001", "https://webui.ipfs.io"]' ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]' ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST"]' \ No newline at end of file diff --git a/charts/ipfs-cluster/templates/service.yaml b/charts/ipfs-cluster/templates/service.yaml index 7ce5192..3187521 100644 --- a/charts/ipfs-cluster/templates/service.yaml +++ b/charts/ipfs-cluster/templates/service.yaml @@ -1,3 +1,4 @@ +# Exposed apiVersion: v1 kind: Service metadata: @@ -15,22 +16,14 @@ spec: port: 4001 - name: swarm-udp targetPort: swarm-udp - port: 4002 - - name: ws - targetPort: ws - port: 8081 - - name: api-http - targetPort: api-http - port: 9094 - - name: proxy-http - targetPort: proxy-http - port: 9095 + port: 4002 - name: cluster-swarm targetPort: cluster-swarm - port: 9096 + port: 9096 #public with secret protection selector: app: {{ .Release.Name }} --- +# Exposed behind Proxy apiVersion: v1 kind: Service metadata: @@ -39,11 +32,32 @@ metadata: node: {{ .Release.Name }} spec: ports: - - name: api - targetPort: api - port: 5001 - name: gateway targetPort: gateway port: 8080 selector: - app: {{ .Release.Name }} \ No newline at end of file + app: {{ .Release.Name }} +--- +# Not Exposed +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ipfs-cluster.serviceNameHttpLocal" . }} + labels: + node: {{ .Release.Name }} +spec: + ports: + - name: api + targetPort: api + port: 5001 + - name: proxy-http + targetPort: proxy-http + port: 9095 + - name: ws + targetPort: ws + port: 8081 + - name: api-http + targetPort: api-http + port: 9094 + selector: + app: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/ipfs-cluster/templates/statefulset.yaml b/charts/ipfs-cluster/templates/statefulset.yaml index f1f53cb..a33e061 100644 --- a/charts/ipfs-cluster/templates/statefulset.yaml +++ b/charts/ipfs-cluster/templates/statefulset.yaml @@ -91,8 +91,14 @@ spec: key: cluster-secret - name: CLUSTER_MONITOR_PING_INTERVAL value: "3m" - - name: CLUSTER_RESTAPI_HTTPLISTENMULTIADDRESS - value: "/ip4/0.0.0.0/tcp/9094" + - name: CLUSTER_RESTAPI_LIBP2PLISTENMULTIADDRESS + value: "/ip4/0.0.0.0/tcp/9096" + - name: CLUSTER_RESTAPI_ID + value: "12D3KooWMfXzp2nmNrb7DM4PETYZbaKALnrnwiqnhvrUC66KyYrb" + - name: CLUSTER_RESTAPI_PRIVATEKEY + value: "CAESQEmvGJbMboEibpcWCTKOtDYU2eEyyHLN9gDdJli6Z2tksAkhFWNx0Fk3vOlwLIitE2rfGtIj61Ovla/mHC42Plg=" + - name: CLUSTER_RESTAPI_BASICAUTHCREDENTIALS + value: "w3f:password" - name: SVC_NAME value: {{ include "ipfs-cluster.serviceName" . }} ports: diff --git a/helmfile.d/10-ipfs-cluster.yaml b/helmfile.d/10-ipfs-cluster.yaml index a23c2a3..24234d5 100644 --- a/helmfile.d/10-ipfs-cluster.yaml +++ b/helmfile.d/10-ipfs-cluster.yaml @@ -13,7 +13,7 @@ releases: {{ if eq .Environment.Name "production" }} chart: w3f/ipfs-cluster namespace: ipfs - version: v0.0.1 + version: v0.0.2 {{ else }} chart: ../charts/ipfs-cluster {{ end }}