Improve friendbot helm chart

The changes should be backwards compatible
* add support for pre-existing secret
* move non-sensitive config from a Secret to a ConfigMap
* add support for otel config options
* add support for using rpc_url
* add support for using fund_contract_addresses
* add support for adding Deployment annotations
* add support for non-standard deployment strategy
* add support for setting ingressClassName

Author: jacekn

charts/friendbot/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: friendbot
 description: This chart will deploy friendbot to your private network
-version: 0.0.3
+version: 0.0.4
 appVersion: "bbdf3132"
 maintainers: 
   - name: Stellar Development Foundation

charts/friendbot/templates/_helpers.tpl

@@ -22,3 +22,12 @@
 {{- define "common.friendbotImage" -}}
 {{ .Values.global.image.friendbot.registry }}/{{ .Values.global.image.friendbot.repository }}:{{ .Values.global.image.friendbot.tag | default .Chart.AppVersion }}
 {{- end -}}
+
+{{- define "friendbot.secretName" -}}
+{{- $friendbotSecret := get .Values.friendbot "secret" | default dict -}}
+{{- if (get $friendbotSecret "existingSecret") -}}
+{{- get $friendbotSecret "existingSecret" -}}
+{{- else -}}
+{{- printf "%s-secret" (include "common.fullname" .) -}}
+{{- end -}}
+{{- end -}}

charts/friendbot/templates/friendbot-config.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.fullname" . }}-config
+  {{- if .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    app: {{ template "common.fullname" . }}
+    chart: {{ template "common.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  friendbot.conf: |
+    {{- $config := .Values.friendbot.configmap | default dict }}
+    {{- $horizonUrl := coalesce .Values.friendbot.configmap.horizon_url .Values.global.horizonUrl (printf "%s-horizon-ingest" .Release.Name) }}
+    port = {{ .Values.friendbot.configmap.port | default 8000 }}
+    network_passphrase = {{ .Values.global.networkPassphrase | quote }}
+    {{- if .Values.friendbot.configmap.rpc_url }}
+    rpc_url = {{ .Values.friendbot.configmap.rpc_url | quote }}
+    {{- else }}
+    horizon_url = {{ $horizonUrl | quote }}
+    {{- end }}
+    starting_balance = {{ .Values.friendbot.configmap.starting_balance | default 10000 | quote }}
+    num_minions = {{ .Values.friendbot.configmap.num_minions | default 1000 }}
+    base_fee = {{ .Values.friendbot.configmap.base_fee | default 100000 }}
+    minion_batch_size = {{ .Values.friendbot.configmap.minion_batch_size | default 50 }}
+    submit_tx_retries_allowed = {{ .Values.friendbot.configmap.submit_tx_retries_allowed | default .Values.friendbot.configmap.tx | default 5 }}
+    {{- if hasKey $config "otel_enabled" }}
+    otel_enabled = {{ .Values.friendbot.configmap.otel_enabled }}
+    {{- end }}
+    {{- if .Values.friendbot.configmap.otel_enabled }}
+    otel_endpoint = {{ required "Set friendbot.configmap.otel_endpoint when friendbot.configmap.otel_enabled=true" .Values.friendbot.configmap.otel_endpoint | quote }}
+    {{- end }}
+    {{- if hasKey $config "fund_contract_addresses" }}
+    fund_contract_addresses = {{ .Values.friendbot.configmap.fund_contract_addresses }}
+    {{- end }}

charts/friendbot/templates/friendbot-deployment.yaml

@@ -13,13 +13,23 @@ metadata:
     chart: {{ template "common.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  {{- if (.Values.friendbot.deployment).deploymentAnnotations }}
+  annotations:
+    {{- range $key, $value := .Values.friendbot.deployment.deploymentAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
 spec:
   replicas: {{ .Values.friendbot.deployment.container.replicaCount }}
   selector:
     matchLabels:
       app: {{ template "common.fullname" . }}
   strategy:
+    {{- if .Values.friendbot.deployment.strategy }}
+    {{- toYaml .Values.friendbot.deployment.strategy | nindent 4 }}
+    {{- else }}
     type: RollingUpdate
+    {{- end }}
   template:
     metadata:
       labels:
@@ -50,6 +60,9 @@ spec:
           {{- end }}
         {{- end }}
         imagePullPolicy: {{ .Values.global.image.friendbot.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.friendbot.service.targetport | default 8004 }}
+          protocol: TCP
         startupProbe:
           tcpSocket:
             port: {{ .Values.friendbot.deployment.container.startupProbe.tcpSocketPort }}
@@ -58,10 +71,20 @@ spec:
           periodSeconds: {{ .Values.friendbot.deployment.container.startupProbe.periodSeconds }}
           timeoutSeconds: {{ .Values.friendbot.deployment.container.startupProbe.timeoutSeconds }}
         volumeMounts:
-        - name: config-volume
-          mountPath: /config
+        - name: friendbot-secret
+          mountPath: /secret
+          readOnly: true
+        - name: friendbot-conf
+          mountPath: /config/friendbot.conf
+          subPath: friendbot.conf
           readOnly: true
       volumes:
-        - name: config-volume
+        - name: friendbot-secret
           secret:
-            secretName: {{ template "common.fullname" . }}-vol
+            secretName: {{ include "friendbot.secretName" . }}
+        - name: friendbot-conf
+          configMap:
+            name: {{ template "common.fullname" . }}-config
+            items:
+              - key: friendbot.conf
+                path: friendbot.conf

charts/friendbot/templates/friendbot-ingress.yaml

@@ -13,6 +13,9 @@ metadata:
     {{- end }}
     {{- end }}
 spec:
+  {{- if .Values.friendbot.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.friendbot.ingress.ingressClassName }}
+  {{- end }}
   tls:
   - secretName: {{ template "common.fullname" . }}-cert
     hosts:

charts/friendbot/templates/friendbot-secret.yaml

@@ -1,8 +1,12 @@
+{{- $friendbotSecret := get .Values.friendbot "secret" | default dict }}
+{{- $friendbotConfig := get .Values.friendbot "configmap" | default dict }}
+{{- $friendbotAccountSeed := coalesce (get $friendbotSecret "friendbotAccountSeed") (get $friendbotConfig "friendbotAccountSeed") "" }}
+{{- if not (get $friendbotSecret "existingSecret") }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "common.fullname" . }}-vol
+  name: {{ include "friendbot.secretName" . }}
   {{- if .Release.Namespace }}
   namespace: {{ .Release.Namespace }}
   {{- end }}
@@ -12,17 +16,6 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 stringData:
-  friendbot.conf: |
-    port = {{ .Values.friendbot.configmap.port | default 8000 }}
-    friendbot_secret = {{ .Values.friendbot.configmap.friendbotAccountSeed | quote }}
-    network_passphrase =  {{ .Values.global.networkPassphrase | quote }}
-    starting_balance =  {{ .Values.friendbot.configmap.starting_balance | default 10000 | quote }}
-    num_minions = {{ .Values.friendbot.configmap.num_minions | default 1000 }}
-    base_fee = {{ .Values.friendbot.configmap.base_fee | default 100000 }}
-    minion_batch_size = {{ .Values.friendbot.configmap.minion_batch_size | default 50 }}
-    submit_tx_retries_allowed = {{ .Values.friendbot.configmap.submit_tx_retries_allowed | default .Values.friendbot.configmap.tx | default 5 }}
-    {{- if (.Values.global).horizonUrl }}
-    horizon_url =  {{ .Values.global.horizonUrl | quote }}
-    {{- else }}
-    horizon_url =  {{ .Release.Name }}-horizon-ingest
-    {{- end }}
+  secret.conf: |
+    friendbot_secret = {{ required "Set friendbot.secret.existingSecret or set friendbot.secret.friendbotAccountSeed (legacy fallback: friendbot.configmap.friendbotAccountSeed)" $friendbotAccountSeed | quote }}
+{{- end }}

charts/friendbot/values.yaml

@@ -21,10 +21,19 @@ friendbot:
   # serviceAccountName: default
 
   deployment:
+    # deploymentAnnotations:
+    #   reloader.stakater.com/auto: "true"
+    strategy:
+      type: RollingUpdate
+      # rollingUpdate:
+      #   maxUnavailable: 0
+      #   maxSurge: 1
     container:
       cliArgs:
       - --conf
       - /config/friendbot.conf
+      - --secret
+      - /secret/secret.conf
       replicaCount: 1
       startupProbe:
         tcpSocketPort: 8004
@@ -44,18 +53,35 @@ friendbot:
     targetport: 8004
 
   ingress:
-    # port: 80
-    #annotations:
-    #  kubernetes.io/ingress.class: "public"
-    #  cert-manager.io/cluster-issuer: "default"
     host: "friendbot.example.com"
+    # ingressClassName: ""
+    # port: 80
+    # annotations:
+    #   cert-manager.io/cluster-issuer: "default"
+
+  secret:
+    ## Friendbot requires account seed to be configured. This can be provided using two mutually exclusive ways:
+    ## 1. Using the friendbotAccountSeed value. The chart will create secret with the required content
+    ##    If not set, chart falls back to legacy friendbot.configmap.friendbotAccountSeed
+    ## 2. Using the existingSecret value. The chart will mount the secret in the Deployment.
+    ##    Required format for existingSecret:
+    ##    - Secret must contain a key named `secret.conf`
+    ##    - That key is mounted as /secret/secret.conf (used by container args)
+    ##    - secret.conf content must use: friendbot_secret = "<stellar_secret_seed>"
+    # friendbotAccountSeed: "XXXXXXX"
+    # existingSecret: ""
 
   configmap:
     port: 8000 
-    # friendbotAccountSeed: "XXXXXXX" # this comes from stellar-network parent chart
+    # friendbotAccountSeed: "XXXXXXX" # legacy fallback; prefer friendbot.secret.friendbotAccountSeed
+    # otel_enabled: false
+    # otel_endpoint: "http://otel-collector:4318"
+    # rpc_url: "https://soroban-rpc.example.com"
+    # horizon_url: "https://horizon-testnet.stellar.org"
     # starting_balance: 10000
     # num_minions: 1000
     # base_fee: 10000
     # minion_batch_size: 50
     # submit_tx_retries_allowed: 5
+    # fund_contract_addresses: true