feat: allow external cardano-wallet (tls) and cardano-db-sync

Signed-off-by: Kranium Gikos Mendoza <kraniumgikos.mendoza@iohk.io>
input-output-hk · May 27, 2024 · 8e8c8d1 · 8e8c8d1
1 parent 94a31c5
commit 8e8c8d1
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 3 deletions.
diff --git a/infrastructure/charts/node/Chart.lock b/infrastructure/charts/node/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: nginx
+  repository: https://charts.bitnami.com/bitnami
+  version: 16.0.7
+digest: sha256:fbb6b2644c14ff1f2d2010bfb1892de4ad59837a811bc10850a67158be138af7
+generated: "2024-05-10T16:54:55.415234401+10:00"
diff --git a/infrastructure/charts/node/Chart.yaml b/infrastructure/charts/node/Chart.yaml
@@ -19,4 +19,8 @@ version: 2.4.1
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "2.4.1"
-dependencies: []
+dependencies:
+- name: nginx
+  repository: https://charts.bitnami.com/bitnami
+  version: 16.0.7
+  condition: vdr.externalResources.wallet.tls
diff --git a/infrastructure/charts/node/templates/configmap-nginx.yaml b/infrastructure/charts/node/templates/configmap-nginx.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.vdr.externalResources.wallet.tls }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wallet-nginx-proxy
+data:
+  server-block.conf: |
+    server {
+      listen 8080;
+      location / {
+        resolver 8.8.8.8;
+        proxy_pass https://{{ .Values.vdr.externalResources.wallet.host }}$uri$is_args$args;
+      }
+    }
+{{- end }}
diff --git a/infrastructure/charts/node/templates/deployment.yaml b/infrastructure/charts/node/templates/deployment.yaml
@@ -47,6 +47,26 @@ spec:
             value: {{ .Values.server.refereshAndSubmitPeriod | quote }}
           - name: NODE_CARDANO_CONFIRMATION_BLOCKS
             value: {{ .Values.server.confirmationBlocks | quote }}
+          {{- if and (eq "cardano" .Values.server.ledger) (not (empty .Values.vdr.externalResources.wallet.host)) }}
+          - name: NODE_CARDANO_WALLET_API_HOST
+            value: "{{ .Release.Name }}-wallet"
+          - name: NODE_CARDANO_WALLET_ID
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secrets.cardanoWallet }}"
+                key: id
+                optional: false
+          - name: NODE_CARDANO_WALLET_PASSPHRASE
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secrets.cardanoWallet }}"
+                key: passphrase
+                optional: false
+          - name: NODE_CARDANO_WALLET_API_PORT
+            value: "80"
+          - name: NODE_CARDANO_PAYMENT_ADDRESS
+            value: "{{ .Values.vdr.externalResources.wallet.payment_address }}"
+          {{- else if eq "cardano" .Values.server.ledger }}
           - name: NODE_CARDANO_WALLET_API_HOST
             value: "{{ .Values.vdr.cardanoNode }}.{{ .Values.vdr.cardanoNamespace }}"
           - name: NODE_CARDANO_WALLET_ID
@@ -69,7 +89,25 @@ spec:
                 name: "{{ .Values.vdr.cardanoNode }}-{{ .Values.vdr.cardanoWallet }}"
                 key: address
                 optional: false
-          {{- if eq "cardano" .Values.server.ledger }}
+          {{- end }}
+          {{- if and (eq "cardano" .Values.server.ledger) (not (empty .Values.vdr.externalResources.db_sync.host)) }}
+          - name: NODE_CARDANO_DB_SYNC_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secrets.cardanoDbSync }}"
+                key: username
+                optional: false
+          - name: NODE_CARDANO_DB_SYNC_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secrets.cardanoDbSync }}"
+                key: password
+                optional: false
+          - name: NODE_CARDANO_DB_SYNC_DATABASE
+            value: "{{ .Values.vdr.externalResources.db_sync.database }}"
+          - name: NODE_CARDANO_DB_SYNC_HOST
+            value: "{{ .Values.vdr.externalResources.db_sync.host }}"
+          {{- else if eq "cardano" .Values.server.ledger }}
           - name: NODE_CARDANO_DB_SYNC_USERNAME
             valueFrom:
               secretKeyRef:

diff --git a/infrastructure/charts/node/templates/externalsecret.yaml b/infrastructure/charts/node/templates/externalsecret.yaml
@@ -18,9 +18,9 @@ spec:
   dataFrom:
     - extract:
         key: {{ .Values.secrets.dockerRegistryToken }}
-
 ---
 # Requires wallet to be created (atm it's done through terraform module)
+{{- if and (eq .Values.server.ledger "cardano") (not (empty .Values.vdr.cardanoWallet)) }}
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
@@ -36,3 +36,41 @@ spec:
   dataFrom:
     - extract:
         key: {{ .Values.vdr.cardanoWallet }}
+---
+{{- end }}
+{{- if and (eq .Values.server.ledger "cardano") (not (empty .Values.vdr.externalResources.wallet.host)) }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "{{ .Values.secrets.cardanoWallet }}"
+  namespace: {{ .Release.Namespace }}
+  labels:
+      {{ template "labels.common" . }}
+spec:
+  refreshInterval: "0"
+  secretStoreRef:
+    name: {{ .Values.secrets.secretStore }}
+    kind: ClusterSecretStore
+  dataFrom:
+    - extract:
+        key: "{{ .Values.secrets.cardanoWallet }}"
+---
+{{- end }}
+{{- if and (eq .Values.server.ledger "cardano") (not (empty .Values.vdr.externalResources.db_sync.host)) }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "{{ .Values.secrets.cardanoDbSync }}"
+  namespace: {{ .Release.Namespace }}
+  labels:
+      {{ template "labels.common" . }}
+spec:
+  refreshInterval: "0"
+  secretStoreRef:
+    name: {{ .Values.secrets.secretStore }}
+    kind: ClusterSecretStore
+  dataFrom:
+    - extract:
+        key: "{{ .Values.secrets.cardanoDbSync }}"
+---
+{{- end }}
diff --git a/infrastructure/charts/node/values.yaml b/infrastructure/charts/node/values.yaml
@@ -11,6 +11,8 @@ ingress:
 secrets:
   secretStore: chart-base-secretstore
   dockerRegistryToken: chart-base-docker-registry-token
+  # cardanoWallet: must contain wallet_id and passphrase
+  # cardanoDbSync: must contain username and password
 
 server:
   ledger: "in-memory"
@@ -39,6 +41,21 @@ database:
     numberOfInstances: 2
 
 vdr:
+  externalResources:
+    wallet:
+      host:
+      payment_address:
+      # tls always true ATM
+      tls: true
+    db_sync:
+      host:
+      database:
   cardanoNode: atala-cardano-dev-preprod
   cardanoNamespace: cardano-stack
   cardanoWallet: dev-k8s-cardano-wallet
+
+nginx:
+  nameOverride: "wallet"
+  service:
+    type: "ClusterIP"
+  existingServerBlockConfigmap: wallet-nginx-proxy