feat(chart/eleel): update to handle new jwts config (#274)

* feat(chart/eleel): update to handle new jwts config * update ci values * lint ci yaml
ethpandaops · Jan 19, 2024 · c1e5f9c · c1e5f9c
1 parent fdedd23
commit c1e5f9c
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 18 deletions.
diff --git a/charts/eleel/Chart.yaml b/charts/eleel/Chart.yaml
@@ -3,7 +3,7 @@ name: eleel
 description: A multiplexer for Ethereum execution clients
 home: https://github.com/sigp/eleel
 type: application
-version: 0.1.4
+version: 0.1.5
 maintainers:
   - name: samcm
     email: sam.calder-mason@ethereum.org

diff --git a/charts/eleel/README.md b/charts/eleel/README.md
@@ -1,7 +1,7 @@
 
 # eleel
 
-![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A multiplexer for Ethereum execution clients
 
@@ -14,9 +14,12 @@ A multiplexer for Ethereum execution clients
 | affinity | object | `{}` | Affinity configuration for pods |
 | annotations | object | `{}` | Annotations for the Deployment |
 | args | list | `[]` | Command arguments |
+| clientJWTSecrets | object | `{}` | Client JWT secrets map |
 | containerSecurityContext | object | See `values.yaml` | The security context for containers |
+| controllerJWTSecret | string | `""` | Controller JWT secret |
 | customArgs | list | `[]` | Custom args for the eleel container |
 | customCommand | list | `[]` | Command replacement for the eleel container |
+| eeJWTSecret | string | `""` | Execution Engine JWT secret |
 | extraContainers | list | `[]` | Additional containers |
 | extraEnv | list | `[]` | Additional env variables |
 | extraPodPorts | list | `[]` | Extra Pod ports |
@@ -34,7 +37,6 @@ A multiplexer for Ethereum execution clients
 | ingress.hosts[0].paths | list | `[]` |  |
 | ingress.tls | list | `[]` | Ingress TLS |
 | initContainers | list | `[]` | Additional init containers |
-| jwt | string | `""` | Execution Engine JWT secret |
 | livenessProbe | object | See `values.yaml` | Liveness probe |
 | nameOverride | string | `""` | Overrides the chart's name |
 | nodeSelector | object | `{}` | Node selector for pods |

diff --git a/charts/eleel/ci/ct-values.yaml b/charts/eleel/ci/ct-values.yaml
@@ -1 +1,5 @@
-jwt: ecb22bc24e7d4061f7ed690ccd5846d7d73f5d2b9733267e12f56790398d908a
+eeJWTSecret: ecb22bc24e7d4061f7ed690ccd5846d7d73f5d2b9733267e12f56790398d908a
+controllerJWTSecret: ecb22bc24e7d4061f7ed690ccd5846d7d73f5d2b9733267e12f56790398d908a
+clientJWTSecrets:
+  node1: c259fb249f7fa1882b1d4150ace73c1023aba4f6267b29a871ad5c9adc7a543a
+  node2: fb6073f77160f9a7ce11190d3612e841daea2e7319a59e1d82a8804e9fa193ee
diff --git a/charts/eleel/templates/_helpers.tpl b/charts/eleel/templates/_helpers.tpl
@@ -63,4 +63,14 @@ Create the name of the service account to use
 
 {{- define "eleel.httpPort" -}}
 {{ default 8552 }}
-{{- end }}
+{{- end }}
+
+{{/*
+Generate TOML format for client JWT secrets
+*/}}
+{{- define "eleel.clientJWTSecretsToToml" -}}
+[secrets]
+{{- range $key, $value := .Values.clientJWTSecrets }}
+{{ $key }} = "{{ $value }}"
+{{- end }}
+{{- end -}}
diff --git a/charts/eleel/templates/deployment.yaml b/charts/eleel/templates/deployment.yaml
@@ -49,9 +49,9 @@ spec:
           - "eleel"
           - --listen-address=0.0.0.0
           - --listen-port={{ include "eleel.httpPort" . }}
-          {{- if .Values.jwt }}
-          - --ee-jwt-secret=/jwt.hex
-          {{- end }}
+          - --ee-jwt-secret=/config/execution.jwt
+          - --controller-jwt-secret=/config/controller.jwt
+          - --client-jwt-secrets=/config/client-secrets.toml
           {{- if gt (len .Values.args) 0 }}
           {{- toYaml .Values.args | nindent 10}}
           {{- end }}
@@ -63,12 +63,9 @@ spec:
         securityContext:
           {{- toYaml .Values.containerSecurityContext | nindent 12 }}
         volumeMounts:
-          {{- if .Values.jwt }}
           - name: jwt
-            mountPath: "/jwt.hex"
-            subPath: jwt.hex
+            mountPath: "/config"
             readOnly: true
-          {{- end }}
           {{- if .Values.extraVolumeMounts }}
             {{ toYaml .Values.extraVolumeMounts | nindent 12 }}
           {{- end }}
@@ -112,8 +109,6 @@ spec:
       {{- if .Values.extraVolumes }}
         {{ toYaml .Values.extraVolumes | nindent 8}}
       {{- end }}
-      {{- if .Values.jwt }}
         - name: jwt
           secret:
             secretName: {{ include "eleel.fullname" . }}-jwt
-      {{- end }}
diff --git a/charts/eleel/templates/secret.yaml b/charts/eleel/templates/secret.yaml
@@ -8,13 +8,13 @@ data:
 {{- range $key, $value := .Values.secretEnv }}
   {{ $key }}: {{ $value | b64enc }}
 {{- end }}
-{{- if .Values.jwt }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "eleel.fullname" . }}-jwt
 type: Opaque  
 data:
-  jwt.hex: {{ .Values.jwt | b64enc }}
-{{- end }}
+  execution.jwt: {{ .Values.eeJWTSecret | b64enc }}
+  controller.jwt: {{ .Values.controllerJWTSecret | b64enc }}
+  client-secrets.toml: {{ include "eleel.clientJWTSecretsToToml" . | b64enc }}
diff --git a/charts/eleel/values.yaml b/charts/eleel/values.yaml
@@ -25,7 +25,14 @@ args: []
   #- --ee-url=http://your-eth1-node:8551
 
 # -- Execution Engine JWT secret
-jwt: ""
+eeJWTSecret: ""
+# -- Controller JWT secret
+controllerJWTSecret: ""
+# -- Client JWT secrets map
+clientJWTSecrets: {}
+  ## Example
+  # node1: c259fb249f7fa1882b1d4150ace73c1023aba4f6267b29a871ad5c9adc7a543a
+  # node2: fb6073f77160f9a7ce11190d3612e841daea2e7319a59e1d82a8804e9fa193ee
 
 ingress:
   # -- Ingress resource for the HTTP API