diff --git a/charts/lnd/Chart.yaml b/charts/lnd/Chart.yaml new file mode 100644 index 0000000..9376888 --- /dev/null +++ b/charts/lnd/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +name: lnd +version: 0.1.0 +appVersion: v0.17.0-beta +description: A golang implementation of a Lightning Network node +keywords: + - lnd + - bitcoin +home: https://github.com/lightningnetwork/lnd diff --git a/charts/lnd/README.md b/charts/lnd/README.md new file mode 100644 index 0000000..87c5ea9 --- /dev/null +++ b/charts/lnd/README.md @@ -0,0 +1,54 @@ +# lnd + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v0.17.0-beta](https://img.shields.io/badge/AppVersion-v0.17.0--beta-informational?style=flat-square) + +A golang implementation of a Lightning Network node + +**Homepage:** + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| autoUnlock | bool | `false` | | +| autoUnlockPassword | string | `"password"` | | +| command[0] | string | `"lnd"` | | +| configurationFile."lnd.conf" | string | `"bitcoin.active=1\nbitcoin.mainnet=0\nbitcoin.testnet=1\ndebuglevel=info\nbitcoin.node=neutrino\nneutrino.addpeer=faucet.lightning.community\nneutrino.addpeer=lnd.bitrefill.com:18333\nrpclisten=0.0.0.0:10009\ntlsextradomain=nodes-lnd-internal.nodes\ntlsextradomain=lnd.dev.flitz.be\ntlsextraip=0.0.0.0\nprotocol.wumbo-channels=1\nprometheus.enable=false\nprometheus.listen=0.0.0.0:8989"` | | +| externalServices.p2pPort | int | `9735` | | +| externalServices.type | string | `"LoadBalancer"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"lightninglabs/lnd"` | | +| image.tag | string | `"v0.15.2-beta"` | | +| ingress.rest.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-prod"` | | +| ingress.rest.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| ingress.rest.annotations."nginx.ingress.kubernetes.io/backend-protocol" | string | `"HTTPS"` | | +| ingress.rest.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| ingress.rest.enable | bool | `false` | | +| ingress.rest.hosts[0].host | string | `"lnd.dev.flitz.be"` | | +| ingress.rest.hosts[0].paths[0].path | string | `"/"` | | +| ingress.rest.hosts[0].paths[0].port | int | `8080` | | +| ingress.rest.tls[0].hosts[0] | string | `"lnd.dev.flitz.be"` | | +| ingress.rest.tls[0].secretName | string | `"lnd-tls-secret"` | | +| ingress.rpc.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-prod"` | | +| ingress.rpc.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| ingress.rpc.annotations."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPCS"` | | +| ingress.rpc.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| ingress.rpc.enabled | bool | `false` | | +| ingress.rpc.hosts[0].host | string | `"rpc.lnd.dev.flitz.be"` | | +| ingress.rpc.hosts[0].paths[0].path | string | `"/"` | | +| ingress.rpc.hosts[0].paths[0].port | int | `10009` | | +| ingress.rpc.tls[0].hosts[0] | string | `"rpc.lnd.dev.flitz.be"` | | +| ingress.rpc.tls[0].secretName | string | `"lnd-rpc-tls-secret"` | | +| internalServices.prometheusPort | int | `8989` | | +| internalServices.restPort | int | `8080` | | +| internalServices.rpcPort | int | `10009` | | +| network | string | `"testnet"` | | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.enabled | bool | `true` | | +| persistence.size | string | `"5Gi"` | | +| resources.limits.memory | string | `"512Mi"` | | +| resources.requests.cpu | string | `"100m"` | | +| resources.requests.memory | string | `"512Mi"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/lnd/templates/NOTES.txt b/charts/lnd/templates/NOTES.txt new file mode 100644 index 0000000..da98c3d --- /dev/null +++ b/charts/lnd/templates/NOTES.txt @@ -0,0 +1,4 @@ +Note: Make sure to follow the instructions in the README to finish setting up your wallet. + +Once your wallet is setup, the lnd RPC interface can be accessed via port {{ .Values.internalServices.rpcPort }} on the following DNS name from within your cluster: +{{ template "lnd.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local diff --git a/charts/lnd/templates/_helpers.tpl b/charts/lnd/templates/_helpers.tpl new file mode 100644 index 0000000..1b38214 --- /dev/null +++ b/charts/lnd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "lnd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "lnd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "lnd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/lnd/templates/configmap.yaml b/charts/lnd/templates/configmap.yaml new file mode 100644 index 0000000..3f924ba --- /dev/null +++ b/charts/lnd/templates/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "lnd.fullname" . }} + labels: + app: {{ template "lnd.name" . }} + chart: {{ template "lnd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.configurationFile | indent 2 }} diff --git a/charts/lnd/templates/deployment.yaml b/charts/lnd/templates/deployment.yaml new file mode 100644 index 0000000..b96f9d7 --- /dev/null +++ b/charts/lnd/templates/deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "lnd.fullname" . }} + labels: + app: {{ template "lnd.name" . }} + chart: {{ template "lnd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: {{ template "lnd.name" . }} + release: {{ .Release.Name }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + app: {{ template "lnd.name" . }} + release: {{ .Release.Name }} + spec: + {{- if .Values.configurationFile }} + initContainers: + - name: copy-lnd-config + image: busybox + {{- if .Values.extraconfig }} + command: ['sh', '-c', 'for f in /configmap/*.conf; do (cat "${f}"; echo) >> /root/.lnd/lnd.conf; done'] + {{- else }} + command: ['sh', '-c', 'cat /configmap/lnd.conf > /root/.lnd/lnd.conf'] + {{- end }} + volumeMounts: + - name: configmap + mountPath: /configmap + - name: config + mountPath: /root/.lnd/ + {{- end }} + terminationGracePeriodSeconds: 60 + containers: + - name: {{ template "lnd.fullname" . }} + image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" + command: +{{ toYaml .Values.command | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + resources: +{{ toYaml .Values.resources | indent 12 }} + ports: + - name: rpc + containerPort: {{ .Values.internalServices.rpcPort }} + - name: rest + containerPort: {{ .Values.internalServices.restPort }} + - name: prometheus + containerPort: {{ .Values.internalServices.prometheusPort }} + - name: p2p + containerPort: {{ .Values.externalServices.p2pPort }} + volumeMounts: + - name: data + mountPath: /root/.lnd + subPath: .lnd + {{- if .Values.configurationFile }} + - name: config + mountPath: /root/.lnd/lnd.conf + subPath: lnd.conf + {{- end }} + {{- if .Values.autoUnlock }} + - name: secrets + mountPath: /passwords/wallet_password + subPath: wallet_password + {{- end }} + lifecycle: + preStop: + exec: + # Make sure we safely quit lnd so we don't corrupt + # anything + command: ["/bin/lncli", "-n", "{{ .Values.network }}", "stop"] + volumes: + {{- if .Values.autoUnlock }} + - name: secrets + secret: + secretName: {{ template "lnd.fullname" . }} + {{- end }} + {{- if .Values.configurationFile }} + - name: config + emptyDir: {} + - name: configmap + projected: + sources: + - configMap: + name: {{ template "lnd.fullname" . }} + {{- if .Values.extraconfig }} + - secret: + name: {{ .Values.extraconfig.secretName}} + {{- end }} + {{- end }} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "lnd.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end -}} diff --git a/charts/lnd/templates/ingress_rest.yaml b/charts/lnd/templates/ingress_rest.yaml new file mode 100644 index 0000000..6bb03d8 --- /dev/null +++ b/charts/lnd/templates/ingress_rest.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.rest.enabled -}} +{{- $fullName := include "lnd.fullname" . -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-rest + {{- with .Values.ingress.rest.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.rest.tls }} + tls: + {{- range .Values.ingress.rest.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.rest.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ $fullName }}-internal + port: + number: {{ .port }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/lnd/templates/ingress_rpc.yaml b/charts/lnd/templates/ingress_rpc.yaml new file mode 100644 index 0000000..b157348 --- /dev/null +++ b/charts/lnd/templates/ingress_rpc.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.rpc.enabled -}} +{{- $fullName := include "lnd.fullname" . -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-rpc + {{- with .Values.ingress.rpc.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.rpc.tls }} + tls: + {{- range .Values.ingress.rpc.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.rpc.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ $fullName }}-internal + port: + number: {{ .port }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/lnd/templates/pvc.yaml b/charts/lnd/templates/pvc.yaml new file mode 100644 index 0000000..a10283f --- /dev/null +++ b/charts/lnd/templates/pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "lnd.fullname" . }} + annotations: + "helm.sh/resource-policy": keep + labels: + app: {{ template "lnd.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/lnd/templates/secret.yaml b/charts/lnd/templates/secret.yaml new file mode 100644 index 0000000..e81f4d8 --- /dev/null +++ b/charts/lnd/templates/secret.yaml @@ -0,0 +1,9 @@ +{{ if .Values.autoUnlock }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ template "lnd.fullname" . }} +data: + wallet_password: {{ .Values.autoUnlockPassword | b64enc }} +{{ end }} diff --git a/charts/lnd/templates/svc.yaml b/charts/lnd/templates/svc.yaml new file mode 100644 index 0000000..4518416 --- /dev/null +++ b/charts/lnd/templates/svc.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "lnd.fullname" . }}-internal + labels: + app: {{ template "lnd.name" . }} + chart: {{ template "lnd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + - name: rpc + port: {{ .Values.internalServices.rpcPort }} + targetPort: rpc + - name: rest + port: {{ .Values.internalServices.restPort }} + targetPort: rest + - name: prometheus + port: {{ .Values.internalServices.prometheusPort }} + targetPort: prometheus + selector: + app: {{ template "lnd.name" . }} + release: {{ .Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "lnd.fullname" . }}-external + labels: + app: {{ template "lnd.name" . }} + chart: {{ template "lnd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.externalServices.type }} + ports: + - name: p2p + port: {{ .Values.externalServices.p2pPort }} + targetPort: p2p + selector: + app: {{ template "lnd.name" . }} + release: {{ .Release.Name }} diff --git a/charts/lnd/values.yaml b/charts/lnd/values.yaml new file mode 100644 index 0000000..4f1bdd8 --- /dev/null +++ b/charts/lnd/values.yaml @@ -0,0 +1,109 @@ +# Default values for bitcoind. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: lightninglabs/lnd + # tag: + pullPolicy: IfNotPresent + +command: + - lnd +# Ports that are exposed to other pods in your cluster +internalServices: + rpcPort: 10009 + restPort: 8080 + prometheusPort: 8989 + +# Ingress for REST API and GRPC interface +# only on test clusters eg. regtest +# Not for production! +ingress: + rest: + enable: false + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + hosts: + - host: lnd.example.com + paths: + - path: / + port: 8080 + tls: + - hosts: + - lnd.example.com + secretName: lnd-tls-secret + rpc: + enabled: false + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" + hosts: + - host: rpc.lnd.example.com + paths: + - path: / + port: 10009 + tls: + - hosts: + - rpc.lnd.example.com + secretName: lnd-rpc-tls-secret + +# Ports that are visible outside your cluster +externalServices: + p2pPort: 9735 + type: LoadBalancer + +persistence: + enabled: true + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 5Gi + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 512Mi + +# The network lnd is running on +network: testnet +# network: mainnet + +# Custom lnd configuration file used to override default lnd settings +configurationFile: + lnd.conf: |- + bitcoin.active=1 + bitcoin.mainnet=0 + bitcoin.testnet=1 + debuglevel=info + bitcoin.node=neutrino + neutrino.addpeer=faucet.lightning.community + neutrino.addpeer=lnd.bitrefill.com:18333 + rpclisten=0.0.0.0:10009 + tlsextradomain=nodes-lnd-internal.nodes + tlsextradomain=lnd.dev.flitz.be + tlsextraip=0.0.0.0 + protocol.wumbo-channels=1 + prometheus.enable=false + prometheus.listen=0.0.0.0:8989 +# wallet-unlock-password-file=/passwords/wallet_password +# extraConfig: +# secretName: lnd-secret-config +# secretKey: extra.conf +autoUnlock: false +autoUnlockPassword: password