Skip to content

Commit

Permalink
review safe-client-gateway
Browse files Browse the repository at this point in the history
  • Loading branch information
@gjeanmart
gjeanmart committed Jul 25, 2024
1 parent 232bcf2 commit 89d73a2
Show file tree
Hide file tree
Showing 12 changed files with 149 additions and 214 deletions.
126 changes: 36 additions & 90 deletions charts/safe-client-gateway/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,28 @@
# Safe-Client-Gateway

[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/safe-stack)](https://artifacthub.io/packages/search?repo=safe-stack)

[Safe](https://safe.global/) is the leading Web3 Smart-Account infrastructure.
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/safe-client-gateway)](https://artifacthub.io/packages/search?repo=safe-client-gateway)

> [!WARNING]
> **Disclaimer:** This repository is currently a work in progress. While contributions and feedback are welcome, please note that the code and features may change frequently, and some functionalities may not be fully implemented or tested. Use this project at your own risk.
## Introduction

This chart bootstraps a [safe](https://github.com/safe-global/safe-infrastructure) infrastructure deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
This chart bootstraps a [safe-client-gateway](https://github.com/safe-global/safe-client-gateway) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.

We also package the following helm charts from Bitnami for you to _optionally_ use:

| Chart | Descrption |
|------------------------------------------------------------------------------|---------------------------------|
| [PostgreSQL](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) | For use as a database |
| [Redis](https://github.com/bitnami/charts/tree/main/bitnami/redis) | For enabling caching |
| [RabbitMQ](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq) | For use as a message broker |

## Prerequisites

- [Kubernetes 1.19+](https://kubernetes.io/)
- Persistent Volume provisioner support in the underlying infrastructure
- [Helm 3+](https://helm.sh). Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
- PostgreSQL v14
- Redis
- RabbitMQ
- Ethereum node
- [Safe-transaction-service](../safe-transaction-service/)
- [Safe-config-service](../safe-config-service/)
- Redis _(optional)_


## Installing the Chart
Expand All @@ -36,7 +31,8 @@ To install the chart with the release name `[RELEASE-NAME]`:

```bash
helm repo add safe https://5afe.github.io/safe-helm-charts/charts/packages
helm install [RELEASE-NAME] safe/safe-stack

helm install [RELEASE-NAME] safe/safe-client-gateway
```

The command deploys nextcloud on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
Expand All @@ -60,7 +56,7 @@ The command removes all the Kubernetes components associated with the chart and
To upgrade the `[RELEASE-NAME]` deployment with the latest version:

```bash
helm upgrade [RELEASE_NAME] safe/safe-stack
helm upgrade [RELEASE_NAME] safe/safe-client-gateway
```

## Configuration
Expand All @@ -70,87 +66,37 @@ The following table lists the configurable parameters of the nextcloud chart and
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:

```bash
helm show values safe/safe-stack
helm show values safe-client-gateway
```


| Parameter | Description | Default |
|------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|----------------------------|
| `xxxxxx` | xxxx | `xxxx`
| Parameter | Description | Default |
|---------------------------------------------|-----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|
| nameOverride | Provide a name in place of safe-client-gateway for `app:` labels | "" |
| fullnameOverride | Provide a name to substitute for the full names of resources | "" |
| imagePullSecrets | Reference to one or more secrets to be used when pulling images | "" |
| replicaCount | Number of instance for safe-client-gateway-web | 1 |
| image.repository | safe-client-gateway image name | safeglobal/safe-client-gateway |
| image.tag | safe-client-gateway image tag | latest |
| image.pullPolicy | Image pull policy | Always |
| extraEnv | Specify additional environment variables | [] |
| config.debug | Enable debug mode | true |
| config.cfgService.url | URL of the Config-Service | "" |
| config.security.authToken | Authentication token | "" |
| config.redis.useExisting | Use an existing Redis instance (or spin up one) | false |
| config.redis.url | Redis Url (redis://...) when config.redis.useExisting=true | "" |
| web.nodeSelector | | {} |
| web.affinity | | {} |
| web.tolerations | | {} |
| web.securityContext | | {} |
| web.podSecurityContext | | {} |
| web.resources | | {} |
| ingress.enabled | Enable ingress | true |
| ingress.ingressClassName | Ingress class name | nginx |
| ingress.host | Ingress host | cfg-service.minikube.net |
| ingress.annotations | Ingress annotations | nginx.ingress.kubernetes.io/force-ssl-redirect : "true" nginx.ingress.kubernetes.io/enable-cors : "true" nginx.ingress.kubernetes.io/cors-allow-methods : "OPTIONS, GET, HEAD, DELETE, PUT, POST" nginx.ingress.kubernetes.io/cors-allow-origin : "https://*.minikube.net" nginx.ingress.kubernetes.io/cors-allow-headers : "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Safe-Wallet-Signature,Safe-Wallet-Signature-Timestamp" |
| | | |


## Troubleshooting

-


## Development

### Developing locally with Minikube (on MacOS)

#### Install and Configure [Minikube](https://minikube.sigs.k8s.io/docs/start/?arch=%2Fmacos%2Farm64%2Fstable%2Fbinary+download)

```bash
brew install minikube
minikube start
minikube addons enable ingress
```

#### Configure TLS for your Ingresses

```bash
brew install mkcert
mkcert -install
mkcert -CAROOT
mkcert -key-file key.pem -cert-file cert.pem minikube.net *.minikube.net

kubectl -n kube-system create secret tls mkcert --key key.pem --cert cert.pem

vi /etc/hosts
127.0.0.1 txs-service.minikube.net
127.0.0.1 cgw-service.minikube.net
127.0.0.1 cfg-service.minikube.net
127.0.0.1 safe-wallet.minikube.net

minikube addons configure ingress
minikube addons disable ingress
minikube addons enable ingress
```


#### Install the Chart

```bash
helm install my-safe-stack .

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
my-safe-stack-cfg-db-669fd4fb69-5n7pj 1/1 Running 0 4h21m
my-safe-stack-cfg-web-798dc55779-w2gqc 2/2 Running 0 65m
my-safe-stack-cgw-redis-dcf485664-nq8df 1/1 Running 0 4h21m
my-safe-stack-cgw-web-b6f9d64bf-hlxq6 1/1 Running 0 4h21m
my-safe-stack-ganache-node-687b5f64c9-sbwht 1/1 Running 0 4h21m
my-safe-stack-txs-db-7ff8d54fcd-qmvxj 1/1 Running 0 4h21m
my-safe-stack-txs-rabbitmq-569f559f67-rqtv4 1/1 Running 0 4h21m
my-safe-stack-txs-redis-58d946c556-5krs4 1/1 Running 0 4h21m
my-safe-stack-txs-scheduler-65b796f5c6-rqh7r 1/1 Running 0 4h21m
my-safe-stack-txs-web-669f98475c-blxr7 2/2 Running 0 4h21m
my-safe-stack-txs-worker-649b65bf65-k29z8 1/1 Running 0 4h21m
my-safe-stack-wallet-79894d9789-z9sph 1/1 Running 0 4h21m
```

---

### TODO list

- [X] Config service
- [X] Client gateway service
- [X] Wallet service
- [ ] Events service
- [ ] use Secret when necessary
- [ ] Use Helm dependancies for PG, Redis and RabbitMQ
- [ ] Configure Helm output after install to explain how to configure txs-service and cfg-service
- NOTES.txt

### Bugs list
- [ ] CFG Media URL not working or use S3 (e.g minio)
-
20 changes: 9 additions & 11 deletions charts/safe-client-gateway/templates/env.configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
{{- if .Values.cgwService.enabled }}
---
apiVersion: v1
kind: ConfigMap
Expand All @@ -10,19 +9,19 @@ data:
## Common properties
HTTP_CLIENT_REQUEST_TIMEOUT_MILLISECONDS: "60000"
INFURA_API_KEY: ""
AUTH_TOKEN: "{{ .Values.cgwService.config.security.authToken }}"
AUTH_TOKEN: "{{ .Values.config.security.authToken }}"
USE_TX_SERVICE_VPC_URL: "true"

# Config Service - The base url for the Safe Config Service
SAFE_CONFIG_BASE_URI: {{ .Values.cgwService.config.cfgService.url }}
SAFE_CONFIG_BASE_URI: {{ .Values.config.cfgService.url }}

# Redis configuration
{{- if not .Values.cgwService.config.redis.useExisting }}
{{- if not .Values.config.redis.useExisting }}
REDIS_HOST: "{{ include "safe-client-gateway.fullname" . }}-redis"
{{ else }}
REDIS_HOST: "{{ .Values.cgwService.config.redis.host }}"
REDIS_HOST: "{{ .Values.config.redis.host }}"
{{- end }}
REDIS_PORT: "{{ .Values.cgwService.config.redis.port }}"
REDIS_PORT: "{{ .Values.config.redis.port }}"

# Cache Expiration Times
# The default cache expiration time in seconds if none is set (default=60)
Expand All @@ -32,7 +31,7 @@ data:
# TOKEN_NOT_FOUND_EXPIRE_TIME_SECONDS:

## Debug mode
{{- if .Values.cgwService.config.debug }}
{{- if .Values.config.debug }}
LOG_LEVEL: "debug"
{{ else }}
LOG_LEVEL: "info"
Expand Down Expand Up @@ -66,8 +65,7 @@ data:
RELAY_PROVIDER_API_KEY_SEPOLIA: ""

## Extra envs
{{- if .Values.cgwService.extraEnvVars }}
{{ .Values.cgwService.extraEnvVars | toYaml | nindent 2 }}
{{- if .Values.extraEnvVars }}
{{ .Values.extraEnvVars | toYaml | nindent 2 }}
{{- end }}
---
{{- end }}
---
2 changes: 1 addition & 1 deletion charts/safe-client-gateway/templates/redis/redis.deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (.Values.cgwService.enabled) (not .Values.cgwService.config.redis.useExisting) }}
{{- if not .Values.config.redis.useExisting }}
---
apiVersion: apps/v1
kind: Deployment
Expand Down
2 changes: 1 addition & 1 deletion charts/safe-client-gateway/templates/redis/redis.service.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (.Values.cgwService.enabled) (not .Values.cgwService.config.redis.useExisting) }}
{{- if not .Values.config.redis.useExisting }}
---
apiVersion: v1
kind: Service
Expand Down
22 changes: 10 additions & 12 deletions charts/safe-client-gateway/templates/web.deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
{{- if .Values.cgwService.enabled }}
---
apiVersion: apps/v1
kind: Deployment
Expand All @@ -7,7 +6,7 @@ metadata:
name: {{ include "safe-client-gateway.fullname" . }}-web

spec:
replicas: {{ .Values.cgwService.replicaCount }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ include "safe-client-gateway.fullname" . }}-web
Expand All @@ -18,8 +17,8 @@ spec:
spec:
containers:
- name: web
image: "{{ .Values.cgwService.image.repository }}:{{ .Values.cgwService.image.tag }}"
imagePullPolicy: {{ .Values.cgwService.image.pullPolicy }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- configMapRef:
name: {{ include "safe-client-gateway.fullname" . }}-env
Expand All @@ -36,31 +35,30 @@ spec:
port: 3000
timeoutSeconds: 10
periodSeconds: 30
{{- with .Values.cgwService.web.securityContext }}
{{- with .Values.web.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.cgwService.web.resources }}
{{- with .Values.web.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}

{{- with .Values.cgwService.web.nodeSelector }}
{{- with .Values.web.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.cgwService.web.affinity }}
{{- with .Values.web.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.cgwService.web.tolerations }}
{{- with .Values.web.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.cgwService.web.podSecurityContext }}
{{- with .Values.web.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}

---
{{- end }}
---
9 changes: 4 additions & 5 deletions charts/safe-client-gateway/templates/web.ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.cgwService.enabled .Values.cgwService.ingress.enabled }}
{{- if .Values.ingress.enabled }}
---
apiVersion: networking.k8s.io/v1

Expand All @@ -8,16 +8,15 @@ metadata:
name: {{ include "safe-client-gateway.fullname" . }}-web

annotations:
{{- range $k, $v := .Values.cgwService.ingress.annotations }}
{{- range $k, $v := .Values.ingress.annotations }}
{{ $k }}: {{ $v | quote }}
{{ end }}

spec:
# notice: ref: https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
ingressClassName: {{ .Values.cgwService.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}

rules:
- host: {{ .Values.cgwService.ingress.host }}
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /
Expand Down
4 changes: 1 addition & 3 deletions charts/safe-client-gateway/templates/web.service.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
{{- if .Values.cgwService.enabled }}
---
apiVersion: v1

Expand All @@ -15,5 +14,4 @@ spec:
protocol: TCP
port: 80
targetPort: 3000
---
{{- end }}
---
Loading

0 comments on commit 89d73a2

Please sign in to comment.