renterd 1.1.0

index.yaml

@@ -3,7 +3,31 @@ entries:
   renterd:
   - apiVersion: v2
     appVersion: 1.0.5
-    created: "2024-03-14T13:02:27.05742037Z"
+    created: "2024-03-15T18:49:59.089364457Z"
+    dependencies:
+    - condition: mysql.enabled
+      name: mysql
+      repository: https://charts.bitnami.com/bitnami
+      version: 9.23.0
+    description: Sia renterd helm chart
+    digest: 368d51aa09ffb1fd1acf6e0e2b7efb2097bbcfb0e9f7ca49c4b58b04a7c4621f
+    icon: https://i.imgur.com/pWg0PRK.png
+    keywords:
+    - storage
+    - distributed
+    - blockchain
+    - sia
+    - renter
+    - s3
+    - webui
+    name: renterd
+    type: application
+    urls:
+    - https://charts.motyka.pro/renterd-1.1.0.tgz
+    version: 1.1.0
+  - apiVersion: v2
+    appVersion: 1.0.5
+    created: "2024-03-15T18:49:59.085465767Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -27,7 +51,7 @@ entries:
     version: 1.0.6
   - apiVersion: v2
     appVersion: 1.0.5
-    created: "2024-03-14T13:02:27.052184835Z"
+    created: "2024-03-15T18:49:59.078159715Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -51,7 +75,7 @@ entries:
     version: 1.0.5
   - apiVersion: v2
     appVersion: 1.0.5
-    created: "2024-03-14T13:02:27.038181136Z"
+    created: "2024-03-15T18:49:59.061529279Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -75,7 +99,7 @@ entries:
     version: 1.0.4
   - apiVersion: v2
     appVersion: 1.0.0
-    created: "2024-03-14T13:02:27.023010149Z"
+    created: "2024-03-15T18:49:59.047452313Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -99,7 +123,7 @@ entries:
     version: 1.0.3
   - apiVersion: v2
     appVersion: 1.0.0
-    created: "2024-03-14T13:02:27.00569118Z"
+    created: "2024-03-15T18:49:59.031214036Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -123,7 +147,7 @@ entries:
     version: 1.0.2
   - apiVersion: v2
     appVersion: 1.0.0
-    created: "2024-03-14T13:02:26.994493915Z"
+    created: "2024-03-15T18:49:59.020636194Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -147,7 +171,7 @@ entries:
     version: 1.0.1
   - apiVersion: v2
     appVersion: 1.0.0
-    created: "2024-03-14T13:02:26.977149208Z"
+    created: "2024-03-15T18:49:59.004517368Z"
     dependencies:
     - condition: mysql.enabled
       name: mysql
@@ -161,4 +185,4 @@ entries:
     urls:
     - https://charts.motyka.pro/renterd-1.0.0.tgz
     version: 1.0.0
-generated: "2024-03-14T13:02:26.962129213Z"
+generated: "2024-03-15T18:49:58.989826439Z"

renterd/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: mysql
   repository: https://charts.bitnami.com/bitnami
-  version: 9.22.0
-digest: sha256:341503bd83dc35b422dd638138780ff2b945625eaf0b4d71543508c1f1f605aa
-generated: "2024-03-02T04:09:41.447790141Z"
+  version: 9.23.0
+digest: sha256:0a0d1b31622764115b3e4b990b6a40a48c77221312c48d022b216cf0156a32ce
+generated: "2024-03-15T18:43:41.653680412Z"

renterd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: renterd
 description: Sia renterd helm chart
 type: application
-version: 1.0.6
+version: 1.1.0
 appVersion: "1.0.5"
 icon: https://i.imgur.com/pWg0PRK.png
 keywords:
@@ -15,6 +15,6 @@ keywords:
 - webui
 dependencies:
   - name: mysql
-    version: 9.22.0
+    version: 9.23.0
     repository: https://charts.bitnami.com/bitnami
     condition: mysql.enabled

renterd/README.md

@@ -10,20 +10,38 @@ Helm chart for [Sia renterd software](https://sia.tech/software/renterd).
 
 ```
 helm repo add artur9010 https://charts.motyka.pro
-helm install renterd artur9010/renterd --version 1.0.6
+helm install renterd artur9010/renterd --version 1.1.0
 ```
 
 ## Requirements
 
 - Kubernetes 1.28+ cluster, nodes should have at least 8GB of ram as renterd is memory hungry. It should work with older versions of k8s but I haven't tested it.
 - Some kind of persistent storage (longhorn, ceph, aws-ebs etc.) and 50GB of available storage (mostly for blockchain copy). It's only required by `renterd-bus` pod which contains consensus (blockchain) copy and partial slabs. There is no support for hostPath, but [rancher local path provisioner](https://github.com/rancher/local-path-provisioner) should work fine
-- Manual creation of secret, see "Creating secret" section.
 
 renterd can run with sqlite or mysql database, due to performance issues on sqlite one I decided to not include an option to use sqlite. This chart includes bitnami mysql chart which is enabled by default. If you already have mysql database, check the instructions below.
 
+## Setup guide
+
+Before you install this helm chart, create a secrets in destination namespace.
+
+### Creating secret with seed and api passwords
+
+Create an .txt file named secret.txt and containing:
+```
+RENTERD_SEED=24 words
+RENTERD_API_PASSWORD=secure_api_password
+RENTERD_BUS_API_PASSWORD=secure_api_password
+RENTERD_WORKER_API_PASSWORD=secure_api_password
+```
+
+Seed: You can generate seed here: https://iancoleman.io/bip39/, make sure to select 24 words.
+Password: API password, use the same value for all 3 of them.
+
+Now run `kubectl create secret generic <secret name from values> -n <your namespace> --from-env-file=secret.txt`
+
 ### How to use external mysql database
 
-If you already have a mysql databse - just disable built-in chart (`mysql.enabled` set to `false`) and create secret named `renterd-mysql` inside renterd namespace.
+If you already have a mysql databse - just disable built-in chart (`mysql.enabled` set to `false`) and create secret named `renterd-mysql` (you can change secret name in values, see `databaseSecretName`) inside renterd namespace.
 
 Create an .txt file named mysql.txt and containing:
 ```
@@ -40,23 +58,10 @@ Additional requirements for external mysql database:
 - `max_connections` a bit higher than default 151, 1024 works fine
 - `log_bin_trust_function_creators` set to 1 (as long as your db user dosen't have SUPER privilage, see https://github.com/SiaFoundation/renterd/issues/910)
 
-## Creating secret
-
-Create an .txt file named secret.txt and containing:
-```
-RENTERD_SEED=24 words
-RENTERD_API_PASSWORD=secure_api_password
-RENTERD_BUS_API_PASSWORD=secure_api_password
-RENTERD_WORKER_API_PASSWORD=secure_api_password
-```
-
-Seed: You can generate seed here: https://iancoleman.io/bip39/, make sure to select 24 words.
-Password: API password, use the same value for all 3 of them.
-
-Now run `kubectl create secret generic <secret name from values> -n <your namespace> --from-env-file=secret.txt`
-
 ## CPU and memory requirements
+
 Tested on Ryzen zen1 platform (Ryzen 5 2200G, 2400G) while uploading files via s3 api using rclone (--transfers 20)
+
 ```
 ➜  ~ kubectl top pod -n renterd-zen
 NAME                                 CPU(cores)   MEMORY(bytes)   
@@ -82,6 +87,26 @@ Looking for more [netcup coupons](https://netcup-coupons.com)? Check [netcup-cou
 
 ## Changelog
 
+### 1.1.0
+- Moved all contents of `.renterd` to main level of values.yaml
+
+old
+```
+renterd:
+  s3:
+    enabled: true
+```
+
+new
+```
+s3:
+  enabled: true
+```
+
+- Added an option to specify name of secret containing mysql credentials
+- Added an option to specify securityContext of pods in values
+- Updated `bitnami/mysql` chart to `9.23.0`
+
 ### 1.0.6
 - Removed an option to specify external database credentials inside values.
 - Renamed secret containing mysql credentials to `renterd-mysql`
@@ -179,4 +204,4 @@ ingress:
 
 ## Values
 
-See values.yaml file.
+See `values.yaml` file.

renterd/templates/_helpers.tpl

@@ -43,7 +43,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 
 {{- define "renterd.workerAddrs" -}}
     {{- $res := list -}}
-    {{range $i, $e := until (int .Values.renterd.workers.replicas) }}
+    {{range $i, $e := until (int .Values.workers.replicas) }}
     {{- $res = append $res (printf "http://renterd-worker-%d.renterd-worker:%d/api/worker" (int $i) ( int $.Values.service.http.port )) -}}
     {{- end -}}
     {{- printf "%s" (join ";" $res) -}}

renterd/templates/configmaps/renterd-autopilot.yaml

@@ -5,6 +5,9 @@ metadata:
 data:
   renterd.yml: |
     # Managed by Helm - configmap/renterd-autopilot/renterd.yml
-    {{ with .Values.renterd.autopilot.config }}
+    {{ with .Values.autopilot.config }}
     autopilot: {{ . | toYaml | nindent 6 }}
-    {{- end }}
+    {{- end }}
+    # TODO: dirty bugfix - renterd excepts at least one section in config
+    s3:
+      enabled: {{ .Values.s3.enabled }}

renterd/templates/configmaps/renterd-bus.yaml

@@ -7,8 +7,8 @@ data:
     # Managed by Helm - configmap/renterd-bus/renterd.yml
     bus:
       gatewayAddr: "0.0.0.0:{{ .Values.service.bus.port }}"
-      {{ with .Values.renterd.bus.config }}
+      {{ with .Values.bus.config }}
       {{ . | toYaml | nindent 6 }}
       {{- end }}
     s3:
-      enabled: {{ .Values.renterd.s3.enabled }}
+      enabled: {{ .Values.s3.enabled }}

renterd/templates/configmaps/renterd-worker.yaml

@@ -6,7 +6,7 @@ data:
   renterd.yml: |
     # Managed by Helm - configmap/renterd-worker/renterd.yml
     s3:
-      enabled: {{ .Values.renterd.s3.enabled }}
-    {{ with .Values.renterd.workers.config }}
+      enabled: {{ .Values.s3.enabled }}
+    {{ with .Values.workers.config }}
     worker: {{ . | toYaml | nindent 6 }}
     {{- end }}

renterd/templates/secrets/renterd-mysql.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: renterd-mysql
+  name: {{ .Values.databaseSecretName | quote }}
 type: Opaque
 data:
   RENTERD_DB_URI: {{ "mysql:3306" | b64enc | quote }}

renterd/templates/statefulset-renterd-autopilot.yaml

@@ -20,12 +20,12 @@ spec:
         checksum/configmap-renterd: {{ include (print $.Template.BasePath "/configmaps/renterd.yaml") . | sha256sum }}
         checksum/configmap-renterd-autopilot: {{ include (print $.Template.BasePath "/configmaps/renterd-autopilot.yaml") . | sha256sum }}
     spec:
-      automountServiceAccountToken: {{ .Values.renterd.autopilot.automountServiceAccountToken }}
-      enableServiceLinks: {{ .Values.renterd.autopilot.enableServiceLinks }}
+      automountServiceAccountToken: {{ .Values.autopilot.automountServiceAccountToken }}
+      enableServiceLinks: {{ .Values.autopilot.enableServiceLinks }}
+      {{- with .Values.autopilot.securityContext }}
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       initContainers:
         - name: wait-for
           image: ghcr.io/patrickdappollonio/wait-for:v1.0.0
@@ -34,7 +34,7 @@ spec:
             # Wait for bus before starting autopilot
             - --host="renterd-bus:{{$.Values.service.http.port}}"
             # Make sure all workers are online before starting autopilot
-            {{ range $i, $e := until (int .Values.renterd.workers.replicas) }}
+            {{ range $i, $e := until (int .Values.workers.replicas) }}
             - --host="renterd-worker-{{$i}}.renterd-worker:{{$.Values.service.http.port}}"
             {{ end }}
       containers:
@@ -70,7 +70,7 @@ spec:
               subPath: "entrypoint.sh"
           envFrom:
             - secretRef:
-                name: {{ .Values.renterd.secretName | quote }}
+                name: {{ .Values.secretName | quote }}
           env:
             - name: RENTERD_AUTOPILOT_ENABLED
               value: "true"
@@ -81,18 +81,18 @@ spec:
             - name: RENTERD_WORKER_REMOTE_ADDRS
               value: {{ include "renterd.workerAddrs" . | quote }}
           resources:
-            {{- toYaml .Values.renterd.autopilot.resources | nindent 12 }}
-          {{- if .Values.renterd.autopilot.nodeSelector }}
-          nodeSelector: {{- .Values.renterd.autopilot.nodeSelector | toYaml | nindent 12 }}
+            {{- toYaml .Values.autopilot.resources | nindent 12 }}
+          {{- if .Values.autopilot.nodeSelector }}
+          nodeSelector: {{- .Values.autopilot.nodeSelector | toYaml | nindent 12 }}
           {{- end }}
-          {{- if .Values.renterd.autopilot.affinity }}
-          affinity: {{- .Values.renterd.autopilot.affinity | toYaml | nindent 12 }}
+          {{- if .Values.autopilot.affinity }}
+          affinity: {{- .Values.autopilot.affinity | toYaml | nindent 12 }}
           {{- end }}
-          {{- if .Values.renterd.autopilot.tolerations }}
-          tolerations: {{- .Values.renterd.autopilot.tolerations | toYaml | nindent 12 }}
+          {{- if .Values.autopilot.tolerations }}
+          tolerations: {{- .Values.autopilot.tolerations | toYaml | nindent 12 }}
           {{- end }}
-          {{- if .Values.renterd.autopilot.topologySpreadConstraints }}
-          topologySpreadConstraints: {{- .Values.renterd.autopilot.topologySpreadConstraints | toYaml | nindent 12 }}
+          {{- if .Values.autopilot.topologySpreadConstraints }}
+          topologySpreadConstraints: {{- .Values.autopilot.topologySpreadConstraints | toYaml | nindent 12 }}
           {{- end }}
       volumes:
         - name: renterd-config
@@ -103,6 +103,9 @@ spec:
           configMap:
             name: renterd-autopilot
             defaultMode: 0755
+        # renterd is currently lacking an option to disable logging to file, so it needs a space to write logs.
+        # As we now do not run renterd as root, I created a small in-memory volume and k8s securityContext.fsGroup sets permissions on it.
+        # Issue: https://github.com/SiaFoundation/renterd/issues/1017
         - name: renterd-data-emptydir
           emptyDir:
             medium: "Memory"