wip: namada indexer helm chart

charts/namada-indexer/.helmignore

@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+
+# # Ignore all .tgz files except in charts directory
+# /charts/*.tgz
+# !charts/*.tgz
+
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+# Project specific
+.releaserc.js

charts/namada-indexer/.releaserc.js

@@ -0,0 +1,17 @@
+const chartName = 'namada-indexer';
+const chartPath = __dirname;
+
+module.exports = {
+    extends: '../.github/chart-release.config.js',
+    tagFormat: 'namada-indexer-v${version}',
+    plugins: [
+        '@semantic-release/commit-analyzer',
+        '@semantic-release/release-notes-generator',
+        '@semantic-release/changelog',
+        '@semantic-release/git',
+        '@semantic-release/github',
+        ['@semantic-release/exec', {
+            prepareCmd: 'sed -i "s/^version:.*$/version: ${nextRelease.version}/" Chart.yaml && helm package . --version ${nextRelease.version} --app-version ${nextRelease.version} && mv *.tgz ../'
+        }]
+    ]
+};

charts/namada-indexer/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgres-operator
+  repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator
+  version: 1.13.0
+digest: sha256:fdc4b55c6b6f3a1b9beaa03b0b51db6ad8fd18832184bb4d666c94af14a27e0e
+generated: "2024-12-10T09:56:43.100418Z"

charts/namada-indexer/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: namada-indexer
+description: A Helm chart for deploying a namada indexer
+type: application
+version: 0.0.0-development
+appVersion: "1.0"
+
+dependencies:
+  - name: postgres-operator
+    version: "1.13.0"
+    repository: "https://opensource.zalando.com/postgres-operator/charts/postgres-operator"
+    condition: postgresOperator.install.enabled

charts/namada-indexer/cleanup.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+NAMESPACE="namada-indexer"
+RELEASE_NAME="namada-indexer"
+
+echo "🗑️  Cleaning up resources in namespace: $NAMESPACE"
+
+# Delete Helm release
+echo "Removing Helm release..."
+helm uninstall $RELEASE_NAME -n $NAMESPACE
+
+# Delete PostgreSQL resources
+echo "Removing PostgreSQL resources..."
+kubectl delete postgresql -n $NAMESPACE --all
+kubectl delete deployment -n $NAMESPACE -l application=db-connection-pooler
+kubectl delete statefulset -n $NAMESPACE --all
+
+# Delete PostgreSQL Services
+echo "Removing PostgreSQL Services..."
+kubectl delete svc -n $NAMESPACE \
+  namada-indexer-db \
+  namada-indexer-db-config \
+  namada-indexer-db-repl \
+  namada-indexer-db-pooler \
+  namada-indexer-db-repl-pooler \
+  namada-indexer-db-pooler-repl
+
+# Delete Other Services
+echo "Removing Other Services..."
+kubectl delete svc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME
+
+# Delete PVCs
+echo "Removing PVCs..."
+kubectl delete pvc -n $NAMESPACE --all
+
+# Delete ConfigMaps
+echo "Removing ConfigMaps..."
+kubectl delete configmap -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME
+
+# Delete PostgreSQL Operator Secrets
+echo "Removing PostgreSQL Operator Secrets..."
+kubectl delete secret -n $NAMESPACE \
+  namada.namada-indexer-db.credentials.postgresql.acid.zalan.do \
+  pooler.namada-indexer-db.credentials.postgresql.acid.zalan.do \
+  postgres.namada-indexer-db.credentials.postgresql.acid.zalan.do \
+  standby.namada-indexer-db.credentials.postgresql.acid.zalan.do
+
+# Delete Other Secrets
+echo "Removing Other Secrets..."
+kubectl delete secret -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME
+
+# Delete Ingress
+echo "Removing Ingress..."
+kubectl delete ingress -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME
+
+# Optional: Delete the namespace itself (uncomment if needed)
+# echo "Removing namespace..."
+# kubectl delete namespace $NAMESPACE
+
+echo "✅ Cleanup completed!"

charts/namada-indexer/examples/values.yaml

@@ -0,0 +1,233 @@
+# Default values for allora-worker.
+
+replicaCount: 1
+
+
+# Container configurations
+containers:
+  main:
+    image: "your-registry/namada-indexer:v1.0.0"
+    ports:
+      - name: http
+        containerPort: 8080
+        protocol: TCP
+    resources:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "256Mi"
+        cpu: "200m"
+    command: ["./start.sh"]
+    args: ["--config", "/app/config.yaml"]
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: 8080
+      initialDelaySeconds: 10
+      periodSeconds: 10
+    readinessProbe:
+      httpGet:
+        path: /ready
+        port: 8080
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    volumeMounts:
+      - name: data
+        mountPath: /app/data
+    env:
+      - name: ENV_VAR_1
+        value: "value1"
+      - name: ENV_VAR_2
+        valueFrom:
+          secretKeyRef:
+            name: my-secret
+            key: secret-key
+      - name: NAMADA_CHAIN_ID
+        value: "shielded-expedition.88f17d1d14"
+      - name: NAMADA_RPC_ENDPOINT
+        value: "http://namada-node:26657"
+      - name: POSTGRES_HOST
+        value: "postgresql"
+      - name: POSTGRES_PORT
+        value: "5432"
+      - name: POSTGRES_DB
+        valueFrom:
+          secretKeyRef:
+            name: namada-indexer-db
+            key: database
+      - name: POSTGRES_USER
+        valueFrom:
+          secretKeyRef:
+            name: namada-indexer-db
+            key: username
+      - name: POSTGRES_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: namada-indexer-db
+            key: password
+    envFrom:
+      - secretRef:
+          name: my-secret-env
+    service:
+      enabled: true
+      type: ClusterIP
+      port: 80
+      targetPort: 8080
+
+imagePullSecrets:
+  - name: github-secret
+
+persistence:
+  enabled: true
+  storageClass: "standard"
+  accessMode: ReadWriteOnce
+  size: "1Gi"
+
+# External Secrets configuration
+externalSecrets:
+  - name: my-external-secret
+    refreshInterval: 1h
+    secretStoreRef:
+      kind: ClusterSecretStore
+      name: secretstore-sample
+    target:
+      name: my-k8s-secret
+      creationPolicy: Owner
+    data:
+      - secretKey: username
+        remoteRef:
+          key: /path/to/secret
+          property: username
+      - secretKey: password
+        remoteRef:
+          key: /path/to/secret
+          property: password
+  - name: namada-indexer-db
+    refreshInterval: 1h
+    secretStoreRef:
+      kind: ClusterSecretStore
+      name: vault-backend
+    target:
+      name: namada-indexer-db
+      creationPolicy: Owner
+    data:
+      - secretKey: username
+        remoteRef:
+          key: namada/indexer/db
+          property: username
+      - secretKey: password
+        remoteRef:
+          key: namada/indexer/db
+          property: password
+      - secretKey: database
+        remoteRef:
+          key: namada/indexer/db
+          property: database
+
+# Ingress configuration
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  hosts:
+    - host: your-domain.com
+      paths:
+        - path: /
+          pathType: Prefix
+          serviceName: main
+          servicePort: 80
+  tls:
+    - secretName: your-domain-tls
+      hosts:
+        - your-domain.com
+
+# Affinity settings
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/e2e-az-name
+              operator: In
+              values:
+                - e2e-az1
+                - e2e-az2
+        - matchExpressions:
+            - key: kubernetes.io/arch
+              operator: In
+              values:
+                - amd64
+
+# Node selector
+nodeSelector:
+  disktype: ssd
+
+# Tolerations
+tolerations:
+  - key: "key1"
+    operator: "Equal"
+    value: "value1"
+    effect: "NoSchedule"
+
+# Additional labels
+labels:
+  environment: production
+  team: allora
+
+# Pod annotations
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8080"
+
+# Service account
+serviceAccount:
+  create: true
+  name: ""
+  annotations: {}
+
+# Pod security context
+podSecurityContext:
+  fsGroup: 2000
+
+# Security context
+securityContext:
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+# Image pull policy
+imagePullPolicy: IfNotPresent
+
+# Additional volumes
+volumes:
+  - name: config
+    configMap:
+      name: allora-worker-config
+
+# Additional volumes
+additionalVolumes:
+  - name: extra-config
+    configMap:
+      name: allora-worker-extra-config
+
+# Init containers
+initContainers:
+  init-db:
+    image: busybox:1.28
+    command: ['sh', '-c', 'echo "The app is running!" && sleep 10']
+    volumeMounts:
+      - name: data
+        mountPath: /data
+
+# Deployment strategy
+strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxSurge: 1
+    maxUnavailable: 0

charts/namada-indexer/proxy.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-proxy
+spec:
+  selector:
+    app: postgres-proxy
+  ports:
+  - port: 5432
+    targetPort: 5432
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-proxy
+spec:
+  selector:
+    matchLabels:
+      app: postgres-proxy
+  template:
+    metadata:
+      labels:
+        app: postgres-proxy
+    spec:
+      containers:
+      - name: proxy
+        image: alpine:latest
+        command: ["/bin/sh"]
+        args: ["-c", "apk add --no-cache socat && socat TCP-LISTEN:5432,fork TCP:primary.u6buco4n6u4eo5gxh6xwfgkfctkjdq.postgresql.eu-frankfurt-1.oci.oraclecloud.com:5432"]