From af99127bd86ece4e0d3c9e76624b80287f5431f3 Mon Sep 17 00:00:00 2001 From: Starttoaster Date: Thu, 12 Sep 2024 16:20:11 -0700 Subject: [PATCH] Add trusted peer documentation, update strategy documentation, wallet trusted CIDR documentation, and grammar lints --- docs/all.md | 25 +++++++++++++++++++++++++ docs/chiaca.md | 2 +- docs/chiaharvester.md | 2 +- docs/chiaintroducer.md | 2 +- docs/chiaseeder.md | 2 +- docs/chiawallet.md | 28 +++++++++++++++++++++++++++- docs/install.md | 2 +- docs/services-networking.md | 3 +++ 8 files changed, 60 insertions(+), 6 deletions(-) diff --git a/docs/all.md b/docs/all.md index a961158..f4b161d 100644 --- a/docs/all.md +++ b/docs/all.md @@ -116,6 +116,8 @@ spec: You can set a custom update strategy using [kubernetes Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) definitions. +NOTE: This applies to all resources that deploy Pods except for ChiaNodes. + ```yaml spec: strategy: @@ -125,6 +127,20 @@ spec: maxUnavailable: 1 ``` +### ChiaNode Update Strategies + +ChiaNodes deploy StatefulSet resources which use a different update strategy definition. See the documentation for [kubernetes StatefulSet update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) definitions. + +```yaml +apiVersion: k8s.chia.net/v1 +kind: ChiaNode +metadata: + name: my-node +spec: + updateStrategy: + type: RollingUpdate +``` + ## Configure Readiness, Liveness, and Startup probes By default, if chia-exporter is enabled it comes with its own readiness and liveness probes. But you can configure readiness, liveness, and startup probes for the chia container in your deployed Pods, too: @@ -175,3 +191,12 @@ type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: ``` + +## Specify Image Pull Policy + +If you need to specify your image pull policy for container images: + +```yaml +spec: + imagePullPolicy: "IfNotPresent" +``` diff --git a/docs/chiaca.md b/docs/chiaca.md index f50b9c5..fff8803 100644 --- a/docs/chiaca.md +++ b/docs/chiaca.md @@ -13,7 +13,7 @@ spec: secret: my-ca ``` -This will create a kubernetes Secret in the same namespace that this CR is applied named `my-ca`. If you have your own pre-existing CA that you would like to continue using instead, you can also [create a kubernetes Secret manually, documented in this section of the readme.](https://github.com/Chia-Network/chia-operator/blob/main/README.md#ssl-ca). +This will create a kubernetes Secret in the same namespace that this CR is applied named `my-ca`. If you have your own pre-existing CA that you would like to continue using instead, you can also [create a kubernetes Secret manually, documented in this section of the readme](https://github.com/Chia-Network/chia-operator/blob/main/README.md#ssl-ca). You can then supply this CA Secret to other Chia custom resources like so: diff --git a/docs/chiaharvester.md b/docs/chiaharvester.md index a2e2440..084b69f 100644 --- a/docs/chiaharvester.md +++ b/docs/chiaharvester.md @@ -19,7 +19,7 @@ spec: ## Plot storage -You can mount hostPath volumes or persistent volumes in a harvester pod using the following syntax. All claims/hostPaths get mounted as sub-directories of `/plots` in the container. Harvesters ran with this operator set the `recursive_plot_scan` option to true. +You can mount hostPath volumes or persistent volumes in a harvester pod using the following syntax. All claims/hostPaths get mounted as subdirectories of `/plots` in the container. Harvesters ran with this operator set the `recursive_plot_scan` option to true. ```yaml spec: diff --git a/docs/chiaintroducer.md b/docs/chiaintroducer.md index 330de4c..8bf9ec3 100644 --- a/docs/chiaintroducer.md +++ b/docs/chiaintroducer.md @@ -2,7 +2,7 @@ Specifying a ChiaIntroducer will create a kubernetes Deployment and some Services for a Chia introducer. -The majority of people do not need to run a introducer. Introducers in Chia serve the purpose of introducing full_nodes in a network to other full_node peers on that network. +The majority of people do not need to run an introducer. Introducers in Chia serve the purpose of introducing full_nodes in a network to other full_node peers on that network. Here's a ChiaIntroducer example custom resource (CR): diff --git a/docs/chiaseeder.md b/docs/chiaseeder.md index e0c28cd..9d8b27f 100644 --- a/docs/chiaseeder.md +++ b/docs/chiaseeder.md @@ -4,7 +4,7 @@ Specifying a ChiaSeeder will create a kubernetes Deployment and some Services fo The majority of people do not need to run a seeder. Seeders in Chia serve the purpose of introducing full_nodes in a network to other full_node peers on that network. See the [seeder documentation](https://docs.chia.net/guides/seeder-user-guide/) for more information. -Seeders have some pre-requisites that you will normally configure outside of a kubernetes cluster. This operator doesn't do any of that configuration on your behalf, so in short you will need: +Seeders have some pre-requisites that you will normally configure outside a kubernetes cluster. This operator doesn't do any of that configuration on your behalf, so in short you will need: * A DNS `A` record that points to your server's IP address. In this instance the A record will probably be your public IP address if you intend on the DNS server to be reachable publicly, or an internal address if you're reserving the seeder's DNS server for your use. * A DNS `AAAA` record is not strictly needed, but is often preferred if your network is IPv6 enabled. diff --git a/docs/chiawallet.md b/docs/chiawallet.md index eb32e83..9806fd3 100644 --- a/docs/chiawallet.md +++ b/docs/chiawallet.md @@ -30,12 +30,38 @@ kind: Secret metadata: name: chiakey-secret stringData: - key.txt: your mnemonic goes here + key.txt: "your mnemonic goes here" type: Opaque ``` Replace the text value for `key.txt` with your mnemonic, and then reference it in your ChiaWallet resource in the way shown above. +## Full Node Peer + +You may optionally specify a local full_node for a peer to sync your wallet from. + +```yaml +spec: + chia: + fullNodePeer: "node.default.svc.cluster.local:8444" +``` + +## Trusted Peers + +You can optionally specify a list of [CIDRs](https://aws.amazon.com/what-is/cidr/) that the wallet should trust full_node peers from. View the [Chia documentation on trusted peers](https://docs.chia.net/faq/?_highlight=trust#what-are-trusted-peers-and-how-do-i-add-them) to understand whether you should use this feature or not. + +Here's an example ChiaWallet that specifies trusted CIDRs: + +```yaml +spec: + chia: + trustedCIDRs: + - "192.168.1.0/24" + - "10.0.0/8" +``` + +This specifies two trusted CIDRs, where if the IP address of a full_node peer is discovered to be within one of these two CIDR ranges, chia will consider that a trusted peer. + ## More Info This page contains documentation specific to this resource. Please see the rest of the documentation for information on more available configurations. diff --git a/docs/install.md b/docs/install.md index 67f7439..0fcfe0a 100644 --- a/docs/install.md +++ b/docs/install.md @@ -1,6 +1,6 @@ # Installation -There are two parts to this Operator. The CRDs (ChiaCA, ChiaFarmer, ChiaNode, etc) and the actual operator manager Deployment and related objects. You can install these components in two methods, either by cloning the repository and generating the manifests yourself with kustomize, or with `kubectl apply` on the generated manifests on all releases, starting with release `0.2.1`. +There are two parts to this Operator. The CRDs (ChiaCA, ChiaFarmer, ChiaNode, etc.) and the actual operator manager Deployment and related objects. You can install these components in two methods, either by cloning the repository and generating the manifests yourself with kustomize, or with `kubectl apply` on the generated manifests on all releases, starting with release `0.2.1`. ## Using the release manifests diff --git a/docs/services-networking.md b/docs/services-networking.md index 43e6d8d..40ed406 100644 --- a/docs/services-networking.md +++ b/docs/services-networking.md @@ -18,6 +18,9 @@ metadata: spec: chia: caSecretName: chiaca-secret + allService: + enabled: true + type: ClusterIP peerService: enabled: true type: LoadBalancer