feat: add admin system(WIP)

charts/admin-system-backend/Chart.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v2
+description: admin-system-backend helm charts
+name: admin-system-backend
+version: 0.0.1
+appVersion: v0.1.0
+kubeVersion: ">=1.22.0-0"
+maintainers:
+  - name: scroll-sre
+    email: [email protected]
+dependencies:
+  - name: common
+    repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
+    version: 1.5.1
+  - name: external-secrets-lib
+    repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
+    version: 0.0.3

charts/admin-system-backend/README.md

@@ -0,0 +1,142 @@
+# admin-system-backend
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+
+admin-system-backend helm charts
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| scroll-sre | <[email protected]> |  |
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://ghcr.io/scroll-tech/scroll-sdk/helm | common | 1.5.1 |
+| oci://ghcr.io/scroll-tech/scroll-sdk/helm | external-secrets-lib | 0.0.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| command[0] | string | `"/bin/sh"` |  |
+| command[1] | string | `"-c"` |  |
+| command[2] | string | `"scroll-admin-system --config /app/config/admin-system-backend-config.json --genesis /app/genesis/genesis.json --http.port ${HTTP_PORT} --metrics --metrics.port ${METRICS_PORT}"` |  |
+| configMaps.model-conf.data."model.conf" | string | `"[request_definition]\nr = sub, obj, act\n[policy_definition]\np = sub, obj, act\n[role_definition]\ng = _, _\n[policy_effect]\ne = some(where (p.eft == allow))\n[matchers]\nm = g(r.sub, p.sub) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)\n"` |  |
+| configMaps.model-conf.enabled | bool | `true` |  |
+| configMaps.policy-csv.data."policy.csv" | string | `"p, undefined, ^\\/api\\/v1\\/login$, POST\np, undefined, ^\\/api\\/v1\\/otp\\/.*$, (GET)|(POST)\np, read, ^\\/api\\/v1\\/(chunk|batch|bundle|provertask|l2_block|prover|job)\\/.*$, GET\np, read, ^\\/api\\/v1\\/(chunk|batch|bundle|provertask|l2_block|prover)\\/search$, POST\np, readwrite, ^\\/api\\/v1\\/(chunk|batch|bundle|l2_block)\\/.*$, (POST)|(DELETE)\np, readwrite, ^\\/api\\/v1\\/provertask\\/(update|delete)$, (POST)|(DELETE)\np, admin, ^\\/api\\/v1\\/provertask\\/reassign$, POST\np, admin, ^\\/api\\/v1\\/(policy|user|prover_block|partner)\\/.*$,(GET)|(POST)|(DELETE)\np, admin, ^\\/api\\/v1\\/job\\/.*$, POST\ng, read, undefined\ng, readwrite, read\ng, admin, readwrite\n"` |  |
+| configMaps.policy-csv.enabled | bool | `true` |  |
+| controller.replicas | int | `1` |  |
+| controller.strategy | string | `"Recreate"` |  |
+| controller.type | string | `"deployment"` |  |
+| env[0].name | string | `"HTTP_PORT"` |  |
+| env[0].value | string | `"8080"` |  |
+| env[1].name | string | `"METRICS_PORT"` |  |
+| env[1].value | string | `"8090"` |  |
+| env[2].name | string | `"GIN_MODE"` |  |
+| env[2].value | string | `"release"` |  |
+| env[3].name | string | `"ENV"` |  |
+| env[3].value | string | `"fake"` |  |
+| env[4].name | string | `"CHAIN_ID"` |  |
+| env[4].value | string | `"222222"` |  |
+| global.fullnameOverride | string | `"admin-system-backend"` |  |
+| global.nameOverride | string | `"admin-system-backend"` |  |
+| image.pullPolicy | string | `"Always"` |  |
+| image.repository | string | `"scrolltech/scroll-admin-system"` |  |
+| image.tag | string | `"v0.1.0"` |  |
+| initContainers.1-wait-for-postgres.args[0] | string | `"tcp"` |  |
+| initContainers.1-wait-for-postgres.args[1] | string | `"$(DATABASE_HOST):$(DATABASE_PORT)"` |  |
+| initContainers.1-wait-for-postgres.args[2] | string | `"--timeout"` |  |
+| initContainers.1-wait-for-postgres.args[3] | string | `"0"` |  |
+| initContainers.1-wait-for-postgres.envFrom[0].configMapRef.name | string | `"admin-system-backend-env"` |  |
+| initContainers.1-wait-for-postgres.image | string | `"atkrad/wait4x:latest"` |  |
+| initContainers.2-init-db.command[0] | string | `"bash"` |  |
+| initContainers.2-init-db.command[1] | string | `"-c"` |  |
+| initContainers.2-init-db.command[2] | string | `"./init-db.sh"` |  |
+| initContainers.2-init-db.env[0].name | string | `"POSTGRES_DB"` |  |
+| initContainers.2-init-db.env[0].value | string | `"scroll_admin_system"` |  |
+| initContainers.2-init-db.env[1].name | string | `"PG_USER"` |  |
+| initContainers.2-init-db.env[1].valueFrom.secretKeyRef.key | string | `"PG_USER"` |  |
+| initContainers.2-init-db.env[1].valueFrom.secretKeyRef.name | string | `"db-secrets"` |  |
+| initContainers.2-init-db.env[2].name | string | `"PGPASSWORD"` |  |
+| initContainers.2-init-db.env[2].valueFrom.secretKeyRef.key | string | `"PGPASSWORD"` |  |
+| initContainers.2-init-db.env[2].valueFrom.secretKeyRef.name | string | `"db-secrets"` |  |
+| initContainers.2-init-db.env[3].name | string | `"PG_HOST"` |  |
+| initContainers.2-init-db.env[3].valueFrom.secretKeyRef.key | string | `"PG_HOST"` |  |
+| initContainers.2-init-db.env[3].valueFrom.secretKeyRef.name | string | `"db-secrets"` |  |
+| initContainers.2-init-db.env[4].name | string | `"PG_PORT"` |  |
+| initContainers.2-init-db.env[4].valueFrom.secretKeyRef.key | string | `"PG_PORT"` |  |
+| initContainers.2-init-db.env[4].valueFrom.secretKeyRef.name | string | `"db-secrets"` |  |
+| initContainers.2-init-db.env[5].name | string | `"DB_USER"` |  |
+| initContainers.2-init-db.env[5].value | string | `"scroll_admin_system"` |  |
+| initContainers.2-init-db.env[6].name | string | `"DB_PASSWORD"` |  |
+| initContainers.2-init-db.env[6].valueFrom.secretKeyRef.key | string | `"ADMIN_SYSTEM_PASSWORD"` |  |
+| initContainers.2-init-db.env[6].valueFrom.secretKeyRef.name | string | `"db-secrets"` |  |
+| initContainers.2-init-db.image | string | `"postgres:latest"` |  |
+| initContainers.2-init-db.volumeMounts[0].mountPath | string | `"/init-db.sh"` |  |
+| initContainers.2-init-db.volumeMounts[0].name | string | `"init-db"` |  |
+| initContainers.2-init-db.volumeMounts[0].subPath | string | `"init-db.sh"` |  |
+| initContainers.3-check-postgres-connection.args[0] | string | `"postgresql"` |  |
+| initContainers.3-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` |  |
+| initContainers.3-check-postgres-connection.args[2] | string | `"--timeout"` |  |
+| initContainers.3-check-postgres-connection.args[3] | string | `"0"` |  |
+| initContainers.3-check-postgres-connection.envFrom[0].configMapRef.name | string | `"admin-system-backend-env"` |  |
+| initContainers.3-check-postgres-connection.image | string | `"atkrad/wait4x:latest"` |  |
+| initContainers.4-migrate-db.command[0] | string | `"/bin/sh"` |  |
+| initContainers.4-migrate-db.command[1] | string | `"-c"` |  |
+| initContainers.4-migrate-db.command[2] | string | `"ENV=fake CHAIN_ID=222222 db_cli migrate --config /app/config/admin-system-backend-config.json"` |  |
+| initContainers.4-migrate-db.image | string | `"scrolltech/scroll-admin-system:v0.1.0"` |  |
+| initContainers.4-migrate-db.volumeMounts[0].mountPath | string | `"/app/config/"` |  |
+| initContainers.4-migrate-db.volumeMounts[0].name | string | `"admin-system-backend"` |  |
+| persistence.app_name.enabled | string | `"yes"` |  |
+| persistence.app_name.mountPath | string | `"/app/config/"` |  |
+| persistence.app_name.name | string | `"admin-system-backend-config"` |  |
+| persistence.app_name.type | string | `"configMap"` |  |
+| persistence.genesis.enabled | string | `"yes"` |  |
+| persistence.genesis.mountPath | string | `"/app/genesis/"` |  |
+| persistence.genesis.name | string | `"genesis-config"` |  |
+| persistence.genesis.type | string | `"configMap"` |  |
+| persistence.init-db.defaultMode | string | `"0777"` |  |
+| persistence.init-db.enabled | string | `"yes"` |  |
+| persistence.init-db.mountPath | string | `"/init-db.sh"` |  |
+| persistence.init-db.name | string | `"init-db"` |  |
+| persistence.init-db.type | string | `"configMap"` |  |
+| persistence.model-conf.enabled | string | `"yes"` |  |
+| persistence.model-conf.mountPath | string | `"/app/conf/model.conf"` |  |
+| persistence.model-conf.name | string | `"admin-system-backend-model-conf"` |  |
+| persistence.model-conf.subPath | string | `"model.conf"` |  |
+| persistence.model-conf.type | string | `"configMap"` |  |
+| persistence.policy-csv.enabled | string | `"yes"` |  |
+| persistence.policy-csv.mountPath | string | `"/app/conf/policy.csv"` |  |
+| persistence.policy-csv.name | string | `"admin-system-backend-policy-csv"` |  |
+| persistence.policy-csv.subPath | string | `"policy.csv"` |  |
+| persistence.policy-csv.type | string | `"configMap"` |  |
+| probes.liveness.enabled | bool | `false` |  |
+| probes.readiness.enabled | bool | `false` |  |
+| probes.startup.enabled | bool | `false` |  |
+| resources.limits.cpu | string | `"100m"` |  |
+| resources.limits.memory | string | `"200Mi"` |  |
+| resources.requests.cpu | string | `"50m"` |  |
+| resources.requests.memory | string | `"50Mi"` |  |
+| service.main.enabled | bool | `true` |  |
+| service.main.ports.http.enabled | bool | `true` |  |
+| service.main.ports.http.port | int | `8080` |  |
+| service.main.ports.http.primary | bool | `true` |  |
+| service.main.ports.http.protocol | string | `"HTTP"` |  |
+| service.main.ports.metrics.enabled | bool | `true` |  |
+| service.main.ports.metrics.port | int | `8090` |  |
+| service.main.ports.metrics.targetPort | int | `8090` |  |
+| service.main.primary | bool | `true` |  |
+| serviceMonitor.main.enabled | bool | `true` |  |
+| serviceMonitor.main.endpoints[0].interval | string | `"1m"` |  |
+| serviceMonitor.main.endpoints[0].port | string | `"http"` |  |
+| serviceMonitor.main.endpoints[0].scrapeTimeout | string | `"10s"` |  |
+| serviceMonitor.main.labels.release | string | `"scroll-stack"` |  |
+| serviceMonitor.main.serviceName | string | `"{{ include \"scroll.common.lib.chart.names.fullname\" $ }}"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/admin-system-backend/templates/common.yaml

@@ -0,0 +1,16 @@
+---
+{{- include "scroll.common.loader.init" . }}
+
+{{- define "app-template.hardcodedValues" -}}
+# Set the nameOverride based on the release name if no override has been set
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: "{{ .Release.Name }}"
+{{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "app-template.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "scroll.common.loader.generate" . }}
+---
+{{- include "scrolllib.externalsecrets.tpl" . }}

charts/admin-system-backend/values.yaml

@@ -0,0 +1,204 @@
+---
+global:
+  nameOverride: &app_name admin-system-backend
+  fullnameOverride: *app_name
+
+controller:
+  replicas: 1
+  strategy: Recreate
+  type: deployment
+
+image:
+  repository: scrolltech/scroll-admin-system
+  pullPolicy: Always
+  tag: v0.1.0
+
+env:
+  - name: HTTP_PORT
+    value: "8080"
+  - name: METRICS_PORT
+    value: "8090"
+  - name: GIN_MODE
+    value: "release"
+  - name: ENV
+    value: "fake"
+  - name: CHAIN_ID
+    value: "222222"
+
+command: [
+    "/bin/sh",
+    "-c",
+    "scroll-admin-system --config /app/config/admin-system-backend-config.json \
+    --genesis /app/genesis/genesis.json \
+    --http.port ${HTTP_PORT} \
+    --metrics --metrics.port ${METRICS_PORT}",
+  ]
+
+resources:
+  requests:
+    memory: "50Mi"
+    cpu: "50m"
+  limits:
+    memory: "200Mi"
+    cpu: "100m"
+
+service:
+  main:
+    enabled: true
+    primary: true
+    ports:
+      http:
+        primary: true
+        enabled: true
+        port: 8080
+        protocol: HTTP
+      metrics:
+        enabled: true
+        port: 8090
+        targetPort: 8090
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
+
+persistence:
+  *app_name:
+    enabled: yes
+    type: configMap
+    mountPath: /app/config/
+    name: admin-system-backend-config
+  genesis:
+    enabled: yes
+    type: configMap
+    mountPath: /app/genesis/
+    name: genesis-config
+  init-db:
+    enabled: yes
+    type: configMap
+    mountPath: /init-db.sh
+    name: init-db
+    defaultMode: "0777"
+  model-conf:
+    enabled: yes
+    type: configMap
+    mountPath: /app/conf/model.conf
+    subPath: model.conf
+    name: admin-system-backend-model-conf
+  policy-csv:
+    enabled: yes
+    type: configMap
+    mountPath: /app/conf/policy.csv
+    subPath: policy.csv
+    name: admin-system-backend-policy-csv
+
+initContainers:
+  1-wait-for-postgres:
+    image: atkrad/wait4x:latest
+    args:
+      - tcp
+      - $(DATABASE_HOST):$(DATABASE_PORT)
+      - --timeout
+      - "0"
+    envFrom:
+      - configMapRef:
+          name: admin-system-backend-env
+  2-init-db:
+    image: postgres:latest
+    env:
+      - name: POSTGRES_DB
+        value: scroll_admin_system
+      - name: PG_USER
+        valueFrom:
+          secretKeyRef:
+            name: db-secrets
+            key: PG_USER
+      - name: PGPASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: db-secrets
+            key: PGPASSWORD
+      - name: PG_HOST
+        valueFrom:
+          secretKeyRef:
+            name: db-secrets
+            key: PG_HOST
+      - name: PG_PORT
+        valueFrom:
+          secretKeyRef:
+            name: db-secrets
+            key: PG_PORT
+      - name: DB_USER
+        value: scroll_admin_system
+      - name: DB_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: db-secrets
+            key: ADMIN_SYSTEM_PASSWORD
+    command: ["bash","-c","./init-db.sh"]
+    volumeMounts:
+      - name: init-db
+        mountPath: /init-db.sh
+        subPath: init-db.sh
+  3-check-postgres-connection:
+    image: atkrad/wait4x:latest
+    args:
+      - postgresql
+      - $(DATABASE_URL)
+      - --timeout
+      - "0"
+    envFrom:
+      - configMapRef:
+          name: admin-system-backend-env
+  4-migrate-db:
+    image: scrolltech/scroll-admin-system:v0.1.0
+    command: ["/bin/sh","-c","ENV=fake CHAIN_ID=222222 db_cli migrate --config /app/config/admin-system-backend-config.json"]
+    volumeMounts:
+      - name: *app_name
+        mountPath: /app/config/
+
+configMaps:
+  model-conf:
+    enabled: true
+    data:
+      model.conf: |
+        [request_definition]
+        r = sub, obj, act
+        [policy_definition]
+        p = sub, obj, act
+        [role_definition]
+        g = _, _
+        [policy_effect]
+        e = some(where (p.eft == allow))
+        [matchers]
+        m = g(r.sub, p.sub) && regexMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
+  policy-csv:
+    enabled: true
+    data:
+      policy.csv: |
+        p, undefined, ^\/api\/v1\/login$, POST
+        p, undefined, ^\/api\/v1\/otp\/.*$, (GET)|(POST)
+        p, read, ^\/api\/v1\/(chunk|batch|bundle|provertask|l2_block|prover|job)\/.*$, GET
+        p, read, ^\/api\/v1\/(chunk|batch|bundle|provertask|l2_block|prover)\/search$, POST
+        p, readwrite, ^\/api\/v1\/(chunk|batch|bundle|l2_block)\/.*$, (POST)|(DELETE)
+        p, readwrite, ^\/api\/v1\/provertask\/(update|delete)$, (POST)|(DELETE)
+        p, admin, ^\/api\/v1\/provertask\/reassign$, POST
+        p, admin, ^\/api\/v1\/(policy|user|prover_block|partner)\/.*$,(GET)|(POST)|(DELETE)
+        p, admin, ^\/api\/v1\/job\/.*$, POST
+        g, read, undefined
+        g, readwrite, read
+        g, admin, readwrite
+serviceMonitor:
+  main:
+    enabled: true
+    labels:
+      release: scroll-stack
+    serviceName: '{{ include "scroll.common.lib.chart.names.fullname" $ }}'
+    endpoints:
+      - port: http
+        interval: 1m
+        scrapeTimeout: 10s