fluidos-project · schwicht · Nov 6, 2024
diff --git a/deployments/node/README.md b/deployments/node/README.md
@@ -41,6 +41,10 @@ A Helm chart for Fluidos Node
 | networkManager.pod.labels | object | `{}` | Labels for the network-manager pod. |
 | networkManager.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the network-manager pod. |
 | networkManager.replicas | int | `1` | The number of Network Manager, which can be increased for active/passive high availability. |
+| npDiscovery.enabled | bool | `true` | enable the discovery of KnownCluster and Flavors via the neuropil cybersecurity mesh |
+| npDiscovery.imageName | string | `"registry.gitlab.com/pi-lar/neuropil-k8s/fluidos_discovery"` | the image to be used (mainly used for testing local changes) |
+| npDiscovery.name | string | `"np-fluidos-discovery"` | the name of the np discovery pod / deployment |
+| npDiscovery.np_bootstrap_url | string | `"*:udp4:demo.neuropil.io:3400"` | the initial bootstrap url to initiate participation in the mesh structure. Please note: there is no SLA attached to this demo instance, but you may run your own |
 | provider | string | `"your-provider"` |  |
 | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for fluidos-node pods. |
 | rearController.imageName | string | `"ghcr.io/fluidos-project/rear-controller"` |  |
@@ -78,4 +82,4 @@ A Helm chart for Fluidos Node
 | webhook.issuer | string | `"self-signed"` | Configuration for the webhook server. |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/deployments/node/files/node-np-discovery-ClusterRole.yaml b/deployments/node/files/node-np-discovery-ClusterRole.yaml
@@ -0,0 +1,47 @@
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - network.fluidos.eu
+  resources:
+  - knownclusters
+  verbs:
+  - create
+  - get
+  - patch
+  - list
+  - watch
+- apiGroups:
+  - nodecore.fluidos.eu
+  resources:
+  - flavors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - nodecore.fluidos.eu
+  resources:
+  - flavors/status
+  verbs:
+  - get
+  - patch
+  - update
diff --git a/deployments/node/templates/fluidos-np-discovery-deployment.yaml b/deployments/node/templates/fluidos-np-discovery-deployment.yaml
@@ -0,0 +1,62 @@
+{{ if .Values.npDiscovery.enabled }}
+{{- $npDiscoveryConfig := (merge (dict "name" "np-discovery" "module" "np-discovery") .) -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "fluidos.labels" $npDiscoveryConfig | nindent 4 }}
+  name: np-fluidos-discovery
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "fluidos.labels" $npDiscoveryConfig | nindent 6 }}
+  template:
+    metadata: 
+    {{ if .Values.rearController.pod.annotations }}
+      annotations:
+        {{- toYaml .Values.rearController.pod.annotations | nindent 8 }}
+    {{ end }}
+      labels:
+        {{- include "fluidos.labels" $npDiscoveryConfig | nindent 8 }}
+      {{ if .Values.rearController.pod.labels }}
+        {{ toYaml .Values.rearController.pod.labels | nindent 8 }}
+      {{ end }}
+    spec:
+      {{- if gt .Values.rearController.replicas 1.0 }}
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  {{- include "fluidos.labels" $npDiscoveryConfig | nindent 18 }}
+              topologyKey: kubernetes.io/hostname
+      {{- end }}
+      securityContext:
+        {{- include "fluidos.podSecurityContext" $npDiscoveryConfig | nindent 8 }}
+      serviceAccountName: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+      containers:
+      - image: {{ .Values.npDiscovery.imageName }}
+        securityContext:
+          {{- include "fluidos.containerSecurityContext" $npDiscoveryConfig | nindent 10 }}
+        name: {{ .Values.npDiscovery.name }}
+        resources: {{- toYaml .Values.rearController.pod.resources | nindent 10 }}
+        env:
+          - name: NP_BOOTSTRAP_URL
+            value: {{ .Values.npDiscovery.np_bootstrap_url | quote }}
+      {{- if (.Values.common).nodeSelector }}
+      nodeSelector:
+      {{- toYaml .Values.common.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if ((.Values.common).tolerations) }}
+      tolerations:
+      {{- toYaml .Values.common.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if ((.Values.common).affinity) }}
+      affinity:
+      {{- toYaml .Values.common.affinity | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/deployments/node/templates/fluidos-np-discovery-rbac.yaml b/deployments/node/templates/fluidos-np-discovery-rbac.yaml
@@ -0,0 +1,34 @@
+{{ if .Values.npDiscovery.enabled }}
+{{- $npDiscoveryConfig := (merge (dict "name" "np-discovery" "module" "np-discovery") .) -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+  labels:
+    {{- include "fluidos.labels" $npDiscoveryConfig | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+  labels:
+    {{- include "fluidos.labels" $npDiscoveryConfig | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "fluidos.prefixedName" $npDiscoveryConfig }}
+  labels:
+    {{- include "fluidos.labels" $npDiscoveryConfig | nindent 4 }}
+{{ .Files.Get (include "fluidos.cluster-role-filename" (dict "prefix" ( include "fluidos.prefixedName" $npDiscoveryConfig )))}}
+
+{{- end }}
diff --git a/deployments/node/values.yaml b/deployments/node/values.yaml
@@ -124,6 +124,16 @@ rearController:
       # -- The target port used by the REAR Gateway service.
       targetPort: 3004
 
+npDiscovery:
+  # -- enable the discovery of KnownCluster and Flavors via the neuropil cybersecurity mesh
+  enabled: False
+  # -- the initial bootstrap url to initiate participation in the mesh structure. Please note: there is no SLA attached to this demo instance, but you may run your own
+  np_bootstrap_url: '*:udp4:demo.neuropil.io:3400'
+  # -- the name of the np discovery pod / deployment
+  name: np-fluidos-discovery
+  # -- the image to be used (mainly used for testing local changes)
+  imageName: registry.gitlab.com/pi-lar/neuropil-k8s/fluidos_discovery
+
 networkManager:
   # -- The number of Network Manager, which can be increased for active/passive high availability.
   replicas: 1