feat: add erpc chart

[paolofacchinetti]

Adds the erpc chart and closes #337

A few things i'd love to get some feedback on

I based my implementation and the relative config defaults on the railway-deployment for erpc. I'm not a fan of having the config (which contains remote RPC apikeys) be stored in a configmap, but from how they use gotemplate to load env variables into the config file i assume erpc doesnt support config overrides from environment variables.

The prepackaged docker image by erpc is hardcoded to run as root. It's fairly easy to change that with a new Dockerfile but we would have to rehost the image on another registry and keep it updated. Not sure on what the policies are for that stuff, but i'm open to discuss

I didnt include postgres or prometheus/grafana since they arent a requirement (nor the default config) and people can just deploy those with the relative charts/operators.

[skylenet]

hey @paolofacchinetti . Thanks for the draft PR!

The prepackaged docker image by erpc is hardcoded to run as root.

You could set some default Pod securityContext, which will prevent any containers from that pod to run as root.

Example, in values.yaml. We also use this in many other charts:

securityContext:
  fsGroup: 10001
  runAsGroup: 10001
  runAsNonRoot: true
  runAsUser: 10001

I didnt include postgres or prometheus/grafana since they arent a requirement (nor the default config) and people can just deploy those with the relative charts/operators.

Yeah, that makes sense 👍

[skylenet]

I'm not a fan of having the config (which contains remote RPC apikeys) be stored in a configmap, but from how they use gotemplate to load env variables into the config file i assume erpc doesnt support config overrides from environment variables.

You could have an init container, that mounts the configmap and env vars and then performs an envsubst into a file in a shared emtpyDir volume (init container <-> erpc container).

[paolofacchinetti]

Hey @skylenet, thanks for the feedback!

You could set some default Pod securityContext, which will prevent any containers from that pod to run as root.

Example, in values.yaml. We also use this in many other charts:

securityContext:
  fsGroup: 10001
  runAsGroup: 10001
  runAsNonRoot: true
  runAsUser: 10001

Done in 2dbec96

I was blocked due to a misbelief that erpc could only look for the config file under the /root directory, but after looking into the code I noticed it's possible to specify the config file location as the first cli arg of the boot cmd.

You could have an init container, that mounts the configmap and env vars and then performs an envsubst into a file in a shared emtpyDir volume (init container <-> erpc container).

Done in f5a8051

Apparently erpc already performs env substitution natively. I'm not sure why the railway deployment goes out of its way to do it again through a custom Dockerfile. It looks like the railway deployment also uses gotemplating control flows to specify different upstreams conditionally. That said, we don't need the initContainer.

[skylenet]

Awesome! Can you update the content in charts/erpc/README.md.gotmpl and regenerate the README.md using make docs ? Currently it has a lot of dora references.

[paolofacchinetti]

Awesome! Can you update the content in charts/erpc/README.md.gotmpl and regenerate the README.md using make docs ? Currently it has a lot of dora references.

Oh you're right, my bad. Now it should be okay 😄