Skip to content

chore(deps): bump-lnd-sidecar-image-25a73e2 #8587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
blinkbitcoinbot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump-lnd-sidecar-image-25a73e2 #8587

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 5 additions & 19 deletions charts/lnd/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ image:
pullPolicy: IfNotPresent
sidecarImage:
repository: us.gcr.io/galoy-org/lnd-sidecar
digest: "sha256:e0ccf6d340a99cecc39c4d7ba52014c767220069b5b1b314aceb34253c4fa79f"
git_ref: 1cb5596
digest: "sha256:613720f1e3e2f92ec40fa2c33db98ccdf6b36cd25c4c18dece2bf1f19d8bc77a"
git_ref: 25a73e2
backupImage:
repository: us.gcr.io/galoy-org/lnd-backup
pullPolicy: IfNotPresent
Expand Down Expand Up @@ -173,24 +173,20 @@ backup:
passwordSecret:
name: "lnd-backup-nextcloud"
key: "password"

## LND Monitoring Subchart Configuration
## lndmon provides Prometheus metrics for LND node monitoring
## Implemented as a secure subchart with isolated RBAC and minimal access
lndmon:
# Enable lndmon monitoring subchart
enabled: false

# Global configuration (inherited by subchart)
global:
network: mainnet

# Image configuration
image:
repository: lightninglabs/lndmon
tag: v0.2.12
pullPolicy: IfNotPresent

# Service configuration
service:
type: ClusterIP
Expand All @@ -199,33 +195,28 @@ lndmon:
prometheus.io/scrape: "true"
prometheus.io/port: "9092"
prometheus.io/path: "/metrics"

# Security configuration (enhanced for subchart)
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000

containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop:
- ALL

- ALL
# Isolated service account
serviceAccount:
create: true
annotations: {}
name: ""

# Minimal RBAC permissions
rbac:
create: true

# Resource limits
resources:
limits:
Expand All @@ -234,13 +225,11 @@ lndmon:
requests:
cpu: 50m
memory: 64Mi

# LND connection configuration (set by parent chart)
lnd:
serviceName: "" # Will be set to LND service name
serviceName: "" # Will be set to LND service name
rpcPort: 10009
network: "" # Will inherit from global.network

network: "" # Will inherit from global.network
# Health checks
healthChecks:
liveness:
Expand All @@ -255,13 +244,10 @@ lndmon:
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3

# Monitoring configuration
monitoring:
prometheus:
enabled: true
port: 9092
path: "/metrics"
scrapeInterval: "30s"