graphops · cjorge-graphops · Sep 6, 2025 · Sep 6, 2025
diff --git a/charts/lighthouse/README.md b/charts/lighthouse/README.md
@@ -78,6 +78,14 @@ We do not recommend that you upgrade the application by overriding `image.tag`.
  | grafana.dashboards | Enable creation of Grafana dashboards. [Grafana chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) must be configured to search this namespace, see `sidecar.dashboards.searchNamespace` | bool | `false` |
  | grafana.dashboardsConfigMapLabel | Must match `sidecar.dashboards.label` value for the [Grafana chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) | string | `"grafana_dashboard"` |
  | grafana.dashboardsConfigMapLabelValue | Must match `sidecar.dashboards.labelValue` value for the [Grafana chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) | string | `"1"` |
+ | grafana.operatorDashboards | Create GrafanaDashboard CRDs via Grafana Operator from files in `dashboards/` | object | `{"allowCrossNamespaceImport":false,"annotations":{},"enabled":false,"extraSpec":{},"folder":"","folderUID":"","instanceSelector":{"matchLabels":{}},"labels":{},"namespace":"","resyncPeriod":"","suspend":false,"uid":""}` |
+ | grafana.operatorDashboards.allowCrossNamespaceImport | Allow matching Grafana instances outside current namespace | bool | `false` |
+ | grafana.operatorDashboards.extraSpec | Additional spec fields to merge into GrafanaDashboard.spec | object | `{}` |
+ | grafana.operatorDashboards.folder | Optional folder metadata | string | `""` |
+ | grafana.operatorDashboards.instanceSelector | Selector to match Grafana instances managed by the operator | object | `{"matchLabels":{}}` |
+ | grafana.operatorDashboards.labels | Extra labels and annotations on the GrafanaDashboard resources | object | `{}` |
+ | grafana.operatorDashboards.namespace | Optional target namespace for the GrafanaDashboard CRDs (defaults to release namespace) | string | `""` |
+ | grafana.operatorDashboards.resyncPeriod | Operator sync behavior | string | `""` |
  | image.pullPolicy |  | string | `"IfNotPresent"` |
  | image.repository | Image for lighthouse | string | `"sigp/lighthouse"` |
  | image.tag | Overrides the image tag | string | Chart.appVersion |
@@ -93,6 +101,15 @@ We do not recommend that you upgrade the application by overriding `image.tag`.
  | lighthouse.jwt.existingSecret.name | Name of the Secret resource in the same namespace | string | `""` |
  | lighthouse.jwt.fromLiteral | Use this literal value for the JWT | string | `""` |
  | lighthouse.nodeSelector |  | object | `{}` |
+ | lighthouse.p2p.service.advertiseIP | IP address to explicitly advertise in ENR (overrides autodetection and LB IP) | string | `""` |
+ | lighthouse.p2p.service.annotations | Annotations to add to the P2P Service (e.g., Cilium sharing keys) | object | `{}` |
+ | lighthouse.p2p.service.enabled | Enable a dedicated P2P Service | bool | `false` |
+ | lighthouse.p2p.service.externalIPs | Fixed external IPs to bind the Service to (requires upstream routing) | list | `[]` |
+ | lighthouse.p2p.service.externalTrafficPolicy | External traffic policy | string | `"Local"` |
+ | lighthouse.p2p.service.labels | Additional labels to add to the P2P Service | object | `{}` |
+ | lighthouse.p2p.service.loadBalancerIP | When using a LoadBalancer and your cloud supports it, set a specific LB IP | string | `""` |
+ | lighthouse.p2p.service.loadBalancerSourceRanges | Restrict which source ranges can access the LoadBalancer (CIDRs) | list | `[]` |
+ | lighthouse.p2p.service.type | Service type for P2P exposure | string | `"LoadBalancer"` |
  | lighthouse.p2pHostPort.enabled | Expose P2P ports via hostPort | bool | `false` |
  | lighthouse.p2pHostPort.initContainer.image.pullPolicy | Container pull policy | string | `"IfNotPresent"` |
  | lighthouse.p2pHostPort.initContainer.image.repository | Container image to fetch IP/port information | string | `"lachlanevenson/k8s-kubectl"` |

diff --git a/charts/lighthouse/templates/dashboards-operator.yaml b/charts/lighthouse/templates/dashboards-operator.yaml
@@ -0,0 +1,52 @@
+{{- $g := $.Values.grafana -}}
+{{- if and $g.operatorDashboards $g.operatorDashboards.enabled -}}
+{{- $op := $g.operatorDashboards -}}
+{{- $files := .Files.Glob "dashboards/*" -}}
+{{- range $path, $_ := $files }}
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: {{ include "lighthouse.fullname" $ }}-{{ base $path | replace "." "-" | trunc 63 | trimSuffix "-" }}
+  {{- with $op.namespace }}
+  {{- if . }}
+  namespace: {{ . }}
+  {{- end }}
+  {{- end }}
+  labels:
+    {{- include "lighthouse.labels" $ | nindent 4 }}
+    {{- with $op.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with $op.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  allowCrossNamespaceImport: {{ default false $op.allowCrossNamespaceImport }}
+  {{- with $op.instanceSelector }}
+  instanceSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $op.folder }}
+  folder: {{ . }}
+  {{- end }}
+  {{- with $op.folderUID }}
+  folderUID: {{ . }}
+  {{- end }}
+  {{- with $op.uid }}
+  uid: {{ . }}
+  {{- end }}
+  {{- with $op.resyncPeriod }}
+  resyncPeriod: {{ . }}
+  {{- end }}
+  {{- if hasKey $op "suspend" }}
+  suspend: {{ $op.suspend }}
+  {{- end }}
+  {{- with $op.extraSpec }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  json: |
+    {{- $.Files.Get $path | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/lighthouse/templates/lighthouse/service.yaml b/charts/lighthouse/templates/lighthouse/service.yaml
@@ -81,3 +81,57 @@ spec:
   selector:
     {{- include "lighthouse.selectorLabels" . | nindent 4 }}
     {{- $componentLabel | nindent 4 }}
+{{/* Dedicated P2P LoadBalancer Service */}}
+{{- if and $values.p2p $values.p2p.service $values.p2p.service.enabled (eq (default "" $values.p2p.service.type) "LoadBalancer") }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "lighthouse.fullname" . }}-{{ $componentName }}-p2p
+  labels:
+    {{- include "lighthouse.labels" . | nindent 4 }}
+    {{- $componentLabel | nindent 4 }}
+    {{- with $values.p2p.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with $values.p2p.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: {{ default "Local" $values.p2p.service.externalTrafficPolicy }}
+  {{- with $values.p2p.service.loadBalancerIP }}
+  {{- if . }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
+  {{- end }}
+  {{- with $values.p2p.service.loadBalancerSourceRanges }}
+  {{- if . }}
+  loadBalancerSourceRanges:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  {{- with $values.p2p.service.externalIPs }}
+  {{- if . }}
+  externalIPs:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  ports:
+    - name: tcp-transport
+      port: {{ include "lighthouse.port" $values }}
+      targetPort: tcp-transport
+      protocol: TCP
+    - name: udp-discovery
+      port: {{ include "lighthouse.discoveryPort" $values }}
+      targetPort: udp-discovery
+      protocol: UDP
+    - name: udp-transport
+      port: {{ include "lighthouse.quicPort" $values }}
+      targetPort: udp-transport
+      protocol: UDP
+  selector:
+    {{- include "lighthouse.selectorLabels" . | nindent 4 }}
+    {{- $componentLabel | nindent 4 }}
+{{- end }}
diff --git a/charts/lighthouse/templates/lighthouse/statefulset.yaml b/charts/lighthouse/templates/lighthouse/statefulset.yaml
@@ -160,6 +160,14 @@ spec:
                 --enr-address=$EXTERNAL_IP \
                 --enr-udp-port={{ $values.p2pHostPort.port }} \
                 --enr-tcp-port={{ $values.p2pHostPort.port }} \
+              {{- else if and $values.p2p $values.p2p.service $values.p2p.service.enabled (eq $values.p2p.service.type "LoadBalancer") }}
+                {{- if $values.p2p.service.advertiseIP }}
+                --enr-address={{ $values.p2p.service.advertiseIP }} \
+                {{- else if $values.p2p.service.loadBalancerIP }}
+                --enr-address={{ $values.p2p.service.loadBalancerIP }} \
+                {{- end }}
+                --enr-udp-port={{ include "lighthouse.discoveryPort" $values }} \
+                --enr-tcp-port={{ include "lighthouse.port" $values }} \
               {{- end }}
                 --port={{ include "lighthouse.port" $values }} \
                 --discovery-port={{ include "lighthouse.discoveryPort" $values }} \

diff --git a/charts/lighthouse/values.yaml b/charts/lighthouse/values.yaml
@@ -66,6 +66,28 @@ grafana:
   dashboardsConfigMapLabel: grafana_dashboard
   # -- Must match `sidecar.dashboards.labelValue` value for the [Grafana chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart)
   dashboardsConfigMapLabelValue: "1"
+  # -- Create GrafanaDashboard CRDs via Grafana Operator from files in `dashboards/`
+  operatorDashboards:
+    enabled: false
+    # -- Optional target namespace for the GrafanaDashboard CRDs (defaults to release namespace)
+    namespace: ""
+    # -- Extra labels and annotations on the GrafanaDashboard resources
+    labels: {}
+    annotations: {}
+    # -- Selector to match Grafana instances managed by the operator
+    instanceSelector:
+      matchLabels: {}
+    # -- Allow matching Grafana instances outside current namespace
+    allowCrossNamespaceImport: false
+    # -- Optional folder metadata
+    folder: ""
+    folderUID: ""
+    uid: ""
+    # -- Operator sync behavior
+    resyncPeriod: ""
+    suspend: false
+    # -- Additional spec fields to merge into GrafanaDashboard.spec
+    extraSpec: {}
 
 lighthouse:
   # -- URL to the Execution Client Engine API. Will use configured JWT to authenticate.
@@ -172,3 +194,25 @@ lighthouse:
         tag: v1.25.4
         # -- Container pull policy
         pullPolicy: IfNotPresent
+
+  # P2P Service exposure (alternative to hostPort)
+  p2p:
+    service:
+      # -- Enable a dedicated P2P Service
+      enabled: false
+      # -- Service type for P2P exposure
+      type: LoadBalancer
+      # -- Additional labels to add to the P2P Service
+      labels: {}
+      # -- Annotations to add to the P2P Service (e.g., Cilium sharing keys)
+      annotations: {}
+      # -- External traffic policy
+      externalTrafficPolicy: Local
+      # -- Fixed external IPs to bind the Service to (requires upstream routing)
+      externalIPs: []
+      # -- When using a LoadBalancer and your cloud supports it, set a specific LB IP
+      loadBalancerIP: ""
+      # -- Restrict which source ranges can access the LoadBalancer (CIDRs)
+      loadBalancerSourceRanges: []
+      # -- IP address to explicitly advertise in ENR (overrides autodetection and LB IP)
+      advertiseIP: ""