From 6ccc9dce56e933b9cddeadbd28dd3db1967ddea9 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 24 Apr 2024 22:44:23 +0200 Subject: [PATCH 01/72] feat: First version of Espresso helm chart --- charts/espresso/Chart.lock | 6 + charts/espresso/Chart.yaml | 19 +++ charts/espresso/Plan.md | 15 ++ charts/espresso/templates/_helpers.yaml | 0 charts/espresso/templates/ingress.yaml | 57 ++++++++ charts/espresso/templates/secret.yaml | 21 +++ charts/espresso/templates/service.yaml | 24 ++++ charts/espresso/templates/serviceaccount.yaml | 13 ++ charts/espresso/templates/statefulset.yaml | 78 +++++++++++ charts/espresso/values.yaml | 129 ++++++++++++++++++ 10 files changed, 362 insertions(+) create mode 100644 charts/espresso/Chart.lock create mode 100644 charts/espresso/Chart.yaml create mode 100644 charts/espresso/Plan.md create mode 100644 charts/espresso/templates/_helpers.yaml create mode 100644 charts/espresso/templates/ingress.yaml create mode 100644 charts/espresso/templates/secret.yaml create mode 100644 charts/espresso/templates/service.yaml create mode 100644 charts/espresso/templates/serviceaccount.yaml create mode 100644 charts/espresso/templates/statefulset.yaml create mode 100644 charts/espresso/values.yaml diff --git a/charts/espresso/Chart.lock b/charts/espresso/Chart.lock new file mode 100644 index 000000000..4f83d8d21 --- /dev/null +++ b/charts/espresso/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../common + version: 1.0.1 +digest: sha256:16871b89b082fb3f3fa0c9bb12fa86f144272c29639386c444322cbaa454e17b +generated: "2024-01-24T14:35:14.068637+01:00" diff --git a/charts/espresso/Chart.yaml b/charts/espresso/Chart.yaml new file mode 100644 index 000000000..cc0409ea5 --- /dev/null +++ b/charts/espresso/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: espresso +version: 1.0.0 +appVersion: 0.0.1 +kubeVersion: "^1.23.0-0" +description: A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes. +type: application +keywords: + - eigenlayer + - AVS + - espresso +home: https://docs.espressosys.com/sequencer +dependencies: + - name: common + repository: file://../common + version: 1.0.1 +maintainers: + - name: matilote + - name: AntiD2ta diff --git a/charts/espresso/Plan.md b/charts/espresso/Plan.md new file mode 100644 index 000000000..cee247996 --- /dev/null +++ b/charts/espresso/Plan.md @@ -0,0 +1,15 @@ +# Plan + +- [ ] Service Monitor for Prometheus +- [X] Secret store +- [X] Deployment for Sequencer Node and DA Node +- [X] Service for Sequencer Node and DA Node +- [X] Ingress for Sequencer Node and DA Node. This is GCP, so we will use GCP Ingress +- [ ] Prometheus rules??? +- [ ] Automate keys creation and deployment to Secrets Manager +- [ ] Create CloudSQL instances + +## Notes + +- Unlike previous testnets, all sequencer nodes (DA or non-DA) will need to allow public inbound traffic. This is to facilitate the gossip network between nodes. Our gossip network uses the standard libp2p implementation that many other projects use. The configuration supports setting both a "bind" address and "advertise" address, so it is possible to put this behind a load balancer. +- DA nodes will also need to allow public inbound traffic, but this can also be put behind a load balancer \ No newline at end of file diff --git a/charts/espresso/templates/_helpers.yaml b/charts/espresso/templates/_helpers.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/espresso/templates/ingress.yaml b/charts/espresso/templates/ingress.yaml new file mode 100644 index 000000000..63e71ef83 --- /dev/null +++ b/charts/espresso/templates/ingress.yaml @@ -0,0 +1,57 @@ +--- +{{- if .Values.ingress.enabled -}} + {{- $baseServiceName := include "common.names.fullname" . -}} + {{- $routePrefix := .Values.ingress.routePrefix | default "/" -}} + {{- $defaultPath := list (dict "path" $routePrefix "port" 8000 "pathType" "ImplementationSpecific") -}} + {{- $paths := .Values.ingress.paths | default $defaultPath -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: +{{- if .Values.ingress.annotations }} + annotations: +{{ toYaml .Values.ingress.annotations | indent 4 }} +{{- end }} + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ $p.path }} + pathType: {{ $p.pathType }} + backend: + service: + name: {{ $p.serviceName | default $baseServiceName }} + port: + number: {{ $p.port }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ $p.path }} + pathType: {{ $p.pathType }} + backend: + service: + name: {{ $p.serviceName | default $baseServiceName }} + port: + number: {{ $p.port }} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls | indent 4) . }} + {{- end }} +{{- end }} diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml new file mode 100644 index 000000000..eeacd2f48 --- /dev/null +++ b/charts/espresso/templates/secret.yaml @@ -0,0 +1,21 @@ +{{- if .Values.externalSecrets.enabled }} +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "eso-espresso-sequencer-secrets-{{ $type }}" +spec: + refreshInterval: "1h" + secretStoreRef: + kind: SecretStore + name: gcp-secrets-manager + target: + name: "eso-espresso-sequencer-secrets-{{ $type }}" + creationPolicy: Owner + {{- if $specs.externalSecrets.data }} + data: + {{- $specs.externalSecrets.data | toYaml | trim | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/espresso/templates/service.yaml b/charts/espresso/templates/service.yaml new file mode 100644 index 000000000..fe48db183 --- /dev/null +++ b/charts/espresso/templates/service.yaml @@ -0,0 +1,24 @@ +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "common.names.fullname" $ }}-{{ $type }}" + labels: + {{- include "common.labels.standard" $ | nindent 4 }} + pod: "{{ include "common.names.fullname" $ }}" + type: api +{{- if $.Values.service.svcAnnotations }} + annotations: + {{ toYaml $.Values.service.svcAnnotations | nindent 4 | trim }} +{{- end }} +spec: + type: {{ $.Values.service.type }} # ClusterIP, NodePort, LoadBalancer, or ExternalName + ports: + - port: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} + targetPort: api + protocol: TCP + selector: + {{- include "common.labels.matchLabels" $ | nindent 4 }} + type: {{ $type }} +{{- end }} diff --git a/charts/espresso/templates/serviceaccount.yaml b/charts/espresso/templates/serviceaccount.yaml new file mode 100644 index 000000000..d9a344e60 --- /dev/null +++ b/charts/espresso/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +--- +{{- if .Values.global.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.names.serviceAccountName" $ }} + labels: + {{- include "common.labels.standard" $ | nindent 4 }} + {{- with .Values.global.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml new file mode 100644 index 000000000..be1007c71 --- /dev/null +++ b/charts/espresso/templates/statefulset.yaml @@ -0,0 +1,78 @@ +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} +kind: StatefulSet +metadata: + name: "{{ include "common.names.fullname" $ }}-{{ $type }}" +spec: + serviceName: "{{ include "common.names.fullname" $ }}-{{ $type }}" + replicas: {{ $specs.replicaCount }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" $ | nindent 6 }} + type: {{ $type }} + template: + metadata: + labels: + {{- include "common.labels.matchLabels" $ | nindent 8 }} + type: {{ $type }} + spec: + serviceAccountName: {{ include "common.names.fullname" $ }} + {{- if $.Values.externalSecrets.enabled }} + initContainers: + - name: init-setenv + image: "{{ $.Values.initImage.repository }}:{{ $.Values.initImage.tag }}" + imagePullPolicy: {{ $.Values.initImage.pullPolicy }} + command: ["/bin/sh", "-c"] + args: + - | + index=$(hostname | grep -o -E "[0-9]+$") + echo "Detected Pod Index: $index" + # Ensure environment variables are fetched and then exported with index suffix + ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=$(echo $ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index) + ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=$(echo $ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index) + echo "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY}" >> /etc/espresso/.env + echo "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY}" >> /etc/espresso/.env + envFrom: + - secretRef: + name: eso-espresso-sequencer-secrets-{{ $type }} + volumeMounts: + - name: init-env + mountPath: /etc/espresso + {{- end }} + containers: + - name: "sequencer-{{ $type }}" + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: + - > + {{ $specs.command }} + env: + {{- range $key, $value := $.Values.nodes_config }} + - name: {{ $key }} + value: {{ required (printf "%s is required" $key) $value }} + {{- end }} + {{- if $.Values.externalSecrets.enabled }} + - name: ESPRESSO_SEQUENCER_KEY_FILE + value: /etc/espresso/.env + envFrom: + - secretRef: + name: espresso-sequencer-postgres-{{ $type }} + {{- end }} + ports: + - name: api + containerPort: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} + {{- if $specs.volumeMount }} + volumeMounts: + - name: consensus-data + mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} + {{- if $.Values.externalSecrets.enabled }} + - name: private-keys + mountPath: /etc/espresso + {{- end }} + {{- end }} + {{- with $specs.resources }} + resources: + {{ toYaml . | nindent 12 | trim }} + {{- end }} +{{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml new file mode 100644 index 000000000..36cdbf234 --- /dev/null +++ b/charts/espresso/values.yaml @@ -0,0 +1,129 @@ +global: + # -- Service account + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + # + serviceAccount: + create: false + +nodes: + normal: + replicaCount: 1 + command: "sequencer -- http -- catchup -- status" + volumeMount: true + resources: + requests: + cpu: "200m" + memory: "16Gi" + limits: + cpu: "400m" + memory: "32Gi" + externalSecrets: + data: [] + da: + replicaCount: 0 + command: "sequencer -- storage-sql -- http -- catchup -- status -- query" + volumeMount: false + resources: + requests: + cpu: "200m" + memory: "16Gi" + limits: + cpu: "400m" + memory: "32Gi" + externalSecrets: + data: [] + +nodes_config: + ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: "https://orchestrator.cappuccino.testnet.espresso.network" + ESPRESSO_SEQUENCER_CDN_ENDPOINT: "cdn.cappuccino.testnet.espresso.network:1737" + ESPRESSO_STATE_RELAY_SERVER_URL: "https://state-relay.cappuccino.testnet.espresso.network" + ESPRESSO_SEQUENCER_BASE_FEE: "0" + ESPRESSO_SEQUENCER_MAX_BLOCK_SIZE: "30000000" + ESPRESSO_SEQUENCER_CHAIN_ID: "0" + RUST_LOG: "warn,libp2p=off" + RUST_LOG_FORMAT: "json" + ESPRESSO_SEQUENCER_STATE_PEERS: "https://query.cappuccino.testnet.espresso.network" + ESPRESSO_SEQUENCER_L1_PROVIDER: "" # JSON-RPC endpoint for Sepolia testnet + ESPRESSO_SEQUENCER_API_PORT: 80 # Port on which to host metrics and healthchecks + ESPRESSO_SEQUENCER_STORAGE_PATH: "/mount/sequencer/store/" # Path in container to store consensus state + +image: + repository: ghcr.io/espressosystems/espresso-sequencer/sequencer + tag: main + pullPolicy: IfNotPresent + +# -- Init image is used to manage which secrets the pod should use. +initImage: + repository: "busybox" + tag: "1.36.1" + pullPolicy: IfNotPresent + +service: + type: ClusterIP + # Port will target ESPRESSO_SEQUENCER_API_PORT + svcAnnotations: {} + +ingress: + enabled: false + ingressClassName: "" + + # -- Route Prefix. Can skip it if any item of path has the path defined. + routePrefix: / + + annotations: {} + + labels: {} + + # -- Hostnames. + # Can be provided if Ingress is enabled. + # + hosts: [] + # hosts: + # - prometheus.domain.com + + # -- Paths to use for ingress rules + # By default, the Service created by this chart is used as the target + # Service for the Ingress. + # If not defined the following default object will be used: + # - path: "/" + # port: 8000 + # pathType: "ImplementationSpecific" + # serviceName: "" + # + paths: [] + # paths: + # - path: "/metrics" + # port: 9000 + # pathType: "Prefix" + # - path: "/api" + # port: 8080 + # pathType: "Exact" + # - path: "/health" + # port: 8085 + # pathType: "Prefix" + # serviceName: "alternativeServiceName" + + # -- TLS configuration for Ingress + # Secret must be manually created in the namespace + # + tls: [] + # - secretName: execution-beacon-general-tls + # hosts: + # - nethermind.example.com + +externalSecrets: + enabled: false + +# -- Provide a name to substitute for the full names of resources +fullnameOverride: "" + +# -- Service account +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +# +serviceAccount: + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # + name: "" From c480e4013543e2a3d90d359d8456310d7f231b6e Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 25 Apr 2024 02:45:37 +0200 Subject: [PATCH 02/72] feat: Add Pod for espresso-keystore-cli --- charts/espresso/templates/keystore-cli.yaml | 39 +++++++++++++++++++++ charts/espresso/values.yaml | 9 +++++ 2 files changed, 48 insertions(+) create mode 100644 charts/espresso/templates/keystore-cli.yaml diff --git a/charts/espresso/templates/keystore-cli.yaml b/charts/espresso/templates/keystore-cli.yaml new file mode 100644 index 000000000..a08ff0cc9 --- /dev/null +++ b/charts/espresso/templates/keystore-cli.yaml @@ -0,0 +1,39 @@ +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "common.names.fullname" $ }}-keystore-cli-{{ $type }}" + labels: + {{- include "common.labels.matchLabels" $ | nindent 4 }} +spec: + initContainers: + - name: keygen + image: {{ $.Values.image.repository }}:{{ $.Values.image.tag }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: ["keygen", "-o", "/keys", "-n", "{{ $specs.replicaCount }}"] + volumeMounts: + - name: keys + mountPath: /keys + + containers: + - name: espresso-keystore-cli + image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} + imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} + env: + - name: KEYS_PATH + value: /keys + - name: PROJECT_ID + value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} + - name: SECRET_ID + value: {{ required "Secret ID is required" $.Values.keystoreCLI.secretId }}-{{ $type }} + volumeMounts: + - name: keys + mountPath: /keys + + volumes: + - name: keys + emptyDir: {} + + restartPolicy: Never +{{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 36cdbf234..0df19d108 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -58,6 +58,15 @@ initImage: tag: "1.36.1" pullPolicy: IfNotPresent +# -- Keystore-CLI settings. Used to manage keys on Secret Store. +keystoreCLI: + image: + repository: "nethermindeth/espresso-keystore-cli" + tag: "v0.1.1" + pullPolicy: IfNotPresent + projectId: "" # GCP Project ID + secretId: "" # GCP Secret ID without the Sequencer node type suffix + service: type: ClusterIP # Port will target ESPRESSO_SEQUENCER_API_PORT From d962adc7bb123991cc41ea2fc2705b0d73a556f2 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 25 Apr 2024 19:12:34 +0200 Subject: [PATCH 03/72] feat: Update key mgm automation --- charts/espresso/Plan.md | 2 +- charts/espresso/templates/keystore-cli.yaml | 39 ----------------- charts/espresso/templates/statefulset.yaml | 48 ++++++++++++++++++++- charts/espresso/values.yaml | 7 ++- 4 files changed, 53 insertions(+), 43 deletions(-) delete mode 100644 charts/espresso/templates/keystore-cli.yaml diff --git a/charts/espresso/Plan.md b/charts/espresso/Plan.md index cee247996..127f7dfd3 100644 --- a/charts/espresso/Plan.md +++ b/charts/espresso/Plan.md @@ -6,7 +6,7 @@ - [X] Service for Sequencer Node and DA Node - [X] Ingress for Sequencer Node and DA Node. This is GCP, so we will use GCP Ingress - [ ] Prometheus rules??? -- [ ] Automate keys creation and deployment to Secrets Manager +- [X] Automate keys creation and deployment to Secrets Manager - [ ] Create CloudSQL instances ## Notes diff --git a/charts/espresso/templates/keystore-cli.yaml b/charts/espresso/templates/keystore-cli.yaml deleted file mode 100644 index a08ff0cc9..000000000 --- a/charts/espresso/templates/keystore-cli.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- range $type, $specs := .Values.nodes }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "common.names.fullname" $ }}-keystore-cli-{{ $type }}" - labels: - {{- include "common.labels.matchLabels" $ | nindent 4 }} -spec: - initContainers: - - name: keygen - image: {{ $.Values.image.repository }}:{{ $.Values.image.tag }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - command: ["keygen", "-o", "/keys", "-n", "{{ $specs.replicaCount }}"] - volumeMounts: - - name: keys - mountPath: /keys - - containers: - - name: espresso-keystore-cli - image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} - imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} - env: - - name: KEYS_PATH - value: /keys - - name: PROJECT_ID - value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} - - name: SECRET_ID - value: {{ required "Secret ID is required" $.Values.keystoreCLI.secretId }}-{{ $type }} - volumeMounts: - - name: keys - mountPath: /keys - - volumes: - - name: keys - emptyDir: {} - - restartPolicy: Never -{{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index be1007c71..ccf50f73e 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -20,7 +20,28 @@ spec: serviceAccountName: {{ include "common.names.fullname" $ }} {{- if $.Values.externalSecrets.enabled }} initContainers: - - name: init-setenv + - name: keygen # Generates keys for the sequencer + image: {{ $.Values.image.repository }}:{{ $.Values.image.tag }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: ["keygen", "-o", "/keys", "-n", "{{ $specs.replicaCount }}"] + volumeMounts: + - name: keys + mountPath: /keys + - name: keystore-cli-pv-keys # Updates Secret Manager with private keys in the proper format + image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} + imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} + command: ["pv-keys"] + env: + - name: KEYS_PATH + value: /keys + - name: PROJECT_ID + value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} + - name: SECRET_ID + value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }}-{{ $type }} + volumeMounts: + - name: keys + mountPath: /keys + - name: init-setenv # Sets keys environment variables for the sequencer image: "{{ $.Values.initImage.repository }}:{{ $.Values.initImage.tag }}" imagePullPolicy: {{ $.Values.initImage.pullPolicy }} command: ["/bin/sh", "-c"] @@ -39,6 +60,24 @@ spec: volumeMounts: - name: init-env mountPath: /etc/espresso + {{- if contains $specs.command "storage-sql" }} + - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format + image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} + imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} + command: ["db-keys"] + env: + - name: PROJECT_ID + value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} + - name: SECRET_ID + value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }}-{{ $type }} + - name: SEQUENCER_POSTGRES_HOST + value: {{ required "DB host is required" $.Values.keystoreCLI.db.host }} + - name: SEQUENCER_POSTGRES_USER + value: {{ required "DB user is required" $.Values.keystoreCLI.db.user }} + volumeMounts: + - name: keys + mountPath: /keys + {{- end }} {{- end }} containers: - name: "sequencer-{{ $type }}" @@ -57,7 +96,7 @@ spec: value: /etc/espresso/.env envFrom: - secretRef: - name: espresso-sequencer-postgres-{{ $type }} + name: eso-espresso-sequencer-secrets-{{ $type }} {{- end }} ports: - name: api @@ -75,4 +114,9 @@ spec: resources: {{ toYaml . | nindent 12 | trim }} {{- end }} + volumes: + - name: keys + emptyDir: {} + - name: init-env + emptyDir: {} {{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 0df19d108..75d6784f1 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -65,7 +65,12 @@ keystoreCLI: tag: "v0.1.1" pullPolicy: IfNotPresent projectId: "" # GCP Project ID - secretId: "" # GCP Secret ID without the Sequencer node type suffix + pv: + secretId: "" # GCP Secret ID without the Sequencer node type suffix + db: + secretId: "" # GCP Secret ID of the DB credentials + host: "" # DB host + user: "" # DB user service: type: ClusterIP From 1052f8fce043e1b8acdb411770bd9079e22085fd Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 25 Apr 2024 23:09:32 +0200 Subject: [PATCH 04/72] chore: Allow overriding the namespace --- charts/espresso/templates/ingress.yaml | 9 ++++++--- charts/espresso/templates/secret.yaml | 3 +++ charts/espresso/templates/service.yaml | 3 +++ charts/espresso/templates/serviceaccount.yaml | 3 +++ charts/espresso/templates/statefulset.yaml | 3 +++ charts/espresso/values.yaml | 2 ++ 6 files changed, 20 insertions(+), 3 deletions(-) diff --git a/charts/espresso/templates/ingress.yaml b/charts/espresso/templates/ingress.yaml index 63e71ef83..18cfa4e30 100644 --- a/charts/espresso/templates/ingress.yaml +++ b/charts/espresso/templates/ingress.yaml @@ -14,9 +14,12 @@ metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} + {{- if .Values.ingress.labels }} + {{ toYaml .Values.ingress.labels | indent 4 }} + {{- end }} + {{- if $.Values.global.namespaceOverride }} + namespace: {{ $.Values.global.namespaceOverride }} + {{- end }} spec: {{- if .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index eeacd2f48..a0b44190d 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -5,6 +5,9 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: "eso-espresso-sequencer-secrets-{{ $type }}" + {{- if $.Values.global.namespaceOverride }} + namespace: {{ $.Values.global.namespaceOverride }} + {{- end }} spec: refreshInterval: "1h" secretStoreRef: diff --git a/charts/espresso/templates/service.yaml b/charts/espresso/templates/service.yaml index fe48db183..5760d1df3 100644 --- a/charts/espresso/templates/service.yaml +++ b/charts/espresso/templates/service.yaml @@ -12,6 +12,9 @@ metadata: annotations: {{ toYaml $.Values.service.svcAnnotations | nindent 4 | trim }} {{- end }} + {{- if $.Values.global.namespaceOverride }} + namespace: {{ $.Values.global.namespaceOverride }} + {{- end }} spec: type: {{ $.Values.service.type }} # ClusterIP, NodePort, LoadBalancer, or ExternalName ports: diff --git a/charts/espresso/templates/serviceaccount.yaml b/charts/espresso/templates/serviceaccount.yaml index d9a344e60..adfa70126 100644 --- a/charts/espresso/templates/serviceaccount.yaml +++ b/charts/espresso/templates/serviceaccount.yaml @@ -10,4 +10,7 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- if $.Values.global.namespaceOverride }} + namespace: {{ $.Values.global.namespaceOverride }} + {{- end }} {{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index ccf50f73e..d979be1c5 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -4,6 +4,9 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: "{{ include "common.names.fullname" $ }}-{{ $type }}" + {{- if $.Values.global.namespaceOverride }} + namespace: {{ $.Values.global.namespaceOverride }} + {{- end }} spec: serviceName: "{{ include "common.names.fullname" $ }}-{{ $type }}" replicas: {{ $specs.replicaCount }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 75d6784f1..9adddbaf0 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -4,6 +4,8 @@ global: # serviceAccount: create: false + + namespaceOverride: "" nodes: normal: From c185edc90cc88e7b305d518ffbd0a328e49cc5af Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 25 Apr 2024 23:09:53 +0200 Subject: [PATCH 05/72] fix: Type errors from env in the statefulset --- charts/espresso/templates/statefulset.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index d979be1c5..4734a3173 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -38,7 +38,7 @@ spec: - name: KEYS_PATH value: /keys - name: PROJECT_ID - value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} + value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - name: SECRET_ID value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }}-{{ $type }} volumeMounts: @@ -63,20 +63,20 @@ spec: volumeMounts: - name: init-env mountPath: /etc/espresso - {{- if contains $specs.command "storage-sql" }} + {{- if contains "storage-sql" $specs.command }} - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} command: ["db-keys"] env: - name: PROJECT_ID - value: {{ required "Project ID is required" $.Values.keystoreCLI.projectId }} + value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - name: SECRET_ID value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }}-{{ $type }} - name: SEQUENCER_POSTGRES_HOST - value: {{ required "DB host is required" $.Values.keystoreCLI.db.host }} + value: {{ (required "DB host is required" $.Values.keystoreCLI.db.host) | quote }} - name: SEQUENCER_POSTGRES_USER - value: {{ required "DB user is required" $.Values.keystoreCLI.db.user }} + value: {{ (required "DB user is required" $.Values.keystoreCLI.db.user) | quote }} volumeMounts: - name: keys mountPath: /keys @@ -92,7 +92,7 @@ spec: env: {{- range $key, $value := $.Values.nodes_config }} - name: {{ $key }} - value: {{ required (printf "%s is required" $key) $value }} + value: {{ required (printf "%s is required" $key) $value | quote }} {{- end }} {{- if $.Values.externalSecrets.enabled }} - name: ESPRESSO_SEQUENCER_KEY_FILE From dd0f525bee45b78702370b84cc54467960d7a963 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 26 Apr 2024 18:01:00 +1000 Subject: [PATCH 06/72] feat: Add volume claim template and remove unused mount --- charts/espresso/templates/statefulset.yaml | 21 +++++++++++++++++---- charts/espresso/values.yaml | 10 ++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 4734a3173..5e4bfeb06 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -108,10 +108,6 @@ spec: volumeMounts: - name: consensus-data mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} - {{- if $.Values.externalSecrets.enabled }} - - name: private-keys - mountPath: /etc/espresso - {{- end }} {{- end }} {{- with $specs.resources }} resources: @@ -122,4 +118,21 @@ spec: emptyDir: {} - name: init-env emptyDir: {} + volumeClaimTemplates: + {{- if $specs.volumeMount }} + - metadata: + name: consensus-data + labels: + {{- include "common.labels.statefulset" . | nindent 10 }} + {{- with .Values.global.persistence.annotations }} + annotations: + {{ toYaml . | nindent 10 | trim }} + {{- end }} + spec: + accessModes: {{ .Values.global.persistence.accessModes }} + storageClassName: {{ .Values.global.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.global.persistence.size | quote }} + {{- end }} {{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 9adddbaf0..11d47085e 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -7,6 +7,16 @@ global: namespaceOverride: "" + # -- Whether or not to allocate persistent volume disk for the data directory. + # In case of node failure, the node data directory will still persist. + # + persistence: + storageClassName: "" + accessModes: + - ReadWriteOnce + size: 150Gi + annotations: {} + nodes: normal: replicaCount: 1 From 4319aee80bb3f8cb30e69dfbac94ef578d712b0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 26 Apr 2024 18:03:49 +1000 Subject: [PATCH 07/72] fix: Label ref --- charts/espresso/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 5e4bfeb06..1c1e30f49 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -123,7 +123,7 @@ spec: - metadata: name: consensus-data labels: - {{- include "common.labels.statefulset" . | nindent 10 }} + {{- include "common.labels.statefulset" $ | nindent 8 }} {{- with .Values.global.persistence.annotations }} annotations: {{ toYaml . | nindent 10 | trim }} From 75747c070347c7c58846660e9a37ff0435983931 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 26 Apr 2024 18:05:32 +1000 Subject: [PATCH 08/72] fix: Missing $ --- charts/espresso/templates/statefulset.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 1c1e30f49..e697d9524 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -124,15 +124,15 @@ spec: name: consensus-data labels: {{- include "common.labels.statefulset" $ | nindent 8 }} - {{- with .Values.global.persistence.annotations }} + {{- with $.Values.global.persistence.annotations }} annotations: {{ toYaml . | nindent 10 | trim }} {{- end }} spec: - accessModes: {{ .Values.global.persistence.accessModes }} - storageClassName: {{ .Values.global.persistence.storageClassName }} + accessModes: {{ $.Values.global.persistence.accessModes }} + storageClassName: {{ $.Values.global.persistence.storageClassName }} resources: requests: - storage: {{ .Values.global.persistence.size | quote }} + storage: {{ $.Values.global.persistence.size | quote }} {{- end }} {{- end }} From 42a7f122cb0721e6efa35e8bb59656b7306e6eca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 26 Apr 2024 23:06:11 +1000 Subject: [PATCH 09/72] feat: Update external secrets reference to be dynamic --- charts/espresso/templates/secret.yaml | 4 ++-- charts/espresso/values.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index a0b44190d..1ab74bd4a 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -11,8 +11,8 @@ metadata: spec: refreshInterval: "1h" secretStoreRef: - kind: SecretStore - name: gcp-secrets-manager + name: {{ $specs.externalSecrets.secretStoreRef.name }} + kind: {{ $specs.externalSecrets.secretStoreRef.kind }} target: name: "eso-espresso-sequencer-secrets-{{ $type }}" creationPolicy: Owner diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 11d47085e..f12e79ffd 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -139,6 +139,9 @@ ingress: externalSecrets: enabled: false + secretStoreRef: + name: secretStoreRef + kind: SecretStore # -- Provide a name to substitute for the full names of resources fullnameOverride: "" From bc0eaa18a69f00594e00bc711c30da86c6af6fd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 26 Apr 2024 23:11:14 +1000 Subject: [PATCH 10/72] fix: Reference try with shell change to args --- charts/espresso/templates/secret.yaml | 4 ++-- charts/espresso/templates/statefulset.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index 1ab74bd4a..a212da21b 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -11,8 +11,8 @@ metadata: spec: refreshInterval: "1h" secretStoreRef: - name: {{ $specs.externalSecrets.secretStoreRef.name }} - kind: {{ $specs.externalSecrets.secretStoreRef.kind }} + name: {{ $.Values.externalSecrets.secretStoreRef.name }} + kind: {{ $.Values.externalSecrets.secretStoreRef.kind }} target: name: "eso-espresso-sequencer-secrets-{{ $type }}" creationPolicy: Owner diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index e697d9524..04c953ec3 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -33,7 +33,7 @@ spec: - name: keystore-cli-pv-keys # Updates Secret Manager with private keys in the proper format image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} - command: ["pv-keys"] + args: ["pv-keys"] env: - name: KEYS_PATH value: /keys From 07a77700899cf4de663c9067d196099bca7de6da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Sat, 27 Apr 2024 00:20:46 +1000 Subject: [PATCH 11/72] feat: Add annotations to sa --- charts/espresso/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index f12e79ffd..16923f179 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -4,6 +4,7 @@ global: # serviceAccount: create: false + annotations: {} namespaceOverride: "" From f4925cff19a14cc4f9c8f9e7309795a035901b12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Sat, 27 Apr 2024 00:38:42 +1000 Subject: [PATCH 12/72] chore: Try with more args fix --- charts/espresso/templates/statefulset.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 04c953ec3..5116d42eb 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -67,7 +67,7 @@ spec: - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} - command: ["db-keys"] + args: ["db-keys"] env: - name: PROJECT_ID value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} @@ -86,9 +86,8 @@ spec: - name: "sequencer-{{ $type }}" image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} - command: - - > - {{ $specs.command }} + args: + - {{ $specs.command }} env: {{- range $key, $value := $.Values.nodes_config }} - name: {{ $key }} From 5f84f502326079de14392085cb72ba1655b880a5 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 08:08:34 +0100 Subject: [PATCH 13/72] fix: Args and commands of sequencer container --- charts/espresso/templates/statefulset.yaml | 4 +++- charts/espresso/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 5116d42eb..771ab09ec 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -86,8 +86,10 @@ spec: - name: "sequencer-{{ $type }}" image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: ["sequencer"] args: - - {{ $specs.command }} + - > + {{ $specs.args }} env: {{- range $key, $value := $.Values.nodes_config }} - name: {{ $key }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 16923f179..819b2870a 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -21,7 +21,7 @@ global: nodes: normal: replicaCount: 1 - command: "sequencer -- http -- catchup -- status" + args: "-- http -- catchup -- status" volumeMount: true resources: requests: @@ -34,7 +34,7 @@ nodes: data: [] da: replicaCount: 0 - command: "sequencer -- storage-sql -- http -- catchup -- status -- query" + args: "-- storage-sql -- http -- catchup -- status -- query" volumeMount: false resources: requests: From 714beefc2b4e87f43a16d2f86a834750f2032148 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 08:16:32 +0100 Subject: [PATCH 14/72] fix: db-keys init container condition --- charts/espresso/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 771ab09ec..7f04de1a9 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -63,7 +63,7 @@ spec: volumeMounts: - name: init-env mountPath: /etc/espresso - {{- if contains "storage-sql" $specs.command }} + {{- if contains "storage-sql" $specs.args }} - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} From f08ff9b980c231a3d9d2152519ec391bb93e75c3 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 08:26:19 +0100 Subject: [PATCH 15/72] fix: Sequencer container args definition --- charts/espresso/templates/statefulset.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 7f04de1a9..8fbddc850 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -88,8 +88,7 @@ spec: imagePullPolicy: {{ $.Values.image.pullPolicy }} command: ["sequencer"] args: - - > - {{ $specs.args }} + - > {{ $specs.args | trim | nindent 14 }} env: {{- range $key, $value := $.Values.nodes_config }} - name: {{ $key }} From 08ab5bb022f5a690cd69d70d90ea486dfc8cba48 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 10:18:46 +0100 Subject: [PATCH 16/72] fix: Improve image name definitions --- charts/espresso/templates/_helpers.yaml | 8 ++++++++ charts/espresso/templates/statefulset.yaml | 10 +++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/charts/espresso/templates/_helpers.yaml b/charts/espresso/templates/_helpers.yaml index e69de29bb..bb104c1fd 100644 --- a/charts/espresso/templates/_helpers.yaml +++ b/charts/espresso/templates/_helpers.yaml @@ -0,0 +1,8 @@ +{{/* +Create a formatted image string with repository and tag +*/}} +{{- define "espresso.build_image_name" -}} +{{- $repository := index . 0 -}} +{{- $tag := index . 1 -}} +{{- printf "%s:%s" $repository $tag | quote -}} +{{- end -}} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 8fbddc850..c2f4b3648 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -24,14 +24,14 @@ spec: {{- if $.Values.externalSecrets.enabled }} initContainers: - name: keygen # Generates keys for the sequencer - image: {{ $.Values.image.repository }}:{{ $.Values.image.tag }} + image: {{ include "espresso.build_image_name" (list $.Values.image.repository $.Values.image.tag) }} imagePullPolicy: {{ $.Values.image.pullPolicy }} command: ["keygen", "-o", "/keys", "-n", "{{ $specs.replicaCount }}"] volumeMounts: - name: keys mountPath: /keys - name: keystore-cli-pv-keys # Updates Secret Manager with private keys in the proper format - image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} + image: {{ include "espresso.build_image_name" (list $.Values.keystoreCLI.image.repository $.Values.keystoreCLI.image.tag) }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} args: ["pv-keys"] env: @@ -45,7 +45,7 @@ spec: - name: keys mountPath: /keys - name: init-setenv # Sets keys environment variables for the sequencer - image: "{{ $.Values.initImage.repository }}:{{ $.Values.initImage.tag }}" + image: {{ include "espresso.build_image_name" (list $.Values.initImage.repository $.Values.initImage.tag) }} imagePullPolicy: {{ $.Values.initImage.pullPolicy }} command: ["/bin/sh", "-c"] args: @@ -65,7 +65,7 @@ spec: mountPath: /etc/espresso {{- if contains "storage-sql" $specs.args }} - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format - image: {{ $.Values.keystoreCLI.image.repository }}:{{ $.Values.keystoreCLI.image.tag }} + image: {{ include "espresso.build_image_name" (list $.Values.keystoreCLI.image.repository $.Values.keystoreCLI.image.tag) }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} args: ["db-keys"] env: @@ -84,7 +84,7 @@ spec: {{- end }} containers: - name: "sequencer-{{ $type }}" - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + image: {{ include "espresso.build_image_name" (list $.Values.image.repository $.Values.image.tag) }} imagePullPolicy: {{ $.Values.image.pullPolicy }} command: ["sequencer"] args: From fc7e67045e209d73a9060fb7d85ec8362c6d99f3 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 10:29:42 +0100 Subject: [PATCH 17/72] fix: Remove type suffix from db-keys SECRET_ID --- charts/espresso/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index c2f4b3648..c5f9c40ae 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -72,7 +72,7 @@ spec: - name: PROJECT_ID value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - name: SECRET_ID - value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }}-{{ $type }} + value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }} - name: SEQUENCER_POSTGRES_HOST value: {{ (required "DB host is required" $.Values.keystoreCLI.db.host) | quote }} - name: SEQUENCER_POSTGRES_USER From ee321cbb1c282726a32bdd682fcd325c8a2da40f Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 10:50:56 +0100 Subject: [PATCH 18/72] fix: Try new approach with sequencer command --- charts/espresso/templates/statefulset.yaml | 6 ++---- charts/espresso/values.yaml | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index c5f9c40ae..239a413e5 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -63,7 +63,7 @@ spec: volumeMounts: - name: init-env mountPath: /etc/espresso - {{- if contains "storage-sql" $specs.args }} + {{- if $specs.sqlStorage }} - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format image: {{ include "espresso.build_image_name" (list $.Values.keystoreCLI.image.repository $.Values.keystoreCLI.image.tag) }} imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} @@ -86,9 +86,7 @@ spec: - name: "sequencer-{{ $type }}" image: {{ include "espresso.build_image_name" (list $.Values.image.repository $.Values.image.tag) }} imagePullPolicy: {{ $.Values.image.pullPolicy }} - command: ["sequencer"] - args: - - > {{ $specs.args | trim | nindent 14 }} + command: {{ toYaml $specs.command | nindent 12 }} env: {{- range $key, $value := $.Values.nodes_config }} - name: {{ $key }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 819b2870a..1e3804018 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -21,7 +21,12 @@ global: nodes: normal: replicaCount: 1 - args: "-- http -- catchup -- status" + command: + - "sequencer" + - "-- http" + - "-- catchup" + - "-- status" + sqlStorage: false volumeMount: true resources: requests: @@ -34,7 +39,14 @@ nodes: data: [] da: replicaCount: 0 - args: "-- storage-sql -- http -- catchup -- status -- query" + command: + - "sequencer" + - "-- storage-sql" + - "-- http" + - "-- catchup" + - "-- status" + - "-- query" + sqlStorage: true volumeMount: false resources: requests: From 1ebd7d5e3206c74abb513009248ea1a96221222d Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 13:40:57 +0100 Subject: [PATCH 19/72] fix: Try passing double dash --- charts/espresso/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 1e3804018..829972a9f 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -23,6 +23,7 @@ nodes: replicaCount: 1 command: - "sequencer" + - "--" - "-- http" - "-- catchup" - "-- status" @@ -41,6 +42,7 @@ nodes: replicaCount: 0 command: - "sequencer" + - "--" - "-- storage-sql" - "-- http" - "-- catchup" From 6fdaa0c9b608e322567916669386b9c4c06c2bea Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Sat, 27 Apr 2024 23:38:56 +0100 Subject: [PATCH 20/72] fix: Update values.yaml --- charts/espresso/values.yaml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 829972a9f..772d56af5 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -24,9 +24,11 @@ nodes: command: - "sequencer" - "--" - - "-- http" - - "-- catchup" - - "-- status" + - "http" + - "--" + - "catchup" + - "--" + - "status" sqlStorage: false volumeMount: true resources: @@ -43,11 +45,15 @@ nodes: command: - "sequencer" - "--" - - "-- storage-sql" - - "-- http" - - "-- catchup" - - "-- status" - - "-- query" + - "storage-sql" + - "--" + - "http" + - "--" + - "catchup" + - "--" + - "status" + - "--" + - "query" sqlStorage: true volumeMount: false resources: @@ -61,15 +67,15 @@ nodes: data: [] nodes_config: - ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: "https://orchestrator.cappuccino.testnet.espresso.network" + ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: https://orchestrator.cappuccino.testnet.espresso.network ESPRESSO_SEQUENCER_CDN_ENDPOINT: "cdn.cappuccino.testnet.espresso.network:1737" - ESPRESSO_STATE_RELAY_SERVER_URL: "https://state-relay.cappuccino.testnet.espresso.network" - ESPRESSO_SEQUENCER_BASE_FEE: "0" + ESPRESSO_STATE_RELAY_SERVER_URL: https://state-relay.cappuccino.testnet.espresso.network + ESPRESSO_SEQUENCER_BASE_FEE: 0 ESPRESSO_SEQUENCER_MAX_BLOCK_SIZE: "30000000" - ESPRESSO_SEQUENCER_CHAIN_ID: "0" + ESPRESSO_SEQUENCER_CHAIN_ID: 0 RUST_LOG: "warn,libp2p=off" RUST_LOG_FORMAT: "json" - ESPRESSO_SEQUENCER_STATE_PEERS: "https://query.cappuccino.testnet.espresso.network" + ESPRESSO_SEQUENCER_STATE_PEERS: https://query.cappuccino.testnet.espresso.network ESPRESSO_SEQUENCER_L1_PROVIDER: "" # JSON-RPC endpoint for Sepolia testnet ESPRESSO_SEQUENCER_API_PORT: 80 # Port on which to host metrics and healthchecks ESPRESSO_SEQUENCER_STORAGE_PATH: "/mount/sequencer/store/" # Path in container to store consensus state From 0976cab652bcfe6127fa2c883a55e0ea50286cac Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 11:26:25 +0200 Subject: [PATCH 21/72] fix: Mount .env volume for main container --- charts/espresso/templates/statefulset.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 239a413e5..0f0b76662 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -106,6 +106,10 @@ spec: volumeMounts: - name: consensus-data mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} + {{- if $.Values.externalSecrets.enabled }} + - name: init-env + mountPath: /etc/espresso + {{- end }} {{- end }} {{- with $specs.resources }} resources: From 2e4f1f55dc82498455a47749cb7f2e51f93b3321 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 14:42:34 +0200 Subject: [PATCH 22/72] chore: Add diagnostic container --- charts/espresso/templates/statefulset.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 0f0b76662..abf6f11df 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -102,10 +102,12 @@ spec: ports: - name: api containerPort: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} - {{- if $specs.volumeMount }} + {{- if or $specs.volumeMount $.Values.externalSecrets.enabled }} volumeMounts: + {{- if $specs.volumeMount }} - name: consensus-data mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} + {{- end }} {{- if $.Values.externalSecrets.enabled }} - name: init-env mountPath: /etc/espresso @@ -115,6 +117,12 @@ spec: resources: {{ toYaml . | nindent 12 | trim }} {{- end }} + - name: diagnostic-container + image: busybox + command: ["sleep", "infinity"] + volumeMounts: + - name: init-env + mountPath: /etc/espresso volumes: - name: keys emptyDir: {} From 85757e27efc269906f7a7af07298c01051e89291 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 14:46:18 +0200 Subject: [PATCH 23/72] chore: Allow diagnostic container to access secrets --- charts/espresso/templates/statefulset.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index abf6f11df..a91152198 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -120,6 +120,9 @@ spec: - name: diagnostic-container image: busybox command: ["sleep", "infinity"] + envFrom: + - secretRef: + name: eso-espresso-sequencer-secrets-{{ $type }} volumeMounts: - name: init-env mountPath: /etc/espresso From ba63b5d729739c966138fb7ba50887dc71a14f9d Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 15:05:45 +0200 Subject: [PATCH 24/72] fix: init-setenv script --- charts/espresso/templates/statefulset.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index a91152198..e48f69563 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -52,9 +52,11 @@ spec: - | index=$(hostname | grep -o -E "[0-9]+$") echo "Detected Pod Index: $index" + key_state="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" + key_staking="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" # Ensure environment variables are fetched and then exported with index suffix - ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=$(echo $ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index) - ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=$(echo $ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index) + ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=$(eval echo "\$$key_state") + ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=$(eval echo "\$$key_staking") echo "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY}" >> /etc/espresso/.env echo "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY}" >> /etc/espresso/.env envFrom: From b6cf521ec155c69db997b54d494186d3ba881c3b Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 16:39:10 +0200 Subject: [PATCH 25/72] fix: init-setenv script --- charts/espresso/templates/statefulset.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index e48f69563..35d0e2497 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -55,10 +55,10 @@ spec: key_state="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" key_staking="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" # Ensure environment variables are fetched and then exported with index suffix - ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=$(eval echo "\$$key_state") - ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=$(eval echo "\$$key_staking") - echo "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY}" >> /etc/espresso/.env - echo "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY=${ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY}" >> /etc/espresso/.env + env | grep $key_state >> /etc/espresso/.env + env | grep $key_staking >> /etc/espresso/.env + echo "Dot env file content:" + cat /etc/espresso/.env envFrom: - secretRef: name: eso-espresso-sequencer-secrets-{{ $type }} From b446efc68d136808bce3cec130d7e38f8975bbbf Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 20:08:24 +0200 Subject: [PATCH 26/72] fix: init-setenv script --- charts/espresso/templates/statefulset.yaml | 38 +++++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 35d0e2497..a191564fe 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -52,11 +52,39 @@ spec: - | index=$(hostname | grep -o -E "[0-9]+$") echo "Detected Pod Index: $index" - key_state="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" - key_staking="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" - # Ensure environment variables are fetched and then exported with index suffix - env | grep $key_state >> /etc/espresso/.env - env | grep $key_staking >> /etc/espresso/.env + + # Construct the variable names + state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" + staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" + + # Extract the values for the specific indexed keys from the environment + state_key_full=$(env | grep $state_key_var) + staking_key_full=$(env | grep $staking_key_var) + + # There is a weird secret key in the env we need to remove + prefix="espresso-sequencer-private-keys-{{ $type }}=" + + # Check if the string starts with the prefix and remove it + if [[ $state_key_full == $prefix* ]]; then + state_key="${state_key_full#$prefix}" + else + state_key="$state_key_full" + fi + + if [[ $staking_key_full == $prefix* ]]; then + staking_key="${staking_key_full#$prefix}" + else + staking_key="$staking_key_full" + fi + + # Construct the final key names + final_state_key="${state_key//$state_key_var/ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY}" + final_staking_key="${staking_key//$staking_key_var/ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY}" + + # Write the key values into the .env file + echo $final_state_key > /etc/espresso/.env + echo $final_staking_key >> /etc/espresso/.env + echo "Dot env file content:" cat /etc/espresso/.env envFrom: From 0eef786e7ab4093472a1b7315b37153a204abc91 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 20:23:52 +0200 Subject: [PATCH 27/72] chore: Update resource limits and requests --- charts/espresso/values.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 772d56af5..0d70f72e2 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -33,11 +33,7 @@ nodes: volumeMount: true resources: requests: - cpu: "200m" - memory: "16Gi" - limits: - cpu: "400m" - memory: "32Gi" + memory: "14Gi" externalSecrets: data: [] da: @@ -58,11 +54,7 @@ nodes: volumeMount: false resources: requests: - cpu: "200m" - memory: "16Gi" - limits: - cpu: "400m" - memory: "32Gi" + memory: "14Gi" externalSecrets: data: [] From ee3d9c4cd0f4c0db6f2c6d5bfd3c3c1275fa7d54 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 20:30:04 +0200 Subject: [PATCH 28/72] chore: Update resource request memory --- charts/espresso/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 0d70f72e2..d5ec7bacf 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -33,7 +33,7 @@ nodes: volumeMount: true resources: requests: - memory: "14Gi" + memory: "12000Mi" externalSecrets: data: [] da: @@ -54,7 +54,7 @@ nodes: volumeMount: false resources: requests: - memory: "14Gi" + memory: "12000Mi" externalSecrets: data: [] From e99f21099884f4671191b568bdaead83a38b4d9f Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 1 May 2024 21:22:14 +0200 Subject: [PATCH 29/72] feat: Upgrade init-setenv script --- charts/espresso/templates/statefulset.yaml | 69 +++++++++++++--------- 1 file changed, 40 insertions(+), 29 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index a191564fe..6f65125a3 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -50,43 +50,54 @@ spec: command: ["/bin/sh", "-c"] args: - | + function process_key() { + local key_var=$1 + local prefix=$2 + local final_var=$3 + + # Extract the value for the specified indexed key from the environment + # Using quotes to ensure complete variable names are matched properly + local key_full=$(env | grep -e $key_var) + + # Check if the string starts with the prefix and remove it + local key_value + if [[ $key_full == $prefix* ]]; then + key_value="${key_full#$prefix}" + else + key_value="$key_full" + fi + + # Construct the final key name + #local final_key="${key_value//${key_var}=${final_var}="} + local final_key="${key_value//$key_var/${final_var}}" + + echo "$final_key" + } + # Get the index from the hostname index=$(hostname | grep -o -E "[0-9]+$") echo "Detected Pod Index: $index" # Construct the variable names state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" + key_prefix="espresso-sequencer-private-keys-{{ $type }}=" + {{- if $specs.sqlStorage }} + postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" + postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" + postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" + postgres_prefix="espresso-sequencer-postgres-{{ $type }}=" + {{- end }} - # Extract the values for the specific indexed keys from the environment - state_key_full=$(env | grep $state_key_var) - staking_key_full=$(env | grep $staking_key_var) - - # There is a weird secret key in the env we need to remove - prefix="espresso-sequencer-private-keys-{{ $type }}=" - - # Check if the string starts with the prefix and remove it - if [[ $state_key_full == $prefix* ]]; then - state_key="${state_key_full#$prefix}" - else - state_key="$state_key_full" - fi - - if [[ $staking_key_full == $prefix* ]]; then - staking_key="${staking_key_full#$prefix}" - else - staking_key="$staking_key_full" - fi - - # Construct the final key names - final_state_key="${state_key//$state_key_var/ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY}" - final_staking_key="${staking_key//$staking_key_var/ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY}" - - # Write the key values into the .env file - echo $final_state_key > /etc/espresso/.env - echo $final_staking_key >> /etc/espresso/.env - + # Process each key and write to the .env file + echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env + echo "$(process_key $staking_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY")" >> /etc/espresso/.env + {{- if $specs.sqlStorage }} + echo "$(process_key $postgres_host_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_HOST")" >> /etc/espresso/.env + echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env + echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env + {{- end }} echo "Dot env file content:" - cat /etc/espresso/.env + cat /etc/espresso/.env envFrom: - secretRef: name: eso-espresso-sequencer-secrets-{{ $type }} From 7d26c9bce9fab8fef10b1fea723dbcde4517142d Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 11:20:19 +0200 Subject: [PATCH 30/72] chore: Run init-setenv init container last --- charts/espresso/templates/statefulset.yaml | 36 +++++++++++----------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 6f65125a3..8cec87b5d 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -44,6 +44,24 @@ spec: volumeMounts: - name: keys mountPath: /keys + {{- if $specs.sqlStorage }} + - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format + image: {{ include "espresso.build_image_name" (list $.Values.keystoreCLI.image.repository $.Values.keystoreCLI.image.tag) }} + imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} + args: ["db-keys"] + env: + - name: PROJECT_ID + value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} + - name: SECRET_ID + value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }} + - name: SEQUENCER_POSTGRES_HOST + value: {{ (required "DB host is required" $.Values.keystoreCLI.db.host) | quote }} + - name: SEQUENCER_POSTGRES_USER + value: {{ (required "DB user is required" $.Values.keystoreCLI.db.user) | quote }} + volumeMounts: + - name: keys + mountPath: /keys + {{- end }} - name: init-setenv # Sets keys environment variables for the sequencer image: {{ include "espresso.build_image_name" (list $.Values.initImage.repository $.Values.initImage.tag) }} imagePullPolicy: {{ $.Values.initImage.pullPolicy }} @@ -104,24 +122,6 @@ spec: volumeMounts: - name: init-env mountPath: /etc/espresso - {{- if $specs.sqlStorage }} - - name: keystore-cli-db-keys # Updates Secret Manager with DB credentials in the proper format - image: {{ include "espresso.build_image_name" (list $.Values.keystoreCLI.image.repository $.Values.keystoreCLI.image.tag) }} - imagePullPolicy: {{ $.Values.keystoreCLI.image.pullPolicy }} - args: ["db-keys"] - env: - - name: PROJECT_ID - value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - - name: SECRET_ID - value: {{ required "Secret ID is required" $.Values.keystoreCLI.db.secretId }} - - name: SEQUENCER_POSTGRES_HOST - value: {{ (required "DB host is required" $.Values.keystoreCLI.db.host) | quote }} - - name: SEQUENCER_POSTGRES_USER - value: {{ (required "DB user is required" $.Values.keystoreCLI.db.user) | quote }} - volumeMounts: - - name: keys - mountPath: /keys - {{- end }} {{- end }} containers: - name: "sequencer-{{ $type }}" From f9ca55dfd6de934e9449be48a2159eff539382a5 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 14:26:40 +0200 Subject: [PATCH 31/72] feat: Get sequencer env secrets from dynamic Secret --- charts/espresso/templates/configmap.yaml | 63 +++++++++++++++++++ charts/espresso/templates/statefulset.yaml | 73 +++------------------- charts/espresso/values.yaml | 4 +- 3 files changed, 75 insertions(+), 65 deletions(-) create mode 100644 charts/espresso/templates/configmap.yaml diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml new file mode 100644 index 000000000..defe77da6 --- /dev/null +++ b/charts/espresso/templates/configmap.yaml @@ -0,0 +1,63 @@ +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" $ }}-init-{{ $type }} + labels: + {{- include "common.labels.standard" $ | nindent 4 }} +data: + init.sh: | + #!/bin/sh + function process_key() { + local key_var=$1 + local prefix=$2 + local final_var=$3 + + # Extract the value for the specified indexed key from the environment + # Using quotes to ensure complete variable names are matched properly + local key_full=$(env | grep -e $key_var) + + # Check if the string starts with the prefix and remove it + local key_value + if [[ $key_full == $prefix* ]]; then + key_value="${key_full#$prefix}" + else + key_value="$key_full" + fi + + # Construct the final key name + #local final_key="${key_value//${key_var}=${final_var}="} + local final_key="${key_value//$key_var/${final_var}}" + + echo "$final_key" + } + # Get the index from the hostname + index=$(hostname | grep -o -E "[0-9]+$") + echo "Detected Pod Index: $index" + + # Construct the variable names + state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" + staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" + key_prefix="espresso-sequencer-private-keys-{{ $type }}=" +{{- if $specs.sqlStorage }} + postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" + postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" + postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" + postgres_prefix="espresso-sequencer-postgres-{{ $type }}=" +{{- end }} + + # Process each key and write to the .env file + echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env + echo "$(process_key $staking_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY")" >> /etc/espresso/.env +{{- if $specs.sqlStorage }} + echo "$(process_key $postgres_host_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_HOST")" >> /etc/espresso/.env + echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env + echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env +{{- end }} + echo "Dot env file content:" + cat /etc/espresso/.env + + # Create Secret with .env file + kubectl create secret generic sequencer-env-secrets-{{ $type }} --from-env-file=/etc/espresso/.env +{{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 8cec87b5d..e5aad74a2 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -65,63 +65,15 @@ spec: - name: init-setenv # Sets keys environment variables for the sequencer image: {{ include "espresso.build_image_name" (list $.Values.initImage.repository $.Values.initImage.tag) }} imagePullPolicy: {{ $.Values.initImage.pullPolicy }} - command: ["/bin/sh", "-c"] - args: - - | - function process_key() { - local key_var=$1 - local prefix=$2 - local final_var=$3 - - # Extract the value for the specified indexed key from the environment - # Using quotes to ensure complete variable names are matched properly - local key_full=$(env | grep -e $key_var) - - # Check if the string starts with the prefix and remove it - local key_value - if [[ $key_full == $prefix* ]]; then - key_value="${key_full#$prefix}" - else - key_value="$key_full" - fi - - # Construct the final key name - #local final_key="${key_value//${key_var}=${final_var}="} - local final_key="${key_value//$key_var/${final_var}}" - - echo "$final_key" - } - # Get the index from the hostname - index=$(hostname | grep -o -E "[0-9]+$") - echo "Detected Pod Index: $index" - - # Construct the variable names - state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" - staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" - key_prefix="espresso-sequencer-private-keys-{{ $type }}=" - {{- if $specs.sqlStorage }} - postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" - postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" - postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" - postgres_prefix="espresso-sequencer-postgres-{{ $type }}=" - {{- end }} - - # Process each key and write to the .env file - echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env - echo "$(process_key $staking_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY")" >> /etc/espresso/.env - {{- if $specs.sqlStorage }} - echo "$(process_key $postgres_host_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_HOST")" >> /etc/espresso/.env - echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env - echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env - {{- end }} - echo "Dot env file content:" - cat /etc/espresso/.env + command: ['/bin/sh', '/scripts/init.sh'] envFrom: - secretRef: name: eso-espresso-sequencer-secrets-{{ $type }} volumeMounts: - name: init-env mountPath: /etc/espresso + - name: scripts-init + mountPath: /scripts {{- end }} containers: - name: "sequencer-{{ $type }}" @@ -134,36 +86,28 @@ spec: value: {{ required (printf "%s is required" $key) $value | quote }} {{- end }} {{- if $.Values.externalSecrets.enabled }} - - name: ESPRESSO_SEQUENCER_KEY_FILE - value: /etc/espresso/.env envFrom: - secretRef: - name: eso-espresso-sequencer-secrets-{{ $type }} + name: sequencer-env-secrets-{{ $type }} {{- end }} ports: - name: api containerPort: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} - {{- if or $specs.volumeMount $.Values.externalSecrets.enabled }} + {{- if or $specs.volumeMount }} volumeMounts: - {{- if $specs.volumeMount }} - name: consensus-data mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} - {{- end }} - {{- if $.Values.externalSecrets.enabled }} - - name: init-env - mountPath: /etc/espresso - {{- end }} {{- end }} {{- with $specs.resources }} resources: {{ toYaml . | nindent 12 | trim }} {{- end }} - name: diagnostic-container - image: busybox + image: ubuntu:20.04 command: ["sleep", "infinity"] envFrom: - secretRef: - name: eso-espresso-sequencer-secrets-{{ $type }} + name: sequencer-env-secrets-{{ $type }} volumeMounts: - name: init-env mountPath: /etc/espresso @@ -172,6 +116,9 @@ spec: emptyDir: {} - name: init-env emptyDir: {} + - name: scripts-init + configMap: + name: {{ include "common.names.fullname" $ }}-init-{{ $type }} volumeClaimTemplates: {{- if $specs.volumeMount }} - metadata: diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index d5ec7bacf..e83b41b27 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -79,8 +79,8 @@ image: # -- Init image is used to manage which secrets the pod should use. initImage: - repository: "busybox" - tag: "1.36.1" + repository: "bitnami/kubectl" + tag: "1.28" pullPolicy: IfNotPresent # -- Keystore-CLI settings. Used to manage keys on Secret Store. From 719a8556603b0284f090224b3544c6bbe3cdab96 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 14:51:05 +0200 Subject: [PATCH 32/72] fix: Make init script more sh friendly --- charts/espresso/templates/configmap.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index defe77da6..2bedb7c78 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -9,7 +9,7 @@ metadata: data: init.sh: | #!/bin/sh - function process_key() { + process_key() { local key_var=$1 local prefix=$2 local final_var=$3 @@ -20,15 +20,14 @@ data: # Check if the string starts with the prefix and remove it local key_value - if [[ $key_full == $prefix* ]]; then + if [ "$(echo "$key_full" | grep "^$prefix")" ]; then key_value="${key_full#$prefix}" else key_value="$key_full" fi # Construct the final key name - #local final_key="${key_value//${key_var}=${final_var}="} - local final_key="${key_value//$key_var/${final_var}}" + local final_key="$(echo "$key_value" | sed "s/$key_var/$final_var/")" echo "$final_key" } From b2ad503fa3eaa9ebf2e0907f1e6b735cca486130 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 15:00:26 +0200 Subject: [PATCH 33/72] feat: Allow ServiceAccount to create new Secrets --- charts/espresso/templates/role.yaml | 10 ++++++++++ charts/espresso/templates/rolebinding.yaml | 15 +++++++++++++++ charts/espresso/values.yaml | 19 +++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 charts/espresso/templates/role.yaml create mode 100644 charts/espresso/templates/rolebinding.yaml diff --git a/charts/espresso/templates/role.yaml b/charts/espresso/templates/role.yaml new file mode 100644 index 000000000..4d13e9d57 --- /dev/null +++ b/charts/espresso/templates/role.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} +rules: +{{- toYaml .Values.rbac.rules | nindent 0 }} +{{- end }} diff --git a/charts/espresso/templates/rolebinding.yaml b/charts/espresso/templates/rolebinding.yaml new file mode 100644 index 000000000..bbf92cd45 --- /dev/null +++ b/charts/espresso/templates/rolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "common.names.serviceAccountName" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "common.names.serviceAccountName" . }} +{{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index e83b41b27..f758f2bf4 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -169,3 +169,22 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template # name: "" + +rbac: + # -- The name of the role to use. + # If not set and create is true, a name is generated using the fullname template + # + name: "" + create: true + # -- Required Role rules + rules: + # -- Required to create Sequencer env Secret. + # + - apiGroups: [""] + resources: + - "secrets" + verbs: + - "create" + - "get" + - "list" + - "watch" From 25353ae29ac36e9126dd14346b5fca27eeb9aad2 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 15:14:54 +0200 Subject: [PATCH 34/72] chore: Update diagnostic-container --- charts/espresso/templates/configmap.yaml | 7 +++---- charts/espresso/templates/statefulset.yaml | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 2bedb7c78..a59f2d866 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -8,8 +8,7 @@ metadata: {{- include "common.labels.standard" $ | nindent 4 }} data: init.sh: | - #!/bin/sh - process_key() { + function process_key() { local key_var=$1 local prefix=$2 local final_var=$3 @@ -20,14 +19,14 @@ data: # Check if the string starts with the prefix and remove it local key_value - if [ "$(echo "$key_full" | grep "^$prefix")" ]; then + if [[ $key_full == $prefix* ]]; then key_value="${key_full#$prefix}" else key_value="$key_full" fi # Construct the final key name - local final_key="$(echo "$key_value" | sed "s/$key_var/$final_var/")" + local final_key="${key_value//$key_var/${final_var}}" echo "$final_key" } diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index e5aad74a2..56cc75a82 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -65,7 +65,7 @@ spec: - name: init-setenv # Sets keys environment variables for the sequencer image: {{ include "espresso.build_image_name" (list $.Values.initImage.repository $.Values.initImage.tag) }} imagePullPolicy: {{ $.Values.initImage.pullPolicy }} - command: ['/bin/sh', '/scripts/init.sh'] + command: ['/bin/bash', '/scripts/init.sh'] envFrom: - secretRef: name: eso-espresso-sequencer-secrets-{{ $type }} @@ -103,11 +103,11 @@ spec: {{ toYaml . | nindent 12 | trim }} {{- end }} - name: diagnostic-container - image: ubuntu:20.04 + image: bitnami/kubectl:latest command: ["sleep", "infinity"] envFrom: - secretRef: - name: sequencer-env-secrets-{{ $type }} + name: eso-espresso-sequencer-secrets-{{ $type }} volumeMounts: - name: init-env mountPath: /etc/espresso From f2cf1c35dce2a006663a69c8eed3789be80ba02f Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 15:19:01 +0200 Subject: [PATCH 35/72] fix: Init-script delete secret before creating it to override it --- charts/espresso/templates/configmap.yaml | 1 + charts/espresso/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index a59f2d866..60328b239 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -57,5 +57,6 @@ data: cat /etc/espresso/.env # Create Secret with .env file + kubectl delete secret sequencer-env-secrets-{{ $type }} --ignore-not-found kubectl create secret generic sequencer-env-secrets-{{ $type }} --from-env-file=/etc/espresso/.env {{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index f758f2bf4..1003e1b85 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -188,3 +188,4 @@ rbac: - "get" - "list" - "watch" + - "delete" From 9c3aa8a087e2e4272bec872e1560908c0964a67d Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 16:16:18 +0200 Subject: [PATCH 36/72] chore: Remove diagnostic-container --- charts/espresso/templates/configmap.yaml | 4 ++-- charts/espresso/templates/statefulset.yaml | 9 --------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 60328b239..6cf08ef41 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -53,8 +53,8 @@ data: echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env {{- end }} - echo "Dot env file content:" - cat /etc/espresso/.env + # echo "Dot env file content:" + # cat /etc/espresso/.env # Create Secret with .env file kubectl delete secret sequencer-env-secrets-{{ $type }} --ignore-not-found diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 56cc75a82..393ad3ded 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -102,15 +102,6 @@ spec: resources: {{ toYaml . | nindent 12 | trim }} {{- end }} - - name: diagnostic-container - image: bitnami/kubectl:latest - command: ["sleep", "infinity"] - envFrom: - - secretRef: - name: eso-espresso-sequencer-secrets-{{ $type }} - volumeMounts: - - name: init-env - mountPath: /etc/espresso volumes: - name: keys emptyDir: {} From eb375957b524c18e76fb7710df0676ffd4e5b4bc Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 16:32:48 +0200 Subject: [PATCH 37/72] doc: Update chart documentation --- charts/espresso/Plan.md | 15 ------ charts/espresso/README.md | 99 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 15 deletions(-) delete mode 100644 charts/espresso/Plan.md create mode 100644 charts/espresso/README.md diff --git a/charts/espresso/Plan.md b/charts/espresso/Plan.md deleted file mode 100644 index 127f7dfd3..000000000 --- a/charts/espresso/Plan.md +++ /dev/null @@ -1,15 +0,0 @@ -# Plan - -- [ ] Service Monitor for Prometheus -- [X] Secret store -- [X] Deployment for Sequencer Node and DA Node -- [X] Service for Sequencer Node and DA Node -- [X] Ingress for Sequencer Node and DA Node. This is GCP, so we will use GCP Ingress -- [ ] Prometheus rules??? -- [X] Automate keys creation and deployment to Secrets Manager -- [ ] Create CloudSQL instances - -## Notes - -- Unlike previous testnets, all sequencer nodes (DA or non-DA) will need to allow public inbound traffic. This is to facilitate the gossip network between nodes. Our gossip network uses the standard libp2p implementation that many other projects use. The configuration supports setting both a "bind" address and "advertise" address, so it is possible to put this behind a load balancer. -- DA nodes will also need to allow public inbound traffic, but this can also be put behind a load balancer \ No newline at end of file diff --git a/charts/espresso/README.md b/charts/espresso/README.md new file mode 100644 index 000000000..51dbf1292 --- /dev/null +++ b/charts/espresso/README.md @@ -0,0 +1,99 @@ +# espresso + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| matilote | | | +| AntiD2ta | | | + +## Requirements + +Kubernetes: `^1.23.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 1.0.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| externalSecrets.enabled | bool | `false` | | +| externalSecrets.secretStoreRef.kind | string | `"SecretStore"` | | +| externalSecrets.secretStoreRef.name | string | `"secretStoreRef"` | | +| fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources | +| global.namespaceOverride | string | `""` | | +| global.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"size":"150Gi","storageClassName":""}` | Whether or not to allocate persistent volume disk for the data directory. In case of node failure, the node data directory will still persist. | +| global.serviceAccount | object | `{"annotations":{},"create":false}` | Service account ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/espressosystems/espresso-sequencer/sequencer"` | | +| image.tag | string | `"main"` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts | list | `[]` | Hostnames. Can be provided if Ingress is enabled. | +| ingress.ingressClassName | string | `""` | | +| ingress.labels | object | `{}` | | +| ingress.paths | list | `[]` | Paths to use for ingress rules By default, the Service created by this chart is used as the target Service for the Ingress. If not defined the following default object will be used: - path: "/" port: 8000 pathType: "ImplementationSpecific" serviceName: "" | +| ingress.routePrefix | string | `"/"` | Route Prefix. Can skip it if any item of path has the path defined. | +| ingress.tls | list | `[]` | TLS configuration for Ingress Secret must be manually created in the namespace | +| initImage | object | `{"pullPolicy":"IfNotPresent","repository":"bitnami/kubectl","tag":"1.28"}` | Init image is used to manage which secrets the pod should use. | +| keystoreCLI | object | `{"db":{"host":"","secretId":"","user":""},"image":{"pullPolicy":"IfNotPresent","repository":"nethermindeth/espresso-keystore-cli","tag":"v0.1.1"},"projectId":"","pv":{"secretId":""}}` | Keystore-CLI settings. Used to manage keys on Secret Store. | +| nodes.da.command[0] | string | `"sequencer"` | | +| nodes.da.command[10] | string | `"query"` | | +| nodes.da.command[1] | string | `"--"` | | +| nodes.da.command[2] | string | `"storage-sql"` | | +| nodes.da.command[3] | string | `"--"` | | +| nodes.da.command[4] | string | `"http"` | | +| nodes.da.command[5] | string | `"--"` | | +| nodes.da.command[6] | string | `"catchup"` | | +| nodes.da.command[7] | string | `"--"` | | +| nodes.da.command[8] | string | `"status"` | | +| nodes.da.command[9] | string | `"--"` | | +| nodes.da.externalSecrets.data | list | `[]` | | +| nodes.da.replicaCount | int | `0` | | +| nodes.da.resources.requests.memory | string | `"12000Mi"` | | +| nodes.da.sqlStorage | bool | `true` | | +| nodes.da.volumeMount | bool | `false` | | +| nodes.normal.command[0] | string | `"sequencer"` | | +| nodes.normal.command[1] | string | `"--"` | | +| nodes.normal.command[2] | string | `"http"` | | +| nodes.normal.command[3] | string | `"--"` | | +| nodes.normal.command[4] | string | `"catchup"` | | +| nodes.normal.command[5] | string | `"--"` | | +| nodes.normal.command[6] | string | `"status"` | | +| nodes.normal.externalSecrets.data | list | `[]` | | +| nodes.normal.replicaCount | int | `1` | | +| nodes.normal.resources.requests.memory | string | `"12000Mi"` | | +| nodes.normal.sqlStorage | bool | `false` | | +| nodes.normal.volumeMount | bool | `true` | | +| nodes_config.ESPRESSO_SEQUENCER_API_PORT | int | `80` | | +| nodes_config.ESPRESSO_SEQUENCER_BASE_FEE | int | `0` | | +| nodes_config.ESPRESSO_SEQUENCER_CDN_ENDPOINT | string | `"cdn.cappuccino.testnet.espresso.network:1737"` | | +| nodes_config.ESPRESSO_SEQUENCER_CHAIN_ID | int | `0` | | +| nodes_config.ESPRESSO_SEQUENCER_L1_PROVIDER | string | `""` | | +| nodes_config.ESPRESSO_SEQUENCER_MAX_BLOCK_SIZE | string | `"30000000"` | | +| nodes_config.ESPRESSO_SEQUENCER_ORCHESTRATOR_URL | string | `"https://orchestrator.cappuccino.testnet.espresso.network"` | | +| nodes_config.ESPRESSO_SEQUENCER_STATE_PEERS | string | `"https://query.cappuccino.testnet.espresso.network"` | | +| nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH | string | `"/mount/sequencer/store/"` | | +| nodes_config.ESPRESSO_STATE_RELAY_SERVER_URL | string | `"https://state-relay.cappuccino.testnet.espresso.network"` | | +| nodes_config.RUST_LOG | string | `"warn,libp2p=off"` | | +| nodes_config.RUST_LOG_FORMAT | string | `"json"` | | +| rbac.create | bool | `true` | | +| rbac.name | string | `""` | The name of the role to use. If not set and create is true, a name is generated using the fullname template | +| rbac.rules | list | `[{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}]` | Required Role rules | +| rbac.rules[0] | object | `{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}` | Required to create Sequencer env Secret. | +| service.svcAnnotations | object | `{}` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount | object | `{"annotations":{},"name":""}` | Service account ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) From 7f16206f45d4c39143b5820b53bd3334b61bcab3 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 16:34:18 +0200 Subject: [PATCH 38/72] style: Remove trailing spaces --- charts/espresso/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 1003e1b85..791c65315 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -5,7 +5,7 @@ global: serviceAccount: create: false annotations: {} - + namespaceOverride: "" # -- Whether or not to allocate persistent volume disk for the data directory. @@ -21,7 +21,7 @@ global: nodes: normal: replicaCount: 1 - command: + command: - "sequencer" - "--" - "http" @@ -38,7 +38,7 @@ nodes: data: [] da: replicaCount: 0 - command: + command: - "sequencer" - "--" - "storage-sql" From 81f03dc16328ebb59fdf9c28d66d4c3a7b44db44 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 16:37:26 +0200 Subject: [PATCH 39/72] doc: Update chart README --- charts/espresso/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/README.md b/charts/espresso/README.md index 51dbf1292..692310b77 100644 --- a/charts/espresso/README.md +++ b/charts/espresso/README.md @@ -96,4 +96,4 @@ Kubernetes: `^1.23.0-0` | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) From 4bb0e1ba2d4ba8fcef6580fa85c40d5520c2facc Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Thu, 2 May 2024 16:54:08 +0200 Subject: [PATCH 40/72] ci: Fix helm-docs image tag --- .github/workflows/{check-dock.yaml => check-doc.yaml} | 2 +- charts/espresso/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{check-dock.yaml => check-doc.yaml} (94%) diff --git a/.github/workflows/check-dock.yaml b/.github/workflows/check-doc.yaml similarity index 94% rename from .github/workflows/check-dock.yaml rename to .github/workflows/check-doc.yaml index a35dc1762..7fad211ac 100644 --- a/.github/workflows/check-dock.yaml +++ b/.github/workflows/check-doc.yaml @@ -15,7 +15,7 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Run helm-docs - run: docker run --rm --volume "$(pwd):/helm-docs" -u "$(id -u)" jnorwood/helm-docs:latest + run: docker run --rm --volume "$(pwd):/helm-docs" -u "$(id -u)" jnorwood/helm-docs:v1.12.0 - name: Check for unstaged changes run: | diff --git a/charts/espresso/README.md b/charts/espresso/README.md index 692310b77..51dbf1292 100644 --- a/charts/espresso/README.md +++ b/charts/espresso/README.md @@ -96,4 +96,4 @@ Kubernetes: `^1.23.0-0` | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) From a736cb36f040643b5a8fd25bd79794748b0a65bd Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 3 May 2024 14:37:18 +0200 Subject: [PATCH 41/72] style: Fix indentation and clean code --- charts/espresso/README.md | 4 +- charts/espresso/templates/configmap.yaml | 9 ++-- charts/espresso/templates/ingress.yaml | 42 ++++++++++--------- charts/espresso/templates/role.yaml | 2 +- charts/espresso/templates/secret.yaml | 8 ++-- charts/espresso/templates/service.yaml | 10 ++--- charts/espresso/templates/serviceaccount.yaml | 4 +- charts/espresso/values.yaml | 15 +++---- 8 files changed, 49 insertions(+), 45 deletions(-) diff --git a/charts/espresso/README.md b/charts/espresso/README.md index 51dbf1292..cbca2a437 100644 --- a/charts/espresso/README.md +++ b/charts/espresso/README.md @@ -36,9 +36,9 @@ Kubernetes: `^1.23.0-0` | image.repository | string | `"ghcr.io/espressosystems/espresso-sequencer/sequencer"` | | | image.tag | string | `"main"` | | | ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | | ingress.enabled | bool | `false` | | | ingress.hosts | list | `[]` | Hostnames. Can be provided if Ingress is enabled. | -| ingress.ingressClassName | string | `""` | | | ingress.labels | object | `{}` | | | ingress.paths | list | `[]` | Paths to use for ingress rules By default, the Service created by this chart is used as the target Service for the Ingress. If not defined the following default object will be used: - path: "/" port: 8000 pathType: "ImplementationSpecific" serviceName: "" | | ingress.routePrefix | string | `"/"` | Route Prefix. Can skip it if any item of path has the path defined. | @@ -89,7 +89,7 @@ Kubernetes: `^1.23.0-0` | rbac.name | string | `""` | The name of the role to use. If not set and create is true, a name is generated using the fullname template | | rbac.rules | list | `[{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}]` | Required Role rules | | rbac.rules[0] | object | `{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}` | Required to create Sequencer env Secret. | -| service.svcAnnotations | object | `{}` | | +| service.annotations | object | `{}` | | | service.type | string | `"ClusterIP"` | | | serviceAccount | object | `{"annotations":{},"name":""}` | Service account ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 6cf08ef41..0c1fbf404 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -14,7 +14,6 @@ data: local final_var=$3 # Extract the value for the specified indexed key from the environment - # Using quotes to ensure complete variable names are matched properly local key_full=$(env | grep -e $key_var) # Check if the string starts with the prefix and remove it @@ -38,21 +37,21 @@ data: state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" key_prefix="espresso-sequencer-private-keys-{{ $type }}=" -{{- if $specs.sqlStorage }} + {{- if $specs.sqlStorage }} postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" postgres_prefix="espresso-sequencer-postgres-{{ $type }}=" -{{- end }} + {{- end }} # Process each key and write to the .env file echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env echo "$(process_key $staking_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY")" >> /etc/espresso/.env -{{- if $specs.sqlStorage }} + {{- if $specs.sqlStorage }} echo "$(process_key $postgres_host_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_HOST")" >> /etc/espresso/.env echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env -{{- end }} + {{- end }} # echo "Dot env file content:" # cat /etc/espresso/.env diff --git a/charts/espresso/templates/ingress.yaml b/charts/espresso/templates/ingress.yaml index 18cfa4e30..4263a438a 100644 --- a/charts/espresso/templates/ingress.yaml +++ b/charts/espresso/templates/ingress.yaml @@ -1,36 +1,40 @@ ---- {{- if .Values.ingress.enabled -}} +--- {{- $baseServiceName := include "common.names.fullname" . -}} {{- $routePrefix := .Values.ingress.routePrefix | default "/" -}} {{- $defaultPath := list (dict "path" $routePrefix "port" 8000 "pathType" "ImplementationSpecific") -}} {{- $paths := .Values.ingress.paths | default $defaultPath -}} -apiVersion: networking.k8s.io/v1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: -{{- if .Values.ingress.annotations }} + {{- with .Values.ingress.annotations }} annotations: -{{ toYaml .Values.ingress.annotations | indent 4 }} -{{- end }} + {{ toYaml . }} + {{- end }} name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.ingress.labels }} - {{ toYaml .Values.ingress.labels | indent 4 }} + {{- with .Values.ingress.labels }} + {{ toYaml . | indent 4 }} {{- end }} - {{- if $.Values.global.namespaceOverride }} - namespace: {{ $.Values.global.namespaceOverride }} + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} {{- end }} spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- with .Values.ingress.className }} + ingressClassName: {{ . }} {{- end }} rules: {{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} - host: {{ tpl $host $ }} http: paths: - {{- range $p := $paths }} + {{- range $p := $paths }} - path: {{ $p.path }} pathType: {{ $p.pathType }} backend: @@ -38,12 +42,12 @@ spec: name: {{ $p.serviceName | default $baseServiceName }} port: number: {{ $p.port }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} {{- else }} - http: paths: - {{- range $p := $paths }} + {{- range $p := $paths }} - path: {{ $p.path }} pathType: {{ $p.pathType }} backend: @@ -51,10 +55,10 @@ spec: name: {{ $p.serviceName | default $baseServiceName }} port: number: {{ $p.port }} + {{- end }} {{- end }} - {{- end }} - {{- if .Values.ingress.tls }} + {{- with .Values.ingress.tls }} tls: -{{ tpl (toYaml .Values.ingress.tls | indent 4) . }} + {{ tpl (toYaml . | indent 4) . }} {{- end }} {{- end }} diff --git a/charts/espresso/templates/role.yaml b/charts/espresso/templates/role.yaml index 4d13e9d57..8b8575ba9 100644 --- a/charts/espresso/templates/role.yaml +++ b/charts/espresso/templates/role.yaml @@ -6,5 +6,5 @@ metadata: labels: {{- include "common.labels.standard" . | nindent 4 }} rules: -{{- toYaml .Values.rbac.rules | nindent 0 }} + {{- toYaml .Values.rbac.rules | nindent 0 }} {{- end }} diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index a212da21b..5cd43376b 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -5,8 +5,8 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: "eso-espresso-sequencer-secrets-{{ $type }}" - {{- if $.Values.global.namespaceOverride }} - namespace: {{ $.Values.global.namespaceOverride }} + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} {{- end }} spec: refreshInterval: "1h" @@ -16,9 +16,9 @@ spec: target: name: "eso-espresso-sequencer-secrets-{{ $type }}" creationPolicy: Owner - {{- if $specs.externalSecrets.data }} + {{- with $specs.externalSecrets.data }} data: - {{- $specs.externalSecrets.data | toYaml | trim | nindent 2 }} + {{- . | toYaml | trim | nindent 2 }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/espresso/templates/service.yaml b/charts/espresso/templates/service.yaml index 5760d1df3..0000a6ffb 100644 --- a/charts/espresso/templates/service.yaml +++ b/charts/espresso/templates/service.yaml @@ -8,12 +8,12 @@ metadata: {{- include "common.labels.standard" $ | nindent 4 }} pod: "{{ include "common.names.fullname" $ }}" type: api -{{- if $.Values.service.svcAnnotations }} + {{- with $.Values.service.annotations }} annotations: - {{ toYaml $.Values.service.svcAnnotations | nindent 4 | trim }} -{{- end }} - {{- if $.Values.global.namespaceOverride }} - namespace: {{ $.Values.global.namespaceOverride }} + {{ toYaml . | nindent 4 | trim }} + {{- end }} + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} {{- end }} spec: type: {{ $.Values.service.type }} # ClusterIP, NodePort, LoadBalancer, or ExternalName diff --git a/charts/espresso/templates/serviceaccount.yaml b/charts/espresso/templates/serviceaccount.yaml index adfa70126..6896a029a 100644 --- a/charts/espresso/templates/serviceaccount.yaml +++ b/charts/espresso/templates/serviceaccount.yaml @@ -10,7 +10,7 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} - {{- if $.Values.global.namespaceOverride }} - namespace: {{ $.Values.global.namespaceOverride }} + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} {{- end }} {{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 791c65315..85f49f361 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -100,17 +100,18 @@ keystoreCLI: service: type: ClusterIP # Port will target ESPRESSO_SEQUENCER_API_PORT - svcAnnotations: {} + annotations: {} ingress: enabled: false - ingressClassName: "" + className: "" # -- Route Prefix. Can skip it if any item of path has the path defined. routePrefix: / annotations: {} - + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" labels: {} # -- Hostnames. @@ -118,7 +119,7 @@ ingress: # hosts: [] # hosts: - # - prometheus.domain.com + # - espresso.example.com # -- Paths to use for ingress rules # By default, the Service created by this chart is used as the target @@ -146,9 +147,9 @@ ingress: # Secret must be manually created in the namespace # tls: [] - # - secretName: execution-beacon-general-tls - # hosts: - # - nethermind.example.com + # - secretName: chart-example-tls + # hosts: + # - chart-example.local externalSecrets: enabled: false From 4d2de79b9c45d00a2707f676c189fb87e07aa798 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 3 May 2024 14:38:29 +0200 Subject: [PATCH 42/72] style: Clean statefulset.yaml code --- charts/espresso/templates/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 393ad3ded..e9e6c3d89 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -4,8 +4,8 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: "{{ include "common.names.fullname" $ }}-{{ $type }}" - {{- if $.Values.global.namespaceOverride }} - namespace: {{ $.Values.global.namespaceOverride }} + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} {{- end }} spec: serviceName: "{{ include "common.names.fullname" $ }}-{{ $type }}" From ed59b1bbd55b565f791c05085aef2e1d7b8b329d Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Mon, 6 May 2024 13:23:05 +0200 Subject: [PATCH 43/72] refac: Clean ingress.yaml code --- charts/espresso/templates/ingress.yaml | 32 +++++----------- charts/espresso/values.yaml | 51 ++++++++++++++------------ 2 files changed, 37 insertions(+), 46 deletions(-) diff --git a/charts/espresso/templates/ingress.yaml b/charts/espresso/templates/ingress.yaml index 4263a438a..d070acaaf 100644 --- a/charts/espresso/templates/ingress.yaml +++ b/charts/espresso/templates/ingress.yaml @@ -13,7 +13,7 @@ kind: Ingress metadata: {{- with .Values.ingress.annotations }} annotations: - {{ toYaml . }} +{{ toYaml . | indent 4}} {{- end }} name: {{ include "common.names.fullname" . }} labels: @@ -29,33 +29,21 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ tpl $host $ }} - http: - paths: - {{- range $p := $paths }} - - path: {{ $p.path }} - pathType: {{ $p.pathType }} - backend: - service: - name: {{ $p.serviceName | default $baseServiceName }} - port: - number: {{ $p.port }} - {{- end }} - {{- end }} - {{- else }} + {{- range .Values.ingress.hosts }} - http: paths: - {{- range $p := $paths }} - - path: {{ $p.path }} - pathType: {{ $p.pathType }} + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} backend: service: - name: {{ $p.serviceName | default $baseServiceName }} + name: {{ .serviceName | default $baseServiceName }} port: - number: {{ $p.port }} + number: {{ .port }} {{- end }} + {{- with .host }} + host: {{ . | quote }} + {{- end }} {{- end }} {{- with .Values.ingress.tls }} tls: diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 85f49f361..ea78484dd 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -116,32 +116,35 @@ ingress: # -- Hostnames. # Can be provided if Ingress is enabled. - # hosts: [] # hosts: - # - espresso.example.com - - # -- Paths to use for ingress rules - # By default, the Service created by this chart is used as the target - # Service for the Ingress. - # If not defined the following default object will be used: - # - path: "/" - # port: 8000 - # pathType: "ImplementationSpecific" - # serviceName: "" - # - paths: [] - # paths: - # - path: "/metrics" - # port: 9000 - # pathType: "Prefix" - # - path: "/api" - # port: 8080 - # pathType: "Exact" - # - path: "/health" - # port: 8085 - # pathType: "Prefix" - # serviceName: "alternativeServiceName" + # - host: espresso.example.com + # -- Paths to use for ingress rules + # paths: + # - path: "/metrics" + # port: 9000 + # pathType: "Prefix" + # - path: "/api" + # port: 8080 + # pathType: "Exact" + # - path: "/health" + # port: 8085 + # pathType: "Prefix" + # serviceName: "alternativeServiceName" + # - paths: + # - path: "/metrics" + # port: 9000 + # pathType: "Prefix" + # By default, the Service created by this chart is used as the target + # Service for the Ingress. + # If not defined the following default object will be used: + # hosts: + # paths: + # - path: "/" + # port: 8000 + # pathType: "ImplementationSpecific" + # serviceName: "" + # -- TLS configuration for Ingress # Secret must be manually created in the namespace From 07a0f96b36806e5ff0e838c349b424849871d19a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Tue, 14 May 2024 16:14:34 +0300 Subject: [PATCH 44/72] attempt to fix secrets --- charts/espresso/templates/configmap.yaml | 25 ++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 0c1fbf404..f62de7760 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -33,15 +33,36 @@ data: index=$(hostname | grep -o -E "[0-9]+$") echo "Detected Pod Index: $index" + nodes: + normal: + replicaCount: 3 + volumeMount: true + externalSecrets: + data: + - secretKey: espresso-sequencer-private-keys-normal-eu + remoteRef: + key: "espresso-sequencer-private-keys-normal" + da: + replicaCount: 0 + sqlStorage: false + externalSecrets: + data: + - secretKey: espresso-sequencer-private-keys-da-eu + remoteRef: + key: "espresso-sequencer-private-keys-da" + - secretKey: espresso-sequencer-postgres-da-eu + remoteRef: + key: "espresso-da-db-nethermind-prod-sequencers" + # Construct the variable names state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" - key_prefix="espresso-sequencer-private-keys-{{ $type }}=" + key_prefix="{{ index $specs.externalSecrets.data $index | first | quote }}=" {{- if $specs.sqlStorage }} postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" - postgres_prefix="espresso-sequencer-postgres-{{ $type }}=" + postgres_prefix="espresso-sequencer-postgres-{{ index $specs.externalSecrets.data $index | first | quote }}=" {{- end }} # Process each key and write to the .env file From 31fc9f31ed4f969a5d7c16052d08a93fe71f120f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Tue, 14 May 2024 16:21:18 +0300 Subject: [PATCH 45/72] remove redundant code --- charts/espresso/templates/configmap.yaml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index f62de7760..0064b0aba 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -33,27 +33,6 @@ data: index=$(hostname | grep -o -E "[0-9]+$") echo "Detected Pod Index: $index" - nodes: - normal: - replicaCount: 3 - volumeMount: true - externalSecrets: - data: - - secretKey: espresso-sequencer-private-keys-normal-eu - remoteRef: - key: "espresso-sequencer-private-keys-normal" - da: - replicaCount: 0 - sqlStorage: false - externalSecrets: - data: - - secretKey: espresso-sequencer-private-keys-da-eu - remoteRef: - key: "espresso-sequencer-private-keys-da" - - secretKey: espresso-sequencer-postgres-da-eu - remoteRef: - key: "espresso-da-db-nethermind-prod-sequencers" - # Construct the variable names state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" From 6bb0109f1f6fc830bac1fff6cb19fc733a7e9098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Tue, 14 May 2024 16:29:45 +0300 Subject: [PATCH 46/72] ugly suffix way --- charts/espresso/templates/configmap.yaml | 6 +++--- charts/espresso/values.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 0064b0aba..cba852eb9 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -36,13 +36,13 @@ data: # Construct the variable names state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" - key_prefix="{{ index $specs.externalSecrets.data $index | first | quote }}=" + key_prefix="espresso-sequencer-private-keys-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" {{- if $specs.sqlStorage }} postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" - postgres_prefix="espresso-sequencer-postgres-{{ index $specs.externalSecrets.data $index | first | quote }}=" - {{- end }} + postgres_prefix="espresso-sequencer-postgres-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" +{{- end }} # Process each key and write to the .env file echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index ea78484dd..944b37627 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -6,6 +6,8 @@ global: create: false annotations: {} + suffix: "" + namespaceOverride: "" # -- Whether or not to allocate persistent volume disk for the data directory. From 946794acbd0e39763a50f1cf2160a74619efa4d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= <33068017+matilote@users.noreply.github.com> Date: Tue, 14 May 2024 23:54:08 +1000 Subject: [PATCH 47/72] Update statefulset.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mateusz Jędrzejewski <33068017+matilote@users.noreply.github.com> --- charts/espresso/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index e9e6c3d89..523b8406e 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -40,7 +40,7 @@ spec: - name: PROJECT_ID value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - name: SECRET_ID - value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }}-{{ $type }} + value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }}-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }} volumeMounts: - name: keys mountPath: /keys From 15637f4c0c279bac15465380d60d65f87b981d51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 17 May 2024 17:48:22 +0300 Subject: [PATCH 48/72] add service monitor for espresso --- charts/espresso/templates/servicemonitor.yaml | 40 +++++++++++++++++++ charts/espresso/values.yaml | 28 +++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 charts/espresso/templates/servicemonitor.yaml diff --git a/charts/espresso/templates/servicemonitor.yaml b/charts/espresso/templates/servicemonitor.yaml new file mode 100644 index 000000000..6f51a85e3 --- /dev/null +++ b/charts/espresso/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- range $type, $specs := .Values.nodes }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }}-{{ $type }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.serviceMonitor.additionalLabels }} + {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: api + path: /v0/status/metrics + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.serviceMonitor.relabelings | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} \ No newline at end of file diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 944b37627..63e3c6dd3 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -104,6 +104,34 @@ service: # Port will target ESPRESSO_SEQUENCER_API_PORT annotations: {} +serviceMonitor: + # -- The namespace in which the ServiceMonitor will be created + namespace: "" + # -- The interval at which metrics should be scraped + interval: 30s + # -- The timeout after which the scrape is ended + scrapeTimeout: "" + # -- Metrics RelabelConfigs to apply to samples before scraping. + relabellings: [] + # -- Metrics RelabelConfigs to apply to samples before ingestion. + metricRelabelings: [] + # -- Specify honorLabels parameter to add the scrape endpoint + honorLabels: false + # -- Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus + additionalLabels: {} +# -- Custom PrometheusRule to be defined +# ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions +# +prometheusRule: + # -- Create a default set of Alerts + default: true + # -- The namespace in which the prometheusRule will be created + namespace: "" + # -- Additional labels for the prometheusRule + additionalLabels: {} + # -- Custom Prometheus rules + rules: [] + ingress: enabled: false className: "" From f6357948773135b783ae294c6ef887d8f8477132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 17 May 2024 17:50:15 +0300 Subject: [PATCH 49/72] add ending to service monitor --- charts/espresso/templates/servicemonitor.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/espresso/templates/servicemonitor.yaml b/charts/espresso/templates/servicemonitor.yaml index 6f51a85e3..539c620ec 100644 --- a/charts/espresso/templates/servicemonitor.yaml +++ b/charts/espresso/templates/servicemonitor.yaml @@ -37,4 +37,5 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} \ No newline at end of file + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file From 0b713efc6f43aa7a0a9bf7425f37562c2cb71596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20J=C4=99drzejewski?= Date: Fri, 17 May 2024 17:54:18 +0300 Subject: [PATCH 50/72] fix references --- charts/espresso/templates/servicemonitor.yaml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/espresso/templates/servicemonitor.yaml b/charts/espresso/templates/servicemonitor.yaml index 539c620ec..b0bfb8464 100644 --- a/charts/espresso/templates/servicemonitor.yaml +++ b/charts/espresso/templates/servicemonitor.yaml @@ -2,40 +2,40 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "common.names.fullname" . }}-{{ $type }} - {{- if .Values.serviceMonitor.namespace }} - namespace: {{ .Values.serviceMonitor.namespace }} + name: "{{ include "common.names.fullname" $ }}-{{ $type }}" + {{- if $.Values.serviceMonitor.namespace }} + namespace: {{ $.Values.serviceMonitor.namespace }} {{- else }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ $.Release.Namespace | quote }} {{- end }} labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.serviceMonitor.additionalLabels }} - {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} + {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.serviceMonitor.additionalLabels }} + {{- toYaml $.Values.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} spec: endpoints: - port: api path: /v0/status/metrics - {{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} + {{- if $.Values.serviceMonitor.interval }} + interval: {{ $.Values.serviceMonitor.interval }} {{- end }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- if $.Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.serviceMonitor.scrapeTimeout }} {{- end }} - {{- if .Values.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.serviceMonitor.honorLabels }} + {{- if $.Values.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.serviceMonitor.honorLabels }} {{- end }} - {{- if .Values.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.serviceMonitor.relabelings | nindent 6 }} + {{- if $.Values.serviceMonitor.relabelings }} + relabelings: {{- toYaml $.Values.serviceMonitor.relabelings | nindent 6 }} {{- end }} - {{- if .Values.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 6 }} + {{- if $.Values.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml $.Values.serviceMonitor.metricRelabelings | nindent 6 }} {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ $.Release.Namespace }} selector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- include "common.labels.matchLabels" $ | nindent 6 }} {{- end }} \ No newline at end of file From faeec868f950b54a6b1388c191b5073f4354cb3e Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 01:18:02 +0200 Subject: [PATCH 51/72] feat: Add role for servicemonitors and services by default --- charts/espresso/values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 63e3c6dd3..bca66d745 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -223,3 +223,13 @@ rbac: - "list" - "watch" - "delete" + # -- Required to create ServiceMonitor CRD + # + - apiGroups: ["monitoring.coreos.com"] + resources: + - "services" + - "servicemonitors" + verbs: + - "get" + - "list" + - "watch" From 2251f565c41b88da0bd9fb4cb485b838ad43be74 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 01:38:27 +0200 Subject: [PATCH 52/72] fix: Replace servicemonitors role for endpoints --- charts/espresso/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index bca66d745..1fce7e3f3 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -228,7 +228,7 @@ rbac: - apiGroups: ["monitoring.coreos.com"] resources: - "services" - - "servicemonitors" + - "endpoints" verbs: - "get" - "list" From 494b5332f99bd7df7c726ea13ce6d727ce4695ab Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 02:01:20 +0200 Subject: [PATCH 53/72] feat: Add ClusterRole --- charts/espresso/templates/clusterrole.yaml | 10 ++++++++ .../templates/clusterrolebinding.yaml | 16 +++++++++++++ charts/espresso/values.yaml | 23 +++++++++++-------- 3 files changed, 39 insertions(+), 10 deletions(-) create mode 100644 charts/espresso/templates/clusterrole.yaml create mode 100644 charts/espresso/templates/clusterrolebinding.yaml diff --git a/charts/espresso/templates/clusterrole.yaml b/charts/espresso/templates/clusterrole.yaml new file mode 100644 index 000000000..069733ab0 --- /dev/null +++ b/charts/espresso/templates/clusterrole.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "common.names.clusterRoleName" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} +rules: +{{- toYaml .Values.rbac.clusterRules | nindent 0 }} +{{- end }} diff --git a/charts/espresso/templates/clusterrolebinding.yaml b/charts/espresso/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..c045d4fc8 --- /dev/null +++ b/charts/espresso/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.names.clusterRoleName" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "common.names.clusterRoleName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "common.names.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 1fce7e3f3..b044dc338 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -210,6 +210,18 @@ rbac: # name: "" create: true + # -- Required ClusterRole rules + clusterRules: + # # -- Required to create ServiceMonitor CRD + # # + - apiGroups: [""] + resources: + - "services" + - "endpoints" + verbs: + - "get" + - "list" + - "watch" # -- Required Role rules rules: # -- Required to create Sequencer env Secret. @@ -223,13 +235,4 @@ rbac: - "list" - "watch" - "delete" - # -- Required to create ServiceMonitor CRD - # - - apiGroups: ["monitoring.coreos.com"] - resources: - - "services" - - "endpoints" - verbs: - - "get" - - "list" - - "watch" + From 7fe54e16eef6bc251131973e55aaa1b77c61cb3c Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 02:07:26 +0200 Subject: [PATCH 54/72] fix: Add global.rbac --- charts/espresso/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index b044dc338..29278332d 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -19,6 +19,9 @@ global: - ReadWriteOnce size: 150Gi annotations: {} + + rbac: + create: true nodes: normal: From 29ceffe3067a76d70477e94b4f8a5450b3c14a1b Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 02:16:02 +0200 Subject: [PATCH 55/72] fix: Add rule for services --- charts/espresso/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 29278332d..12ec30d6b 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -238,4 +238,10 @@ rbac: - "list" - "watch" - "delete" - + - apiGroups: [""] + resources: + - "services" + verbs: + - "get" + - "list" + - "watch" From 87d2794528e08c84c058b519b34995e788cdb49a Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 02:21:24 +0200 Subject: [PATCH 56/72] chore: Ignore servicemonitor interval by default --- charts/espresso/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 12ec30d6b..e4dff8a78 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -111,7 +111,7 @@ serviceMonitor: # -- The namespace in which the ServiceMonitor will be created namespace: "" # -- The interval at which metrics should be scraped - interval: 30s + # interval: 30s # -- The timeout after which the scrape is ended scrapeTimeout: "" # -- Metrics RelabelConfigs to apply to samples before scraping. From 2e59a489c9e08a9f6db05c8233d2496e1ff8bd42 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Fri, 26 Jul 2024 02:35:06 +0200 Subject: [PATCH 57/72] fix: Service port name --- charts/espresso/templates/service.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/espresso/templates/service.yaml b/charts/espresso/templates/service.yaml index 0000a6ffb..6dea21014 100644 --- a/charts/espresso/templates/service.yaml +++ b/charts/espresso/templates/service.yaml @@ -18,7 +18,8 @@ metadata: spec: type: {{ $.Values.service.type }} # ClusterIP, NodePort, LoadBalancer, or ExternalName ports: - - port: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} + - name: api + port: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} targetPort: api protocol: TCP selector: From 277dfc05be38b0b40e636056835c74b8d2e1cec1 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 24 Sep 2024 11:29:29 +0200 Subject: [PATCH 58/72] chore: Add comments to the init.sh script --- charts/espresso/templates/configmap.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index cba852eb9..8849f6109 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -25,6 +25,7 @@ data: fi # Construct the final key name + # Replace all occurrences of key_var in key_value with final_var local final_key="${key_value//$key_var/${final_var}}" echo "$final_key" @@ -34,6 +35,8 @@ data: echo "Detected Pod Index: $index" # Construct the variable names + # ENV is imported from the external secret manager + # ENV keys are in the format of state_key_var and staking_key_var with the index as the suffix state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" key_prefix="espresso-sequencer-private-keys-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" @@ -42,7 +45,7 @@ data: postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" postgres_prefix="espresso-sequencer-postgres-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" -{{- end }} + {{- end }} # Process each key and write to the .env file echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env From 31a95e41877929a45ec31fa79ef8f3ae889f024b Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 24 Sep 2024 17:23:13 +0200 Subject: [PATCH 59/72] feat: Upgrade secret management Changes: - Allow providing custom secret name - Remove suffix variable --- charts/espresso/templates/configmap.yaml | 4 +-- charts/espresso/templates/secret.yaml | 2 +- charts/espresso/templates/statefulset.yaml | 2 +- charts/espresso/values.yaml | 31 +++++++++++++++++----- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 8849f6109..9d43aae1e 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -39,12 +39,12 @@ data: # ENV keys are in the format of state_key_var and staking_key_var with the index as the suffix state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index" staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index" - key_prefix="espresso-sequencer-private-keys-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" + key_prefix="{{ $specs.secrets.sequencerSecretKey }}=" {{- if $specs.sqlStorage }} postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST" postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER" postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD" - postgres_prefix="espresso-sequencer-postgres-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}=" + postgres_prefix="{{ $specs.secrets.postgresSecretKey }}=" {{- end }} # Process each key and write to the .env file diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index 5cd43376b..206d73604 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -16,7 +16,7 @@ spec: target: name: "eso-espresso-sequencer-secrets-{{ $type }}" creationPolicy: Owner - {{- with $specs.externalSecrets.data }} + {{- with $specs.secrets.data }} data: {{- . | toYaml | trim | nindent 2 }} {{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 523b8406e..da8fafeb3 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -40,7 +40,7 @@ spec: - name: PROJECT_ID value: {{ (required "Project ID is required" $.Values.keystoreCLI.projectId) | quote }} - name: SECRET_ID - value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }}-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }} + value: {{ required "Secret ID is required" $.Values.keystoreCLI.pv.secretId }} volumeMounts: - name: keys mountPath: /keys diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index e4dff8a78..b245af0ba 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -6,8 +6,6 @@ global: create: false annotations: {} - suffix: "" - namespaceOverride: "" # -- Whether or not to allocate persistent volume disk for the data directory. @@ -19,7 +17,7 @@ global: - ReadWriteOnce size: 150Gi annotations: {} - + rbac: create: true @@ -39,8 +37,17 @@ nodes: resources: requests: memory: "12000Mi" - externalSecrets: + # -- Secrets to be used by the node. + # The secret key must be the same as the one in the Secret resource or ExternalSecret resource. + secrets: + # -- Sequencer secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the node type. + sequencerSecretKey: "" data: [] + # secrets: + # data: + # - secretKey: espresso-sequencer-private-keys-normal-asia + # remoteRef: + # key: "espresso-sequencer-private-keys-normal-asia" da: replicaCount: 0 command: @@ -60,8 +67,20 @@ nodes: resources: requests: memory: "12000Mi" - externalSecrets: + # -- Secrets to be used by the node. + # The secret key must be the same as the one in the Secret resource or ExternalSecret resource. + secrets: + # -- Sequencer secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the sequencer node secrets. + sequencerSecretKey: "" + # -- Postgres secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the postgres related secrets. + postgresSecretKey: "" data: [] + # secrets: + # data: + # - secretKey: espresso-sequencer-private-keys-normal-asia + # remoteRef: + # key: "espresso-sequencer-private-keys-normal-asia" + # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. nodes_config: ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: https://orchestrator.cappuccino.testnet.espresso.network @@ -96,7 +115,7 @@ keystoreCLI: pullPolicy: IfNotPresent projectId: "" # GCP Project ID pv: - secretId: "" # GCP Secret ID without the Sequencer node type suffix + secretId: "" # GCP Secret ID db: secretId: "" # GCP Secret ID of the DB credentials host: "" # DB host From fbf973431331c55e6661fb6709183433b9c62f3c Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 24 Sep 2024 17:23:53 +0200 Subject: [PATCH 60/72] feat: Allow using normal Secret resources instead of external secret --- charts/espresso/templates/secret.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index 206d73604..3bcbfe062 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -21,4 +21,22 @@ spec: {{- . | toYaml | trim | nindent 2 }} {{- end }} {{- end }} +{{- else }} +{{- range $type, $specs := .Values.nodes }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: "k8s-espresso-sequencer-secrets-{{ $type }}" + {{- with $.Values.global.namespaceOverride }} + namespace: {{ . }} + {{- end }} +type: Opaque +data: + {{- with $specs.secrets.data }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} + {{- end }} +{{- end }} {{- end }} \ No newline at end of file From b73e96703555c70451cabf6a07c7aecddb267a5e Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 24 Sep 2024 17:24:36 +0200 Subject: [PATCH 61/72] feat: Update Sequencer parameters --- charts/espresso/templates/statefulset.yaml | 8 +++++++ charts/espresso/values.yaml | 26 +++++++++++++++++----- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index da8fafeb3..844c8a0aa 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -85,6 +85,14 @@ spec: - name: {{ $key }} value: {{ required (printf "%s is required" $key) $value | quote }} {{- end }} + - name: ESPRESSO_SEQUENCER_IDENTITY_NODE_NAME + value: {{ $specs.nodeName }}-$(hostname | awk -F'-' '{print $NF}') + - name: ESPRESSO_SEQUENCER_IDENTITY_OPERATING_SYSTEM + value: $(uname -sr) + {{- with $.Values.global.networkType }} + - name: ESPRESSO_SEQUENCER_IDENTITY_NETWORK_TYPE + value: {{ . }} + {{- end }} {{- if $.Values.externalSecrets.enabled }} envFrom: - secretRef: diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index b245af0ba..d571df52e 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -21,6 +21,11 @@ global: rbac: create: true + # -- Network type to be used in Espresso's Node Validator Dashboard for identity purposes. + # Values: Residential, Hosted, AWS, Azure, GCP, Cloud Provider. + # If the value is a well known cloud provider, then availability zone could be added. E.g. AWS us-east-1a. + networkType: "" + nodes: normal: replicaCount: 1 @@ -48,6 +53,9 @@ nodes: # - secretKey: espresso-sequencer-private-keys-normal-asia # remoteRef: # key: "espresso-sequencer-private-keys-normal-asia" + # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. + nodeName: "" + # nodeName: "nethermind-sequencer-" da: replicaCount: 0 command: @@ -81,20 +89,26 @@ nodes: # remoteRef: # key: "espresso-sequencer-private-keys-normal-asia" # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. + nodeName: "" + # nodeName: "nethermind-sequencer-da-" nodes_config: + # Required parameters + ESPRESSO_SEQUENCER_L1_PROVIDER: "" # JSON-RPC endpoint for Sepolia testnet ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: https://orchestrator.cappuccino.testnet.espresso.network ESPRESSO_SEQUENCER_CDN_ENDPOINT: "cdn.cappuccino.testnet.espresso.network:1737" ESPRESSO_STATE_RELAY_SERVER_URL: https://state-relay.cappuccino.testnet.espresso.network - ESPRESSO_SEQUENCER_BASE_FEE: 0 - ESPRESSO_SEQUENCER_MAX_BLOCK_SIZE: "30000000" - ESPRESSO_SEQUENCER_CHAIN_ID: 0 + ESPRESSO_SEQUENCER_STATE_PEERS: https://query.cappuccino.testnet.espresso.network + ESPRESSO_SEQUENCER_GENESIS_FILE: "/genesis/cappuccino.toml" # Path to file containing genesis state + ESPRESSO_SEQUENCER_LIBP2P_BIND_ADDRESS: "0.0.0.0:31000" # The address to bind Libp2p to in host:port form. Other nodes should be able to access this. + ESPRESSO_SEQUENCER_LIBP2P_ADVERTISE_ADDRESS: "0.0.0.0:31000" # The address we should advertise to other nodes as being our Libp2p endpoint (in host:port form). It should resolve a connection to the above bind address. + # Optional parameters RUST_LOG: "warn,libp2p=off" RUST_LOG_FORMAT: "json" - ESPRESSO_SEQUENCER_STATE_PEERS: https://query.cappuccino.testnet.espresso.network - ESPRESSO_SEQUENCER_L1_PROVIDER: "" # JSON-RPC endpoint for Sepolia testnet - ESPRESSO_SEQUENCER_API_PORT: 80 # Port on which to host metrics and healthchecks ESPRESSO_SEQUENCER_STORAGE_PATH: "/mount/sequencer/store/" # Path in container to store consensus state + ESPRESSO_SEQUENCER_API_PORT: 80 # Port on which to host metrics and healthchecks + ESPRESSO_SEQUENCER_IDENTITY_COMPANY_NAME: "Nethermind" + ESPRESSO_SEQUENCER_IDENTITY_COMPANY_WEBSITE: "https://nethermind.io" image: repository: ghcr.io/espressosystems/espresso-sequencer/sequencer From ef70616f8c9363ab951a7d5015d88dd02cf99249 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Wed, 25 Sep 2024 14:05:16 +0200 Subject: [PATCH 62/72] feat: Update nodes config with Decaf df settings --- charts/espresso/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index d571df52e..9222a87c4 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -95,11 +95,11 @@ nodes: nodes_config: # Required parameters ESPRESSO_SEQUENCER_L1_PROVIDER: "" # JSON-RPC endpoint for Sepolia testnet - ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: https://orchestrator.cappuccino.testnet.espresso.network - ESPRESSO_SEQUENCER_CDN_ENDPOINT: "cdn.cappuccino.testnet.espresso.network:1737" - ESPRESSO_STATE_RELAY_SERVER_URL: https://state-relay.cappuccino.testnet.espresso.network - ESPRESSO_SEQUENCER_STATE_PEERS: https://query.cappuccino.testnet.espresso.network - ESPRESSO_SEQUENCER_GENESIS_FILE: "/genesis/cappuccino.toml" # Path to file containing genesis state + ESPRESSO_SEQUENCER_ORCHESTRATOR_URL: https://orchestrator-7BEFB0C9FFC.decaf.testnet.espresso.network + ESPRESSO_SEQUENCER_CDN_ENDPOINT: "cdn.decaf.testnet.espresso.network:1737" + ESPRESSO_STATE_RELAY_SERVER_URL: https://state-relay.decaf.testnet.espresso.network + ESPRESSO_SEQUENCER_STATE_PEERS: https://query.decaf.testnet.espresso.network + ESPRESSO_SEQUENCER_GENESIS_FILE: "/genesis/decaf.toml" # Path to file containing genesis state ESPRESSO_SEQUENCER_LIBP2P_BIND_ADDRESS: "0.0.0.0:31000" # The address to bind Libp2p to in host:port form. Other nodes should be able to access this. ESPRESSO_SEQUENCER_LIBP2P_ADVERTISE_ADDRESS: "0.0.0.0:31000" # The address we should advertise to other nodes as being our Libp2p endpoint (in host:port form). It should resolve a connection to the above bind address. # Optional parameters From 02e2ff6b578d506f48c68965579d4ae0151ce150 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Mon, 30 Sep 2024 15:55:10 +0200 Subject: [PATCH 63/72] chore: Update chart version --- charts/espresso/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/Chart.yaml b/charts/espresso/Chart.yaml index cc0409ea5..9a01c6927 100644 --- a/charts/espresso/Chart.yaml +++ b/charts/espresso/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: espresso version: 1.0.0 -appVersion: 0.0.1 +appVersion: "1.0.0" kubeVersion: "^1.23.0-0" description: A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes. type: application From 795a76f0b385905665bd4a9e3f62614c52dab02f Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Mon, 30 Sep 2024 18:28:13 +0200 Subject: [PATCH 64/72] chore: Update chart version --- charts/espresso/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/Chart.yaml b/charts/espresso/Chart.yaml index 9a01c6927..f2d839a11 100644 --- a/charts/espresso/Chart.yaml +++ b/charts/espresso/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: espresso version: 1.0.0 -appVersion: "1.0.0" +appVersion: 1.0.0 kubeVersion: "^1.23.0-0" description: A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes. type: application From e52024f6e6ce238cf6770e2676115170772bd9dd Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Mon, 30 Sep 2024 23:41:51 +0200 Subject: [PATCH 65/72] feat: Ignore da node type by default --- charts/espresso/values.yaml | 38 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index 9222a87c4..acc101a51 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -56,25 +56,25 @@ nodes: # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. nodeName: "" # nodeName: "nethermind-sequencer-" - da: - replicaCount: 0 - command: - - "sequencer" - - "--" - - "storage-sql" - - "--" - - "http" - - "--" - - "catchup" - - "--" - - "status" - - "--" - - "query" - sqlStorage: true - volumeMount: false - resources: - requests: - memory: "12000Mi" + # da: + # replicaCount: 0 + # command: + # - "sequencer" + # - "--" + # - "storage-sql" + # - "--" + # - "http" + # - "--" + # - "catchup" + # - "--" + # - "status" + # - "--" + # - "query" + # sqlStorage: true + # volumeMount: false + # resources: + # requests: + # memory: "12000Mi" # -- Secrets to be used by the node. # The secret key must be the same as the one in the Secret resource or ExternalSecret resource. secrets: From 82ecb01814b8b2ee2b9c7c6d71b4546670de71ba Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 00:08:51 +0200 Subject: [PATCH 66/72] feat: Allow custom ExternalSecret name --- charts/espresso/templates/secret.yaml | 4 ++-- charts/espresso/values.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index 3bcbfe062..fb3e6305d 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -4,7 +4,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: "eso-espresso-sequencer-secrets-{{ $type }}" + name: "{{ $.Values.externalSecrets.name }}-{{ $type }}" {{- with $.Values.global.namespaceOverride }} namespace: {{ . }} {{- end }} @@ -14,7 +14,7 @@ spec: name: {{ $.Values.externalSecrets.secretStoreRef.name }} kind: {{ $.Values.externalSecrets.secretStoreRef.kind }} target: - name: "eso-espresso-sequencer-secrets-{{ $type }}" + name: "{{ $.Values.externalSecrets.name }}-{{ $type }}" creationPolicy: Owner {{- with $specs.secrets.data }} data: diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index acc101a51..f697d2232 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -222,6 +222,7 @@ ingress: externalSecrets: enabled: false + name: "eso-espresso-sequencer-secrets" secretStoreRef: name: secretStoreRef kind: SecretStore From 911d749af2d21ab52c3a383d51c0f5530304e004 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 01:08:24 +0200 Subject: [PATCH 67/72] chore: Change ExternalSecret apiVersion --- charts/espresso/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index fb3e6305d..6727adcd0 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -1,7 +1,7 @@ {{- if .Values.externalSecrets.enabled }} {{- range $type, $specs := .Values.nodes }} --- -apiVersion: external-secrets.io/v1beta1 +apiVersion: external-secrets.io/v1alpha1 kind: ExternalSecret metadata: name: "{{ $.Values.externalSecrets.name }}-{{ $type }}" From 4fa52dd87c8e57d216cb8f45cde87aef9f18bdd1 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 03:30:51 +0200 Subject: [PATCH 68/72] fix: init-setenv secretRef --- charts/espresso/templates/statefulset.yaml | 6 +++++- charts/espresso/values.yaml | 24 +++++++++++----------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 844c8a0aa..dd90c59f1 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -68,7 +68,11 @@ spec: command: ['/bin/bash', '/scripts/init.sh'] envFrom: - secretRef: - name: eso-espresso-sequencer-secrets-{{ $type }} + {{- if $.Values.externalSecrets.enabled }} + name: {{ $.Values.externalSecrets.name }}-{{ $type }} + {{- else }} + name: k8s-espresso-sequencer-secrets-{{ $type }} + {{- end }} volumeMounts: - name: init-env mountPath: /etc/espresso diff --git a/charts/espresso/values.yaml b/charts/espresso/values.yaml index f697d2232..655f4ccfa 100644 --- a/charts/espresso/values.yaml +++ b/charts/espresso/values.yaml @@ -77,19 +77,19 @@ nodes: # memory: "12000Mi" # -- Secrets to be used by the node. # The secret key must be the same as the one in the Secret resource or ExternalSecret resource. - secrets: - # -- Sequencer secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the sequencer node secrets. - sequencerSecretKey: "" - # -- Postgres secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the postgres related secrets. - postgresSecretKey: "" - data: [] # secrets: - # data: - # - secretKey: espresso-sequencer-private-keys-normal-asia - # remoteRef: - # key: "espresso-sequencer-private-keys-normal-asia" - # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. - nodeName: "" + # # -- Sequencer secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the sequencer node secrets. + # sequencerSecretKey: "" + # # -- Postgres secret key. Must match the secret key in the Secret resource or ExternalSecret resource for the postgres related secrets. + # postgresSecretKey: "" + # data: [] + # # secrets: + # # data: + # # - secretKey: espresso-sequencer-private-keys-normal-asia + # # remoteRef: + # # key: "espresso-sequencer-private-keys-normal-asia" + # # -- Node name to identify the node in the Espresso's Node Validator Dashboard. The node index will be appended to the node name. + # nodeName: "" # nodeName: "nethermind-sequencer-da-" nodes_config: From 5f3a6744d716002f5ac58daaf2d9ebd32046af23 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 03:55:14 +0200 Subject: [PATCH 69/72] fix: Change ExternalSecret apiVersion --- charts/espresso/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/espresso/templates/secret.yaml b/charts/espresso/templates/secret.yaml index 6727adcd0..fb3e6305d 100644 --- a/charts/espresso/templates/secret.yaml +++ b/charts/espresso/templates/secret.yaml @@ -1,7 +1,7 @@ {{- if .Values.externalSecrets.enabled }} {{- range $type, $specs := .Values.nodes }} --- -apiVersion: external-secrets.io/v1alpha1 +apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: "{{ $.Values.externalSecrets.name }}-{{ $type }}" From 37830a8a8de34749b1b18cbf318bb478ff4ccbd1 Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 17:02:24 +0200 Subject: [PATCH 70/72] fix: Make sequencers container get keys from volumes --- charts/espresso/templates/configmap.yaml | 4 ++-- charts/espresso/templates/statefulset.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 9d43aae1e..6689adf4b 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -59,6 +59,6 @@ data: # cat /etc/espresso/.env # Create Secret with .env file - kubectl delete secret sequencer-env-secrets-{{ $type }} --ignore-not-found - kubectl create secret generic sequencer-env-secrets-{{ $type }} --from-env-file=/etc/espresso/.env + # kubectl delete secret sequencer-env-secrets-{{ $type }}-$index --ignore-not-found + # kubectl create secret generic sequencer-env-secrets-{{ $type }}-$index --from-env-file=/etc/espresso/.env {{- end }} diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index dd90c59f1..6fedc12c7 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -97,6 +97,8 @@ spec: - name: ESPRESSO_SEQUENCER_IDENTITY_NETWORK_TYPE value: {{ . }} {{- end }} + - name: ESPRESSO_SEQUENCER_KEY_FILE + value: /etc/espresso/.env {{- if $.Values.externalSecrets.enabled }} envFrom: - secretRef: @@ -109,6 +111,8 @@ spec: volumeMounts: - name: consensus-data mountPath: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH }} + - name: init-env + mountPath: /etc/espresso {{- end }} {{- with $specs.resources }} resources: From 97661c623843405ddc7789f6bf00e42743b9be9f Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 17:07:30 +0200 Subject: [PATCH 71/72] fix: Stop using direct pv keys --- charts/espresso/templates/statefulset.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/charts/espresso/templates/statefulset.yaml b/charts/espresso/templates/statefulset.yaml index 6fedc12c7..faa8fe0d2 100644 --- a/charts/espresso/templates/statefulset.yaml +++ b/charts/espresso/templates/statefulset.yaml @@ -99,11 +99,6 @@ spec: {{- end }} - name: ESPRESSO_SEQUENCER_KEY_FILE value: /etc/espresso/.env - {{- if $.Values.externalSecrets.enabled }} - envFrom: - - secretRef: - name: sequencer-env-secrets-{{ $type }} - {{- end }} ports: - name: api containerPort: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }} From d6ff0fe0e678257a6b53ebc7a4291b8f85882d5c Mon Sep 17 00:00:00 2001 From: AntiD2ta Date: Tue, 1 Oct 2024 17:14:48 +0200 Subject: [PATCH 72/72] chore: Print .env for debug purposes --- charts/espresso/templates/configmap.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/espresso/templates/configmap.yaml b/charts/espresso/templates/configmap.yaml index 6689adf4b..410fdbdd5 100644 --- a/charts/espresso/templates/configmap.yaml +++ b/charts/espresso/templates/configmap.yaml @@ -55,8 +55,8 @@ data: echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env {{- end }} - # echo "Dot env file content:" - # cat /etc/espresso/.env + echo "Dot env file content:" + cat /etc/espresso/.env # Create Secret with .env file # kubectl delete secret sequencer-env-secrets-{{ $type }}-$index --ignore-not-found