NethermindEth · AntiD2ta · Apr 24, 2024 · Apr 25, 2024 · Apr 25, 2024 · Apr 25, 2024
@@ -15,7 +15,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Run helm-docs
-        run: docker run --rm --volume "$(pwd):/helm-docs" -u "$(id -u)" jnorwood/helm-docs:latest   
+        run: docker run --rm --volume "$(pwd):/helm-docs" -u "$(id -u)" jnorwood/helm-docs:v1.12.0   
 
       - name: Check for unstaged changes
         run: |

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 1.0.1
+digest: sha256:16871b89b082fb3f3fa0c9bb12fa86f144272c29639386c444322cbaa454e17b
+generated: "2024-01-24T14:35:14.068637+01:00"
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: espresso
+version: 1.0.0
+appVersion: 0.0.1
+kubeVersion: "^1.23.0-0"
+description: A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes.
+type: application
+keywords:
+  - eigenlayer
+  - AVS
+  - espresso
+home: https://docs.espressosys.com/sequencer
+dependencies:
+  - name: common
+    repository: file://../common
+    version: 1.0.1
+maintainers:
+  - name: matilote
+  - name: AntiD2ta
@@ -0,0 +1,99 @@
+# espresso
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+
+A Helm chart that combines Kubernetes manifests and scripts to deploy Espresso Sequencer AVS nodes.
+
+**Homepage:** <https://docs.espressosys.com/sequencer>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| matilote |  |  |
+| AntiD2ta |  |  |
+
+## Requirements
+
+Kubernetes: `^1.23.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://../common | common | 1.0.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| externalSecrets.enabled | bool | `false` |  |
+| externalSecrets.secretStoreRef.kind | string | `"SecretStore"` |  |
+| externalSecrets.secretStoreRef.name | string | `"secretStoreRef"` |  |
+| fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources |
+| global.namespaceOverride | string | `""` |  |
+| global.persistence | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"size":"150Gi","storageClassName":""}` | Whether or not to allocate persistent volume disk for the data directory. In case of node failure, the node data directory will still persist.  |
+| global.serviceAccount | object | `{"annotations":{},"create":false}` | Service account ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/espressosystems/espresso-sequencer/sequencer"` |  |
+| image.tag | string | `"main"` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts | list | `[]` | Hostnames. Can be provided if Ingress is enabled.  |
+| ingress.labels | object | `{}` |  |
+| ingress.paths | list | `[]` | Paths to use for ingress rules By default, the Service created by this chart is used as the target Service for the Ingress. If not defined the following default object will be used: - path: "/"   port: 8000   pathType: "ImplementationSpecific"   serviceName: "<common.names.fullname>"  |
+| ingress.routePrefix | string | `"/"` | Route Prefix. Can skip it if any item of path has the path defined. |
+| ingress.tls | list | `[]` | TLS configuration for Ingress Secret must be manually created in the namespace  |
+| initImage | object | `{"pullPolicy":"IfNotPresent","repository":"bitnami/kubectl","tag":"1.28"}` | Init image is used to manage which secrets the pod should use. |
+| keystoreCLI | object | `{"db":{"host":"","secretId":"","user":""},"image":{"pullPolicy":"IfNotPresent","repository":"nethermindeth/espresso-keystore-cli","tag":"v0.1.1"},"projectId":"","pv":{"secretId":""}}` | Keystore-CLI settings. Used to manage keys on Secret Store. |
+| nodes.da.command[0] | string | `"sequencer"` |  |
+| nodes.da.command[10] | string | `"query"` |  |
+| nodes.da.command[1] | string | `"--"` |  |
+| nodes.da.command[2] | string | `"storage-sql"` |  |
+| nodes.da.command[3] | string | `"--"` |  |
+| nodes.da.command[4] | string | `"http"` |  |
+| nodes.da.command[5] | string | `"--"` |  |
+| nodes.da.command[6] | string | `"catchup"` |  |
+| nodes.da.command[7] | string | `"--"` |  |
+| nodes.da.command[8] | string | `"status"` |  |
+| nodes.da.command[9] | string | `"--"` |  |
+| nodes.da.externalSecrets.data | list | `[]` |  |
+| nodes.da.replicaCount | int | `0` |  |
+| nodes.da.resources.requests.memory | string | `"12000Mi"` |  |
+| nodes.da.sqlStorage | bool | `true` |  |
+| nodes.da.volumeMount | bool | `false` |  |
+| nodes.normal.command[0] | string | `"sequencer"` |  |
+| nodes.normal.command[1] | string | `"--"` |  |
+| nodes.normal.command[2] | string | `"http"` |  |
+| nodes.normal.command[3] | string | `"--"` |  |
+| nodes.normal.command[4] | string | `"catchup"` |  |
+| nodes.normal.command[5] | string | `"--"` |  |
+| nodes.normal.command[6] | string | `"status"` |  |
+| nodes.normal.externalSecrets.data | list | `[]` |  |
+| nodes.normal.replicaCount | int | `1` |  |
+| nodes.normal.resources.requests.memory | string | `"12000Mi"` |  |
+| nodes.normal.sqlStorage | bool | `false` |  |
+| nodes.normal.volumeMount | bool | `true` |  |
+| nodes_config.ESPRESSO_SEQUENCER_API_PORT | int | `80` |  |
+| nodes_config.ESPRESSO_SEQUENCER_BASE_FEE | int | `0` |  |
+| nodes_config.ESPRESSO_SEQUENCER_CDN_ENDPOINT | string | `"cdn.cappuccino.testnet.espresso.network:1737"` |  |
+| nodes_config.ESPRESSO_SEQUENCER_CHAIN_ID | int | `0` |  |
+| nodes_config.ESPRESSO_SEQUENCER_L1_PROVIDER | string | `""` |  |
+| nodes_config.ESPRESSO_SEQUENCER_MAX_BLOCK_SIZE | string | `"30000000"` |  |
+| nodes_config.ESPRESSO_SEQUENCER_ORCHESTRATOR_URL | string | `"https://orchestrator.cappuccino.testnet.espresso.network"` |  |
+| nodes_config.ESPRESSO_SEQUENCER_STATE_PEERS | string | `"https://query.cappuccino.testnet.espresso.network"` |  |
+| nodes_config.ESPRESSO_SEQUENCER_STORAGE_PATH | string | `"/mount/sequencer/store/"` |  |
+| nodes_config.ESPRESSO_STATE_RELAY_SERVER_URL | string | `"https://state-relay.cappuccino.testnet.espresso.network"` |  |
+| nodes_config.RUST_LOG | string | `"warn,libp2p=off"` |  |
+| nodes_config.RUST_LOG_FORMAT | string | `"json"` |  |
+| rbac.create | bool | `true` |  |
+| rbac.name | string | `""` | The name of the role to use. If not set and create is true, a name is generated using the fullname template  |
+| rbac.rules | list | `[{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}]` | Required Role rules |
+| rbac.rules[0] | object | `{"apiGroups":[""],"resources":["secrets"],"verbs":["create","get","list","watch","delete"]}` | Required to create Sequencer env Secret.  |
+| service.annotations | object | `{}` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount | object | `{"annotations":{},"name":""}` | Service account ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
@@ -0,0 +1,8 @@
+{{/*
+Create a formatted image string with repository and tag
+*/}}
+{{- define "espresso.build_image_name" -}}
+{{- $repository := index . 0 -}}
+{{- $tag := index . 1 -}}
+{{- printf "%s:%s" $repository $tag | quote -}}
+{{- end -}}
@@ -0,0 +1,10 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "common.names.clusterRoleName" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+rules:
+{{- toYaml .Values.rbac.clusterRules | nindent 0 }}
+{{- end }}
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "common.names.clusterRoleName" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "common.names.clusterRoleName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "common.names.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
@@ -0,0 +1,61 @@
+{{- range $type, $specs := .Values.nodes }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" $ }}-init-{{ $type }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+data:
+  init.sh: |
+    function process_key() {
+        local key_var=$1
+        local prefix=$2
+        local final_var=$3
+
+        # Extract the value for the specified indexed key from the environment
+        local key_full=$(env | grep -e $key_var)
+
+        # Check if the string starts with the prefix and remove it
+        local key_value
+        if [[ $key_full == $prefix* ]]; then
+            key_value="${key_full#$prefix}"
+        else
+            key_value="$key_full"
+        fi
+
+        # Construct the final key name
+        local final_key="${key_value//$key_var/${final_var}}"
+
+        echo "$final_key"
+    }
+    # Get the index from the hostname
+    index=$(hostname | grep -o -E "[0-9]+$")
+    echo "Detected Pod Index: $index"
+
+    # Construct the variable names
+    state_key_var="ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY_$index"
+    staking_key_var="ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY_$index"
+    key_prefix="espresso-sequencer-private-keys-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}="
+    {{- if $specs.sqlStorage }}
+    postgres_host_var="ESPRESSO_SEQUENCER_POSTGRES_HOST"
+    postgres_user_var="ESPRESSO_SEQUENCER_POSTGRES_USER"
+    postgres_pass_var="ESPRESSO_SEQUENCER_POSTGRES_PASSWORD"
+    postgres_prefix="espresso-sequencer-postgres-{{ $type }}{{ if ne $.Values.global.suffix "" }}-{{ $.Values.global.suffix }}{{ end }}="
+{{- end }}
+
+    # Process each key and write to the .env file
+    echo "$(process_key $state_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STATE_KEY")" > /etc/espresso/.env
+    echo "$(process_key $staking_key_var $key_prefix "ESPRESSO_SEQUENCER_PRIVATE_STAKING_KEY")" >> /etc/espresso/.env
+    {{- if $specs.sqlStorage }}
+    echo "$(process_key $postgres_host_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_HOST")" >> /etc/espresso/.env
+    echo "$(process_key $postgres_user_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_USER")" >> /etc/espresso/.env
+    echo "$(process_key $postgres_pass_var $postgres_prefix "ESPRESSO_SEQUENCER_POSTGRES_PASSWORD")" >> /etc/espresso/.env
+    {{- end }}
+    # echo "Dot env file content:"
+    # cat /etc/espresso/.env 
+
+    # Create Secret with .env file
+    kubectl delete secret sequencer-env-secrets-{{ $type }} --ignore-not-found
+    kubectl create secret generic sequencer-env-secrets-{{ $type }} --from-env-file=/etc/espresso/.env
+{{- end }}
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.enabled -}}
+---
+  {{- $baseServiceName := include "common.names.fullname" . -}}
+  {{- $routePrefix := .Values.ingress.routePrefix | default "/" -}}
+  {{- $defaultPath := list (dict "path" $routePrefix "port" 8000 "pathType" "ImplementationSpecific") -}}
+  {{- $paths := .Values.ingress.paths | default $defaultPath -}} 
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4}}
+  {{- end }}
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- with .Values.ingress.labels }}
+    {{ toYaml . | indent 4 }}
+    {{- end }}
+  {{- with $.Values.global.namespaceOverride }}
+  namespace: {{ . }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ .serviceName | default $baseServiceName }}
+                port:
+                  number: {{ .port }}
+          {{- end }}
+      {{- with .host }}
+      host: {{ . | quote }}
+      {{- end }}
+  {{- end }}
+  {{- with .Values.ingress.tls }}
+  tls:
+    {{ tpl (toYaml . | indent 4) . }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,10 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+rules:
+  {{- toYaml .Values.rbac.rules | nindent 0 }}
+{{- end }}
@@ -0,0 +1,15 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "common.names.serviceAccountName" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "common.names.serviceAccountName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "common.names.serviceAccountName" . }}
+{{- end }}
@@ -0,0 +1,24 @@
+{{- if .Values.externalSecrets.enabled }}
+{{- range $type, $specs := .Values.nodes }}
+---
+apiVersion: external-secrets.io/v1beta1 
+kind: ExternalSecret
+metadata:
+  name: "eso-espresso-sequencer-secrets-{{ $type }}"
+  {{- with $.Values.global.namespaceOverride }}
+  namespace: {{ . }}
+  {{- end }}
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: {{ $.Values.externalSecrets.secretStoreRef.name }}
+    kind: {{ $.Values.externalSecrets.secretStoreRef.kind }}
+  target:
+    name: "eso-espresso-sequencer-secrets-{{ $type }}"
+    creationPolicy: Owner
+  {{- with $specs.externalSecrets.data }}
+  data:
+    {{- . | toYaml | trim | nindent 2 }}
+  {{- end }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,28 @@
+{{- range $type, $specs := .Values.nodes }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ include "common.names.fullname" $ }}-{{ $type }}"
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+    pod: "{{ include "common.names.fullname" $ }}"
+    type: api
+  {{- with $.Values.service.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 | trim }}
+  {{- end }}
+  {{- with $.Values.global.namespaceOverride }}
+  namespace: {{ . }}
+  {{- end }}
+spec:
+  type: {{ $.Values.service.type }} # ClusterIP, NodePort, LoadBalancer, or ExternalName
+  ports:
+    - name: api
+      port: {{ $.Values.nodes_config.ESPRESSO_SEQUENCER_API_PORT }}
+      targetPort: api
+      protocol: TCP
+  selector:
+    {{- include "common.labels.matchLabels" $ | nindent 4 }}
+    type: {{ $type }}
+{{- end }}
@@ -0,0 +1,16 @@
+---
+{{- if .Values.global.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.names.serviceAccountName" $ }}
+  labels:
+    {{- include "common.labels.standard" $ | nindent 4 }}
+  {{- with .Values.global.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $.Values.global.namespaceOverride }}
+  namespace: {{ . }}
+  {{- end }}
+{{- end }}