diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml deleted file mode 100644 index 1e563b8d5f..0000000000 --- a/.github/workflows/deploy-preview.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -# Deploys the latest changes on 'main' branch, via a container -# image tagged with 'main', to testnet-preview.penumbra.zone. -name: Deploy testnet-preview.penumbra.zone -on: - workflow_dispatch: - inputs: - image_tag: - description: 'Docker image tag to deploy' - # The container tag "main" comes from the name of the main branch. - # It's important we deploy this tag for preview, rather than "latest", - # as "latest" maps to the most recent tag (i.e. weekly testnet). - default: "main" - required: true - push: - branches: - - main - -# Cancel any pending preview deploys, in favor of a newer PR -# that was just merged. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - # Don't cancel mid-run, as an interrupted `helmfile sync` can create broken release - # states in the kube API server that require manual cleanup. - cancel-in-progress: false - -jobs: - build-container: - name: Build container for preview - uses: ./.github/workflows/containers.yml - secrets: inherit - deploy: - name: Deploy preview to cluster - permissions: - contents: 'read' - id-token: 'write' - needs: - - build-container - runs-on: ubuntu-latest - timeout-minutes: 30 - environment: testnet-preview - steps: - - name: checkout - uses: actions/checkout@v4 - - - id: gcloudauth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider' - service_account: 'github-actions@penumbra-sl-testnet.iam.gserviceaccount.com' - - - name: get gke credentials - uses: google-github-actions/get-gke-credentials@v2 - with: - cluster_name: testnet - project_id: penumbra-sl-testnet - location: us-central1 - - - name: install helmfile - uses: mamezou-tech/setup-helmfile@v2.0.0 - with: - helmfile-version: "v0.157.0" - - - name: deploy - run: |- - export PATH="$HOME/bin:$PATH" - cd deployments/ - export PENUMBRA_VERSION='main' - export HELM_RELEASE='penumbra-preview' - ./ci.sh - - - name: bounce metrics - run: kubectl rollout restart deployment penumbra-preview-metrics - - - name: bounce grpcui - run: kubectl rollout restart deployment grpcui-preview - - # Deploys a standalone instance of pd, - # specifically to exercise the auto-https direct-serve logic. - standalone: - name: deploy standalone pd node, preview - permissions: - contents: 'read' - id-token: 'write' - needs: - - deploy - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: configure ssh identity - run: |- - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_PRIVKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$SSH_HOSTKEYS" > ~/.ssh/known_hosts - env: - # In order to generate the hostkey material: - # - # echo > hostkeys.txt - # ssh-keyscan -H solo-pd.testnet-preview.plinfra.net | tee -a hostkeys.txt - # ssh-keyscan -H solo-pd.testnet.plinfra.net | tee -a hostkeys.txt - # - # Then paste the contents of that file into `secrets.CI_RUNNER_SSH_HOSTKEYS`, - # so it's consumable via this step. - SSH_PRIVKEY: ${{ secrets.CI_RUNNER_SSH_PRIVKEY }} - SSH_HOSTKEYS: ${{ secrets.CI_RUNNER_SSH_HOSTKEYS }} - - - name: deploy - shell: bash - run: |- - export PENUMBRA_VERSION="main" - export PENUMBRA_ENVIRONMENT="penumbra-preview" - ./deployments/scripts/redeploy-ci-fullnode-via-runner diff --git a/.github/workflows/deploy-testnet.yml b/.github/workflows/deploy-testnet.yml deleted file mode 100644 index b4f5dc885e..0000000000 --- a/.github/workflows/deploy-testnet.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -# Deploys the most recent tagged testnet (e.g. "037-iocaste.2") to cluster -# at testnet.penumbra.zone. -name: Deploy testnet.penumbra.zone -on: - workflow_dispatch: - inputs: - image_tag: - description: 'Docker image tag to deploy' - # We cannot set a meaningful default here, because we always want the latest tag. - # Inputs cannot reference special variables like `github.ref_name`, so we default - # to the value of `github.ref_name` when exporting the env var in the deploy step. - required: true - push: - tags: - - '*-?v[0-9]+*' -jobs: - # Before deploying, we must wait for the container build to complete, - # so that the relevant tag is present in container registry. - build-container: - name: Build container for testnet - uses: ./.github/workflows/containers.yml - secrets: inherit - deploy: - name: Deploy testnet to cluster - needs: - - build-container - runs-on: ubuntu-latest - permissions: - contents: 'read' - id-token: 'write' - environment: testnet - timeout-minutes: 30 - steps: - - name: checkout - uses: actions/checkout@v4 - - - id: gcloudauth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider' - service_account: 'github-actions@penumbra-sl-testnet.iam.gserviceaccount.com' - - - name: get gke credentials - uses: google-github-actions/get-gke-credentials@v2 - with: - cluster_name: testnet - project_id: penumbra-sl-testnet - location: us-central1 - - - name: install helmfile - uses: mamezou-tech/setup-helmfile@v2.0.0 - with: - helmfile-version: "v0.157.0" - - - name: deploy - run: |- - export PATH="$HOME/bin:$PATH" - cd deployments/ - export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' - export HELM_RELEASE='penumbra-testnet' - ./ci.sh - - - name: bounce grpcui - run: kubectl rollout restart deployment grpcui-testnet - - - name: bounce galileo - shell: bash - run: |- - export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' - # Set the exact version for the current testnet for Galileo, so deps match. - kubectl set image deployments \ - -l "app.kubernetes.io/instance=galileo" \ - "galileo=ghcr.io/penumbra-zone/galileo:penumbra-${PENUMBRA_VERSION}" - # Wait for rollout to complete. Will block until pods are marked Ready. - kubectl rollout status deployment \ - -l "app.kubernetes.io/instance=galileo" - - # Deploys a standalone instance of pd, - # specifically to exercise the auto-https direct-serve logic. - standalone: - name: deploy standalone pd node, preview - permissions: - contents: 'read' - id-token: 'write' - needs: - - deploy - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: configure ssh identity - run: |- - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_PRIVKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$SSH_HOSTKEYS" > ~/.ssh/known_hosts - env: - SSH_PRIVKEY: ${{ secrets.CI_RUNNER_SSH_PRIVKEY }} - SSH_HOSTKEYS: ${{ secrets.CI_RUNNER_SSH_HOSTKEYS }} - - - name: deploy - shell: bash - run: |- - export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' - export PENUMBRA_ENVIRONMENT="penumbra-testnet" - ./deployments/scripts/redeploy-ci-fullnode-via-runner diff --git a/.github/workflows/disable-faucet.yml b/.github/workflows/disable-faucet.yml deleted file mode 100644 index bd8c2508b2..0000000000 --- a/.github/workflows/disable-faucet.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Convenient ad-hoc action to destroy the Galileo deployment. -# Since starting the summoning ceremony, load has been very high on Galileo. -# Despite perf improvements, the bot can still act up. This action -# allow a one-time action to destroy the bot deployment. To restore it, -# `helmfile sync ` is required on the infra repo. -# TODO: add an "enable faucet" action. -name: Disable faucet -on: - # Only run ad-hoc, never automatically. - workflow_dispatch: - -jobs: - disable-faucet: - name: Disable faucet - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - id: gcloudauth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider' - service_account: 'github-actions@penumbra-sl-testnet.iam.gserviceaccount.com' - - - name: get gke credentials - uses: google-github-actions/get-gke-credentials@v2 - with: - cluster_name: testnet - project_id: penumbra-sl-testnet - location: us-central1 - - - name: delete galileo deployment - run: kubectl delete deployment galileo || true diff --git a/deployments/README.md b/deployments/README.md index 31449e82fa..886183d802 100644 --- a/deployments/README.md +++ b/deployments/README.md @@ -1,96 +1,16 @@ # Penumbra deployments -This directory contains config management logic for managing -Penumbra networks. As of 2023Q1, prior to mainnet, -Penumbra Labs runs three (3) discrete networks: - - * "testnet", updated approximately weekly - * "preview", updated on every push to `main` in the repo - * "devnet", updated ad-hoc to serve as a sandbox debugging environment - -Those networks each have their own genesis and knowledge of peers. -The networks are completely separate. +See the [Penumbra Guide] for setup steps on running a Penumbra node. ## Directory structure ``` . -├── ci.sh # runner script for executing a deploy against k8s -├── charts/ # helm charts used to configure genesis, nodes, and metrics -├── networks/ # logic specific to network, e.g. "testnet" or "preview" -│ └── testnet/ -└── terraform/ # server and cluster provisioning logic - └── modules/ -``` - -## Running custom devnets - -Sometimes you want to perform a deploy that mimics our preview and testnet setups, -but has its own lifecycle. For example, you may want to test new cluster config logic, -or try to reproduce a bug on an older version of the software. Behold: - -``` -cd deployments/ -export HELM_RELEASE=penumbra-devnet -./ci.sh -``` - -That will deploy a new network based on latest `main` (containers are rebuilt on every merge) -and run it. You can destroy it when you're done with `helm uninstall penumbra-devnet`. -You can also run an older version of the software: - -``` -cd deployments/ -export HELM_RELEASE=penumbra-devnet -export PENUMBRA_VERSION=v0.53.1 -./ci.sh -``` - -You'll see a message about a "patch release"; you'll need to edit the ci script's main function to force -a run of the full deploy logic. - -## Out of band config -There are several DNS records that are not handled -by the automation in this repo. Each testnet should have: - -* `rpc.` # the cometbft rpc service -* `grpc.` # the pd grpc service -* `grafana.` # web interface for metrics dashboards - -To find the IPv4 address for `{g,}rpc.`, use this command: - -``` -kubectl get svc -n infra traefik --output jsonpath='{.status.loadBalancer.ingress[0].ip}' -``` - -The Traefik reverse proxy is used for fronting pd's grpc service, because Traefik supports h2c. -See for details: https://github.com/penumbra-zone/penumbra/issues/2341 - -## Generating and storing public IPs for P2P connections - -There's a chicken-or-egg problem when creating a new network: the deployment will trigger the creation -of LoadBalancer objects with public IPv4 addresses. Those public IP addresses are needed at genesis -creation time, so that the validator configs are generated with an external address field -in the Tendermint configs. To resolve, there's a special var `only_lb_svc=true` that will -deploy just the P2P LBs. You can then poll the IPs, store them as additional vars, and rerun -with `only_lb_svc=false`. - +├── systemd/ # example systemd configs for node operators +├── containerfiles/ # OCI container image manifests +├── scripts/ # scripts related to testing penumbra in ci +├── containerfiles/ # OCI container image manifests +├── compose/ # example docker-compose configs, unmaintained ``` -helmfile sync -f helmfile.d/penumbra-devnet.yaml --args --set=only_lb_svc=true -./scripts/get-lb-ips penumbra-devnet -helmfile sync -f helmfile.d/penumbra-devnet.yaml -``` - -This two-step process is only required the *first* time a given network is deployed. -Thereafter, resource retention policies will preserve the LBs, so that the IPs remain reserved, -and can be reused on subsequent deployments of that network. - -## Dude, where's my logs? - -There's web-based access for viewing logs from the testnet deployment: - -* [Top-level view of all deployments](https://console.cloud.google.com/kubernetes/workload/overview?project=penumbra-sl-testnet) -* [Logs for the deployment with RPC endpoints exposed](https://console.cloud.google.com/kubernetes/deployment/us-central1/testnet/default/penumbra-testnet-fn-0/logs?project=penumbra-sl-testnet) -You must authenticate with your PL Google account to view that information; -ask a team member if you need a grant added for your account. +[Penumbra Guide]: https://guide.penumbra.zone diff --git a/deployments/charts/README.md b/deployments/charts/README.md deleted file mode 100644 index 5aa892282a..0000000000 --- a/deployments/charts/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# Helm charts for Penumbra - -These helm charts are used to deploy test infrastructure via CI. -A given network deployment is composed of three charts: - - * `penumbra-network`, which runs `pd testnet generate` to create genesis - and configure genesis validators - * `penumbra-node`, which runs fullnodes joined to the network, and also - exposes HTTPS frontends so their RPCs are accessible. - * `penumbra-metrics`, which runs a grafana/prometheus setup scraping - the metrics endpoints of the nodes and validators, and exposes - the grafana dashboards over HTTPS. - -These charts are posted publicly as a reference. diff --git a/deployments/charts/penumbra-metrics/.helmignore b/deployments/charts/penumbra-metrics/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/deployments/charts/penumbra-metrics/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deployments/charts/penumbra-metrics/Chart.yaml b/deployments/charts/penumbra-metrics/Chart.yaml deleted file mode 100644 index ae4d31bfba..0000000000 --- a/deployments/charts/penumbra-metrics/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: penumbra-metrics -description: Deploy Grafana and Prometheus for monitoring Penumbra deployments. - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/deployments/charts/penumbra-metrics/templates/NOTES.txt b/deployments/charts/penumbra-metrics/templates/NOTES.txt deleted file mode 100644 index ee57e9480f..0000000000 --- a/deployments/charts/penumbra-metrics/templates/NOTES.txt +++ /dev/null @@ -1,11 +0,0 @@ -Penumbra metrics dashabords have been deployed. -{{- if .Values.ingressRoute.enabled }} -You can access the Grafana dashboard here: - - https://{{.Values.ingressRoute.hosts.grafana }} - -You can view Prometheus dashboard by using `kubectl port-forward`. -{{- else }} -You have not enabled an ingress (via `ingressRoute.enabled=true`), -so you'll need to forward ports via kubectl to access Grafana. -{{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/_helpers.tpl b/deployments/charts/penumbra-metrics/templates/_helpers.tpl deleted file mode 100644 index 6bb7650882..0000000000 --- a/deployments/charts/penumbra-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "penumbra-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "penumbra-metrics.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "penumbra-metrics.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "penumbra-metrics.labels" -}} -helm.sh/chart: {{ include "penumbra-metrics.chart" . }} -{{ include "penumbra-metrics.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.part_of }} -app.kubernetes.io/part-of: {{ .Values.part_of }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "penumbra-metrics.selectorLabels" -}} -app.kubernetes.io/name: {{ include "penumbra-metrics.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "penumbra-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "penumbra-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/configmap.yaml b/deployments/charts/penumbra-metrics/templates/configmap.yaml deleted file mode 100644 index 3ab9f27a77..0000000000 --- a/deployments/charts/penumbra-metrics/templates/configmap.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-{{ include "penumbra-metrics.fullname" . }} - labels: - {{- include "penumbra-metrics.labels" . | nindent 4 }} -data: - grafana_datasources.yml: | - datasources: - - name: 'Prometheus' - type: 'prometheus' - access: 'browser' - url: 'http://localhost:9090' - is_default: true - editable: false - prometheus_scrape_configs: | - scrape_configs: - - - job_name: 'Penumbra Fullnode' - scrape_interval: 10s - scheme: http - metrics_path: metrics - static_configs: -{{ $count := (.Values.scrape_configs.numFullNodes | int) }} -{{ range $i,$e := until $count }} - - targets: -{{ $fn_name := printf $.Values.scrape_configs.fmtFullNodeSvc $i }} - - '{{ $fn_name }}:9000' - - '{{ $fn_name }}:26660' -{{ end }} - - - job_name: 'Penumbra Validator' - scrape_interval: 10s - scheme: http - metrics_path: metrics - static_configs: - - targets: -{{ $count := (.Values.scrape_configs.numValidators | int) }} -{{ range $i,$e := until $count }} -{{ $val_name := printf $.Values.scrape_configs.fmtValidatorSvc $i }} - - '{{ $val_name }}:9000' - - '{{ $val_name }}:26660' -{{ end }} diff --git a/deployments/charts/penumbra-metrics/templates/deployment.yaml b/deployments/charts/penumbra-metrics/templates/deployment.yaml deleted file mode 100644 index cce9d83db1..0000000000 --- a/deployments/charts/penumbra-metrics/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} - labels: - app.kubernetes.io/component: metrics - {{- include "penumbra-metrics.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - strategy: - type: Recreate - selector: - matchLabels: - {{- include "penumbra-metrics.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "penumbra-metrics.selectorLabels" . | nindent 8 }} - spec: - volumes: - - name: grafana-datasources - configMap: - name: config-{{ include "penumbra-metrics.fullname" . }} - items: - - key: "grafana_datasources.yml" - path: "all.yml" - - name: prometheus-scrape-configs - configMap: - name: config-{{ include "penumbra-metrics.fullname" . }} - items: - - key: "prometheus_scrape_configs" - path: "prometheus.yml" - - name: prometheus-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "penumbra-metrics.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "penumbra-metrics.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - initContainers: - - name: prom-config - image: "docker.io/debian:stable" - command: - - sh - - -cex - - > - id && - cat /etc/prometheus/prometheus.yml && - chown -R 65534:65534 /prometheus - imagePullPolicy: Always - volumeMounts: - - name: prometheus-scrape-configs - mountPath: "/etc/prometheus/" - readOnly: true - - name: prometheus-data - mountPath: "/prometheus" - containers: - - name: grafana - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 3000 - protocol: TCP - name: grafana-http - volumeMounts: - - name: grafana-datasources - mountPath: "/etc/grafana/provisioning/datasources/" - readOnly: true - readinessProbe: - tcpSocket: - port: grafana-http - timeoutSeconds: 10 - initialDelaySeconds: 2 - - name: prometheus - image: "{{ .Values.prometheus.repository }}:{{ .Values.prometheus.tag }}" - args: - - "--config.file=/etc/prometheus/prometheus.yml" - - "--log.level=debug" - imagePullPolicy: {{ .Values.prometheus.pullPolicy }} - ports: - - containerPort: 9090 - protocol: TCP - name: prometheus-http - readinessProbe: - tcpSocket: - port: prometheus-http - timeoutSeconds: 10 - initialDelaySeconds: 2 - volumeMounts: - - name: prometheus-scrape-configs - mountPath: "/etc/prometheus/" - readOnly: true - - name: prometheus-data - mountPath: "/prometheus" - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/ingress.yaml b/deployments/charts/penumbra-metrics/templates/ingress.yaml deleted file mode 100644 index af85065fc8..0000000000 --- a/deployments/charts/penumbra-metrics/templates/ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "penumbra-node.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "penumbra-node.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }}-cometbft - port: - # number: {{ $svcPort }} - number: 26657 - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/ingressroute.yaml b/deployments/charts/penumbra-metrics/templates/ingressroute.yaml deleted file mode 100644 index d68e8a0489..0000000000 --- a/deployments/charts/penumbra-metrics/templates/ingressroute.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.ingressRoute.enabled -}} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: {{ include "penumbra-metrics.fullname" . }}-grafana-https - labels: - {{- include "penumbra-metrics.labels" . | nindent 4 }} -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`{{ .Values.ingressRoute.hosts.grafana }}`) - services: - - name: {{ include "penumbra-metrics.fullname" . }} - port: 3000 - - kind: Rule - match: Host(`{{ .Values.ingressRoute.hosts.prometheus }}`) - services: - - name: {{ include "penumbra-metrics.fullname" . }} - port: 9090 - tls: - domains: - - main: {{ .Values.ingressRoute.hosts.grafana }} - sans: - - {{ .Values.ingressRoute.hosts.prometheus }} - secretName: {{ .Values.ingressRoute.secretName }} -{{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/pvc.yml b/deployments/charts/penumbra-metrics/templates/pvc.yml deleted file mode 100644 index c6db535322..0000000000 --- a/deployments/charts/penumbra-metrics/templates/pvc.yml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.persistence.enabled }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "penumbra-metrics.fullname" . }} - labels: - {{- include "penumbra-metrics.labels" $ | nindent 4 }} -spec: - accessModes: {{ .Values.persistence.accessModes }} - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- if .Values.persistence.storageClassName }} - storageClassName: {{ .Values.persistence.storageClassName }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-metrics/templates/service.yaml b/deployments/charts/penumbra-metrics/templates/service.yaml deleted file mode 100644 index b6c394d857..0000000000 --- a/deployments/charts/penumbra-metrics/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "penumbra-metrics.fullname" . }} - labels: - app: {{ include "penumbra-metrics.fullname" . }} - {{- include "penumbra-metrics.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.service.port }} - targetPort: grafana-http - protocol: TCP - name: grafana-http - - port: 9090 - targetPort: prometheus-http - protocol: TCP - name: prometheus-http - selector: - {{- include "penumbra-metrics.selectorLabels" . | nindent 4 }} diff --git a/deployments/charts/penumbra-metrics/templates/serviceaccount.yaml b/deployments/charts/penumbra-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 3f591b1307..0000000000 --- a/deployments/charts/penumbra-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "penumbra-metrics.serviceAccountName" . }} - labels: - {{- include "penumbra-metrics.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-metrics/values.yaml b/deployments/charts/penumbra-metrics/values.yaml deleted file mode 100644 index 93b638f8cd..0000000000 --- a/deployments/charts/penumbra-metrics/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for penumbra-metrics. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: ghcr.io/penumbra-zone/grafana - tag: latest - pullPolicy: Always - -prometheus: - repository: docker.io/prom/prometheus - tag: latest - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -# Information about which metrics targets to scrape. -# These values are intended to be DRY: see configmap for templating logic. -scrape_configs: - numFullNodes: 2 - numValidators: 2 - # printf formatting string, for generating scrape targets. - fmtFullNodeSvc: "penumbra-preview-fn-%d" - fmtValidatorSvc: "penumbra-preview-val-%d" - -# Configure PVCs for metrics data. If disabled, an emptydir will be used, -# which means historical metrics will be wiped on every pod restart. -persistence: - enabled: false - storageClassName: - accessModes: - - ReadWriteOnce - size: 5G - -# Custom label for aggregating network, nodes, and metrics into a cohesive deployment. -# Maps to the 'app.kubernetes.io/part-of' label. -part_of: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - # 3000/TCP is default grafana HTTP service - port: 3000 - -# N.B. Only `IngressRoute`, a custom CRD specific to Traefik ingress controller -# is supported. This is because a traditional Ingress object doesn't allow us -# to force a backend scheme of h2c, which is required for pd's gRPC service. -ingressRoute: - enabled: false - hosts: - # consider using DNS wildcards, e.g. *.devnet.chart-example.local - grafana: grafana.chart-example.local - prometheus: prometheus.chart-example.local - # Secret object containing TLS info - secretName: "" - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/deployments/charts/penumbra-network/.helmignore b/deployments/charts/penumbra-network/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/deployments/charts/penumbra-network/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deployments/charts/penumbra-network/Chart.yaml b/deployments/charts/penumbra-network/Chart.yaml deleted file mode 100644 index 398875acd4..0000000000 --- a/deployments/charts/penumbra-network/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: penumbra-network -description: Generate a fresh network config for Penumbra, and deploy its genesis validators. - -type: application -version: 0.1.0 -appVersion: "1.16.0" diff --git a/deployments/charts/penumbra-network/files/validators.json b/deployments/charts/penumbra-network/files/validators.json deleted file mode 100644 index f740f0f63e..0000000000 --- a/deployments/charts/penumbra-network/files/validators.json +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "name": "Penumbra Labs CI 1", - "website": "https://penumbra.zone", - "description": "This is a validator run by Penumbra Labs, using testnets as a public CI", - "funding_streams": [ - [ - 50, - "penumbra1fcy6crf6u4r450k8y4nye43puxet2ytfh7s0dzxsxjk68czej9mp37xv49np0clv4dc8cwg4re0xfs79uwlfehnja4p0revmlek0drezxfse8spg3qc6gux6vyuzuulse7xuxv" - ], - [ - 50, - "penumbra13ahs2s8ms6q0utgetty3zflwteepg87gqm88sqqcdj2mjhhydkykwu6n7dk557x84aa9a6cqhdytw0zk33xjgmuedprrlunc86up6zps8juej9rpuuydjtk7jaxpmrw27gfu9x" - ], - [ - 50, - "penumbra1uw03wyt49u7wm5wgu4nvkdt0v48fdaw5y4az4xlgmnp6ucs6th4xd0zg8wqxwndwfv286ktjwgemyhrxqu0d5qjf8dapr57l3k8yqs09vw9m5ywxsx9hjj2dj4qwnrl2rzxdh9" - ], - [ - 50, - "penumbra1w6em8sdx0467ug9kk0s0sng254tqjfk9gglv6ff7dq2v8arwekevkjte9udzmsj9l83mz74747tj0a49w2vhecxj7ac4upr5c5pvjqhsy7dwn422m8dgdekt7y4lmad026njsv" - ], - [ - 50, - "penumbra1jp4pryqqmh65pq8e7zwk6k2674vwhn4qqphxjk0vukxln0crmp2tdld0mhavuyrspwuajnsk5t5t33u2auxvheunr7qde4l068ez0euvtu08z7rwj6shlh64ndz0wvz7cmu29z" - ], - [ - 50, - "penumbra1hum845ches70c8kp8zfx7nerjwfe653hxsrpgwepwtspcp4jy6ytnxhe5kwn56sku684x6zzqcwp5ycrkee5mmg9kdl3jkr5lqn2xq3kqxvp4d7gwqdue5jznk2ter2teg83gu" - ] - ], - "sequence_number": 0 - }, - { - "name": "Penumbra Labs CI 2", - "website": "https://penumbra.zone", - "description": "This is a validator run by Penumbra Labs, using testnets as a public CI", - "funding_streams": [ - [ - 50, - "penumbra1fcy6crf6u4r450k8y4nye43puxet2ytfh7s0dzxsxjk68czej9mp37xv49np0clv4dc8cwg4re0xfs79uwlfehnja4p0revmlek0drezxfse8spg3qc6gux6vyuzuulse7xuxv" - ], - [ - 50, - "penumbra13ahs2s8ms6q0utgetty3zflwteepg87gqm88sqqcdj2mjhhydkykwu6n7dk557x84aa9a6cqhdytw0zk33xjgmuedprrlunc86up6zps8juej9rpuuydjtk7jaxpmrw27gfu9x" - ], - [ - 50, - "penumbra1uw03wyt49u7wm5wgu4nvkdt0v48fdaw5y4az4xlgmnp6ucs6th4xd0zg8wqxwndwfv286ktjwgemyhrxqu0d5qjf8dapr57l3k8yqs09vw9m5ywxsx9hjj2dj4qwnrl2rzxdh9" - ], - [ - 50, - "penumbra1w6em8sdx0467ug9kk0s0sng254tqjfk9gglv6ff7dq2v8arwekevkjte9udzmsj9l83mz74747tj0a49w2vhecxj7ac4upr5c5pvjqhsy7dwn422m8dgdekt7y4lmad026njsv" - ], - [ - 50, - "penumbra1jp4pryqqmh65pq8e7zwk6k2674vwhn4qqphxjk0vukxln0crmp2tdld0mhavuyrspwuajnsk5t5t33u2auxvheunr7qde4l068ez0euvtu08z7rwj6shlh64ndz0wvz7cmu29z" - ], - [ - 50, - "penumbra1hum845ches70c8kp8zfx7nerjwfe653hxsrpgwepwtspcp4jy6ytnxhe5kwn56sku684x6zzqcwp5ycrkee5mmg9kdl3jkr5lqn2xq3kqxvp4d7gwqdue5jznk2ter2teg83gu" - ] - ], - "sequence_number": 0 - } -] diff --git a/deployments/charts/penumbra-network/templates/NOTES.txt b/deployments/charts/penumbra-network/templates/NOTES.txt deleted file mode 100644 index 0237744199..0000000000 --- a/deployments/charts/penumbra-network/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -{{ $val_name := printf "%s-val-0" (include "penumbra-network.fullname" .) }} -Deployed a Penumbra network, with {{ .Values.network.num_validators }} validators. -The network can be joined *within the cluster* like so: - - pd testnet join http://{{ $val_name }}:26657 - -Consider joining fullnodes to the network, and exposing the RPC services -for those fullnodes via ingress. diff --git a/deployments/charts/penumbra-network/templates/_helpers.tpl b/deployments/charts/penumbra-network/templates/_helpers.tpl deleted file mode 100644 index 4c00b78776..0000000000 --- a/deployments/charts/penumbra-network/templates/_helpers.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "penumbra-network.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "penumbra-network.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- if .Values.network.chain_id }} -{{- printf "%s-%s" .Release.Name .Values.network.chain_id | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "penumbra-network.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "penumbra-network.part_of" }} -{{- if .Values.part_of }} -{{- printf "%s" .Values.part_of }} -{{- else }} -{{- printf "%s" .Release.Name }} -{{- end }} -{{- end }} - -{{- define "penumbra-network.labels" -}} -helm.sh/chart: {{ include "penumbra-network.chart" . }} -{{ include "penumbra-network.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: {{ include "penumbra-network.part_of" . }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "penumbra-network.selectorLabels" -}} -app.kubernetes.io/name: {{ include "penumbra-network.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "penumbra-network.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "penumbra-network.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-network/templates/configmap-genesis-validators.yaml b/deployments/charts/penumbra-network/templates/configmap-genesis-validators.yaml deleted file mode 100644 index 8ca224e566..0000000000 --- a/deployments/charts/penumbra-network/templates/configmap-genesis-validators.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "penumbra-network.fullname" . }}-genesis-validators - annotations: - # Use a pre-install hook, so the configmap is created early enough for the - # generation job to use it. - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "5" -data: - validators.json: {{ .Files.Get (printf "files/validators.json") | quote }} diff --git a/deployments/charts/penumbra-network/templates/ingress.yaml b/deployments/charts/penumbra-network/templates/ingress.yaml deleted file mode 100644 index 1c86f91d71..0000000000 --- a/deployments/charts/penumbra-network/templates/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{ $rpc_svc_name := printf "%s-rpc" (include "penumbra-network.fullname" $) }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: {{ include "penumbra-network.fullname" . }}-https -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`{{ .Values.ingress.fqdn }}`) && PathPrefix(`/pd/`) - middlewares: - - name: strip-prefix-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - services: - - name: {{ $rpc_svc_name }} - port: 8080 - scheme: h2c - - kind: Rule - match: Host(`{{ .Values.ingress.fqdn }}`) && PathPrefix(`/tm/`) - middlewares: - - name: strip-prefix-{{ .Release.Name }} - namespace: {{ .Release.Namespace }} - services: - - name: {{ $rpc_svc_name }} - port: 26657 - tls: - domains: - - main: {{ .Values.ingress.fqdn }} - secretName: {{ .Values.ingress.secretName }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: strip-prefix-{{ .Release.Name }} -spec: - stripPrefix: - prefixes: - - /tm/ - - /pd/ -{{- end }} diff --git a/deployments/charts/penumbra-network/templates/job-generate.yaml b/deployments/charts/penumbra-network/templates/job-generate.yaml deleted file mode 100644 index 60726b6580..0000000000 --- a/deployments/charts/penumbra-network/templates/job-generate.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{ $count := (.Values.network.num_validators | int) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "penumbra-network.fullname" . }}-pd-testnet-generate - labels: - app.kubernetes.io/component: genesis-generator - {{- include "penumbra-network.labels" . | nindent 4 }} - annotations: - # Use a pre-install hook, to create genesis before validators are deployed. - "helm.sh/hook": pre-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "40" -spec: - template: - metadata: - name: {{ include "penumbra-network.fullname" . }}-pd-testnet-generate - labels: - app.kubernetes.io/component: genesis-generator - {{- include "penumbra-network.labels" . | nindent 4 }} - spec: - restartPolicy: Never - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - volumes: - - name: shared-config - persistentVolumeClaim: - claimName: {{ include "penumbra-network.fullname" . }}-shared-config - - # Prepare config volumes for each validator, so we can copy per-val dirs - # to each PV after network generation. - {{ range $i,$e := until $count }} - {{ $val_name := printf "%s-val-%d" (include "penumbra-network.fullname" $) $i }} - # The `pvc_name` must match the volumes created by the StatefulSet. - {{ $pvc_name := printf "penumbra-config-%s" $val_name }} - - name: {{ $val_name }}-config - {{- if $.Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ $pvc_name }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - # Use custom `--validators-input-file` JSON. - - name: shared-config-vals - configMap: - name: {{ include "penumbra-network.fullname" . }}-genesis-validators - items: - - key: "validators.json" - path: "validators.json" - - containers: - - name: pd - securityContext: - # Run as root during init, so we can chown to penumbra & cometbft uids. - # The application itself will run as a normal user. - runAsUser: 0 - runAsGroup: 0 - allowPrivilegeEscalation: true - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- toYaml $.Values.containerEnv | nindent 12 }} - command: - - sh - - -c - - | - set -eux - find /penumbra-config/ | sort - pd testnet --testnet-dir /penumbra-config/testnet_data generate \ - {{- if .Values.network.chain_id }} - --chain-id {{ .Values.network.chain_id }} \ - {{- end }} - {{- if .Values.network.preserve_chain_id }} - --preserve-chain-id \ - {{- end }} - {{- if .Values.network.epoch_duration }} - --epoch-duration {{ .Values.network.epoch_duration }} \ - {{- end }} - {{- if .Values.network.proposal_voting_blocks }} - --proposal-voting-blocks {{ .Values.network.proposal_voting_blocks }} \ - {{- end }} - --validators-input-file /penumbra/validators.json \ - {{- if .Values.network.external_addresses }} - --external-addresses {{ .Values.network.external_addresses }} - {{- end }} - - # copy validator configs to volume mounts - {{ range $i,$e := until $count }} - {{ $val_name := printf "%s-val-%d" (include "penumbra-network.fullname" $) $i }} - - >&2 printf 'Configuring validator %d/%d...\n' "{{ $i }}" "{{ $count }}" - # rename subdir to "node0" so we don't have to look up val ordinal when specifying homedir. - mv -v /penumbra-config/testnet_data/node{{ $i }} /penumbra-config/{{ $val_name }}/node0 - - # set ownership for pd user - chown -R 1000:1000 /penumbra-config/{{ $val_name }} - - # set ownership for cometbft configs to match cometbft container "tmuser" uid/gid - chown -R 100:1000 /penumbra-config/{{ $val_name }}/node0/cometbft - - ls -lsR /penumbra-config - {{ end }} - - echo "Network config generated, exiting" - exit 0 - - volumeMounts: - - name: shared-config - mountPath: /penumbra-config - - name: shared-config-vals - mountPath: /penumbra - readOnly: true - {{ range $i,$e := until $count }} - {{ $val_name := printf "%s-val-%d" (include "penumbra-network.fullname" $) $i }} - - name: {{ $val_name }}-config - mountPath: /penumbra-config/{{ $val_name }} - {{ end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/deployments/charts/penumbra-network/templates/pvc.yaml b/deployments/charts/penumbra-network/templates/pvc.yaml deleted file mode 100644 index 26da28d3e3..0000000000 --- a/deployments/charts/penumbra-network/templates/pvc.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -{{- if .Values.persistence.enabled }} -# Shared volume for generating network data. Per-validator configs -# will be copied out of this shared volume, into separate PVCs. -{{ $shared_pvc_name := printf "%s-shared-config" (include "penumbra-network.fullname" .) }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ $shared_pvc_name }} - labels: - app.kubernetes.io/component: genesis-generator - {{- include "penumbra-network.labels" . | nindent 4 }} - annotations: - # Use a pre-install hook, to ensure volumes exist for genesis creation job. - "helm.sh/hook": pre-install - # Ensure the genesis data is protected from accidental deletion. - "helm.sh/resource-policy": keep - "helm.sh/hook-weight": "5" -spec: - accessModes: {{ .Values.persistence.accessModes }} - resources: - requests: - # We hardcode 1G for the genesis creation volume, using the custom storage - # size on the per-validator PVCs below. - storage: 1G - {{- if .Values.persistence.storageClassName }} - storageClassName: {{ .Values.persistence.storageClassName }} - {{- end }} - -# Also provision PVCs for each validator. Normally we'd let the StatefulSet -# volumeClaimTemplate handle this, but we need the PVCs available in a pre-install hook, -# so we create them with helm annotations in a loop. The names of the PVCs must match -# those in the VCTs. -{{ $count := (.Values.network.num_validators | int) }} -{{ range $i,$e := until $count }} -{{ $val_name := printf "%s-val-%d" (include "penumbra-network.fullname" $) $i }} -# The `pvc_name` must match the PVC created by the StatefulSet. -{{ $pvc_name := printf "penumbra-config-%s" $val_name }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ $pvc_name }} - labels: - app.kubernetes.io/component: genesis-validator - {{- include "penumbra-network.labels" $ | nindent 4 }} - annotations: - # Use a pre-install hook, to ensure volumes exist for genesis creation job. - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "5" -spec: - accessModes: {{ $.Values.persistence.accessModes }} - resources: - requests: - storage: {{ $.Values.persistence.size }} - {{- if $.Values.persistence.storageClassName }} - storageClassName: {{ $.Values.persistence.storageClassName }} - {{- end }} -{{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-network/templates/service.yaml b/deployments/charts/penumbra-network/templates/service.yaml deleted file mode 100644 index 22e05f8a0f..0000000000 --- a/deployments/charts/penumbra-network/templates/service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $count := (.Values.network.num_validators | int) }} -{{ range $i,$e := until $count }} -{{ $val_name := printf "%s-val-%d" (include "penumbra-network.fullname" $) $i }} -{{ $rpc_svc_name := printf "%s" $val_name }} -{{ $p2p_svc_name := printf "%s-p2p" $val_name }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ $rpc_svc_name }} - labels: - app: {{ $rpc_svc_name }} - {{- include "penumbra-network.labels" $ | nindent 4 }} -spec: - type: ClusterIP - selector: - statefulset.kubernetes.io/pod-name: {{ $val_name }} - {{- include "penumbra-network.selectorLabels" $ | nindent 4 }} - ports: - - protocol: TCP - port: 26657 - targetPort: tm-rpc - name: tm-rpc - - protocol: TCP - port: 8080 - targetPort: pd-grpc - name: pd-grpc - - protocol: TCP - port: 9000 - targetPort: pd-metrics - name: pd-metrics - - protocol: TCP - port: 26660 - targetPort: tm-metrics - name: tm-metrics ---- -apiVersion: v1 -kind: Service -metadata: - # P2P service is a LoadBalancer with externalTrafficPolicy=Local by default, - # because no other networking setup makes sense. We need the source IP preserved - # for TM P2P to work. - name: {{ $p2p_svc_name }} - {{- if $.Values.preserve_lb_svc }} - annotations: - "helm.sh/resource-policy": keep - {{- end }} - labels: - app: {{ $p2p_svc_name }} - app.kubernetes.io/component: p2p - "helm.sh/resource-policy": keep - {{- include "penumbra-network.labels" $ | nindent 4 }} -spec: - externalTrafficPolicy: Local - ports: - - name: tm-p2p - port: 26656 - protocol: TCP - targetPort: 26656 - selector: - statefulset.kubernetes.io/pod-name: {{ $val_name }} - {{- include "penumbra-network.selectorLabels" $ | nindent 4 }} - type: LoadBalancer -{{ end }} diff --git a/deployments/charts/penumbra-network/templates/serviceaccount.yaml b/deployments/charts/penumbra-network/templates/serviceaccount.yaml deleted file mode 100644 index d6d216a016..0000000000 --- a/deployments/charts/penumbra-network/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "penumbra-network.serviceAccountName" . }} - labels: - {{- include "penumbra-network.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-network/templates/statefulset.yaml b/deployments/charts/penumbra-network/templates/statefulset.yaml deleted file mode 100644 index 4a230fd732..0000000000 --- a/deployments/charts/penumbra-network/templates/statefulset.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if .Values.only_lb_svc }} -{{- else }} -{{ $count := (.Values.network.num_validators | int) }} -{{ $val_name := printf "%s-val" (include "penumbra-network.fullname" $) }} -{{ $pvc_name := "penumbra-config" }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $val_name }} - labels: - app: {{ $val_name }} - app.kubernetes.io/component: genesis-validator - app.kubernetes.io/part-of: {{ include "penumbra-network.part_of" $ }} - {{- include "penumbra-network.labels" $ | nindent 4 }} -spec: - podManagementPolicy: Parallel - replicas: {{ $count }} - volumeClaimTemplates: - - metadata: - name: {{ $pvc_name }} - labels: - app.kubernetes.io/component: genesis-validator - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - app.kubernetes.io/component: genesis-validator - {{- include "penumbra-network.selectorLabels" $ | nindent 6 }} - updateStrategy: - type: RollingUpdate - template: - metadata: - {{- with $.Values.podAnnotations }} - annotations: - {{- toYaml $ | nindent 8 }} - {{- end }} - labels: - app: {{ $val_name }} - app.kubernetes.io/part-of: {{ include "penumbra-network.part_of" $ }} - app.kubernetes.io/component: genesis-validator - {{- include "penumbra-network.selectorLabels" $ | nindent 8 }} - spec: - # Force the pods to different k8s nodes, so that egress ip is unique per CometBFT node. - # Effectively limits the number of Penumbra nodes to the number of k8s nodes in the cluster. - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/part-of" - operator: In - values: - - {{ include "penumbra-network.part_of" $ }} - - key: "app.kubernetes.io/component" - operator: In - values: - - fullnode - - genesis-validator - topologyKey: kubernetes.io/hostname - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml $ | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "penumbra-network.serviceAccountName" $ }} - securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} - containers: - - name: pd - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} - command: - {{- if .Values.maintenanceMode }} - - sleep - - infinity - {{- else }} - - /usr/bin/pd - - start - - --grpc-bind - - "0.0.0.0:8080" - - --metrics-bind - - "0.0.0.0:9000" - - --home - - "/penumbra-config/{{ $val_name }}/node0/pd" - {{- end }} - env: - {{- toYaml $.Values.containerEnv | nindent 12 }} - ports: - - name: pd-grpc - containerPort: 8080 - protocol: TCP - - name: pd-metrics - containerPort: 9000 - protocol: TCP - - name: pd-abci - containerPort: 26658 - protocol: TCP - {{- if .Values.maintenanceMode }} - {{- else }} - readinessProbe: - tcpSocket: - port: pd-grpc - timeoutSeconds: 5 - initialDelaySeconds: 20 - {{- end }} - resources: - {{- toYaml $.Values.resources | nindent 12 }} - securityContext: - runAsUser: {{ .Values.maintenanceMode | ternary 0 .Values.securityContext.runAsUser }} - volumeMounts: - - name: {{ $pvc_name }} - mountPath: /penumbra-config/{{ $val_name }} - - - name: cometbft - image: "{{ $.Values.cometbft.image.repository }}:{{ $.Values.cometbft.image.tag }}" - imagePullPolicy: {{ $.Values.cometbft.image.pullPolicy }} - command: - {{- if .Values.maintenanceMode }} - - sleep - - infinity - {{- else }} - - cometbft - - start - - --proxy_app=tcp://127.0.0.1:26658 - {{- end }} - ports: - - name: tm-p2p - containerPort: 26656 - protocol: TCP - - name: tm-rpc - containerPort: 26657 - protocol: TCP - - name: tm-metrics - containerPort: 26660 - protocol: TCP - {{- if .Values.maintenanceMode }} - {{- else }} - readinessProbe: - tcpSocket: - port: tm-rpc - timeoutSeconds: 10 - initialDelaySeconds: 10 - {{- end }} - resources: - {{- toYaml $.Values.resources | nindent 12 }} - volumeMounts: - - name: {{ $pvc_name }} - subPath: node0/cometbft - mountPath: /cometbft - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml $ | nindent 8 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml $ | nindent 8 }} - {{- end }} - {{- with $.Values.tolerations }} - tolerations: - {{- toYaml $ | nindent 8 }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-network/values.yaml b/deployments/charts/penumbra-network/values.yaml deleted file mode 100644 index 6f9537353a..0000000000 --- a/deployments/charts/penumbra-network/values.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# Default values for penumbra-network helm chart. - -replicaCount: 1 - -image: - # repository: harbor.ruin.dev/library/penumbra - repository: ghcr.io/penumbra-zone/penumbra - pullPolicy: Always - # "latest" tag means most recently deployed testnet tag. - # Use "main" for tracking preview. - tag: latest - -# Overrides for the generated network. Basically a simple -# translation layer between the YAML and the CLI flags -# on `pd testnet generate`. -network: - # If chain_id is empty, a random one should be generated, - # so that the PV can contain its name as well as the name be - # passed to pd on cli. - chain_id: - # Whether to use the chain id exactly as specified, rather than - # the default behavior of appending a random suffix. - preserve_chain_id: false - # WARNING: only SocketAddrs are supported, due to bug in `pd testnet join`. - # It'd be grand to have a DNS hostname in here, e.g. `veil.petrichor.guru:31888`. - # external_addresses: veil.petrichor.guru:31888 - external_addresses: "" - # Customization of the voting period for governance proposals. - # Dial this down if you want faster voting for testing. - proposal_voting_blocks: - # Set the length of an epoch, in blocks. If not set, uses pd's default. - epoch_duration: - # How many validators are present at genesis. This number must - # match the count in the JSON file used to define the validators. - num_validators: 2 - -# Whether to preserve the LB service, in effect reserving the same IP -# for subsequent deploys. This costs money! But sure is convenient. -preserve_lb_svc: false - -# Whether to configure *only* the LoadBalancer Services, in order to provision -# the public IPs prior to application deployment. This allows polling the IPs -# and using them as config inputs, via values. -only_lb_svc: false - -# The container run commands are used for the validators' pd instances, -# after testnet config has been generated. -containerCmd: - - /usr/bin/pd -containerArgs: - - start - - --grpc-bind - - 0.0.0.0:8080 - - --home - # store state in emptyDir for now - - /penumbra-config/testnet_data/node0/pd - -# Environment variables for pd containers. -containerEnv: - - name: RUST_LOG - value: info,pd=debug,penumbra=debug - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -# Custom label for aggregating network, nodes, and metrics into a cohesive deployment. -# Maps to the 'app.kubernetes.io/part-of' label. Defaults to .Release.Name in helpers. -part_of: "" - -service: - type: LoadBalancer - externalTrafficPolicy: Local - port: 26656 - -# Whether to place the application in "maintenance mode", effectively stopping pd and cometbft, -# allowing an administrator to inspect and munge local state, e.g. to perform a chain upgrade. -# Makes two changes: 1) sets the `command` for the containers to `sleep infinity`; and 2) sets -# the uid for the pd container to 0/root -maintenanceMode: false - -# configure PVCs for disk data -persistence: - enabled: false - storageClassName: - accessModes: - - ReadWriteOnce - size: 10G - -# Container image for CometBFT -cometbft: - image: - repository: cometbft/cometbft - pullPolicy: IfNotPresent - # https://github.com/cometbft/cometbft#supported-versions - tag: "v0.37.5" - containerArgs: - - start - - --proxy_app=tcp://127.0.0.1:26658 - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: - # The Penumbra container sets 1000 as default UID. We'll use that by default. - # See also `maintenanceMode=true`, which overrides this to 0. - runAsUser: 1000 - - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - -# N.B. Only `IngressRoute`, a custom CRD specific to Traefik ingress controller -# is supported. This is because a traditional Ingress object doesn't allow us -# to force a backend scheme of h2c, which is required for pd's gRPC service. -ingressRoute: - enabled: false - hosts: - grpc: grpc.chart-example.local - rpc: "" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/deployments/charts/penumbra-node/.helmignore b/deployments/charts/penumbra-node/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/deployments/charts/penumbra-node/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deployments/charts/penumbra-node/Chart.yaml b/deployments/charts/penumbra-node/Chart.yaml deleted file mode 100644 index abdc2ea6a4..0000000000 --- a/deployments/charts/penumbra-node/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: penumbra-node -description: Run Penumbra nodes and/or validators - -type: application -version: 0.1.0 -appVersion: "1.16.0" diff --git a/deployments/charts/penumbra-node/files/pd-init b/deployments/charts/penumbra-node/files/pd-init deleted file mode 100755 index 46fa7e3e31..0000000000 --- a/deployments/charts/penumbra-node/files/pd-init +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -# Entrypoint script to build args for Penumbra's pd, -# based on StatefulSet k8s ordinal. -set -euo pipefail - - -if ! [[ $HOSTNAME =~ -([0-9]+)$ ]] ; then - >&2 echo "ERROR: hostname did not have a numeric suffix" - exit 1 -fi - - -# Disable shellcheck for unused variable; it can't tell we use the var -# in the jq command below. -# shellcheck disable=SC2034 -statefulset_ordinal="${BASH_REMATCH[1]}" - -# Raw Helm vars translated to JSON representation in this file. -node_info_filepath="/opt/penumbra/nodes.json" - ->&2 echo "Configuring node '$statefulset_ordinal' with node info:" -jq < "$node_info_filepath" - -# Unpack the JSON Helm vars as Bash env vas. -function get_var() { - local v - local json_address - json_address="${1:-}" - shift 1 - v="$(jq -r ".[$statefulset_ordinal].$json_address" "$node_info_filepath")" - if [[ $v = "null" ]]; then - v="" - fi - echo "$v" -} - -external_address_flag="" -external_address="$(get_var "external_address")" -if [[ -n $external_address ]] ; then - external_address_flag="--external-address $external_address" -fi - -moniker_flag="" -moniker="$(get_var "moniker")" -if [[ -n $moniker ]] ; then - moniker_flag="--moniker $moniker" -fi - -seed_mode="$(get_var "seed_mode")" -if [[ "$seed_mode" = "true" ]] ; then - seed_mode="true" -else - seed_mode="false" -fi - -# we must write into a subdir of the volumeMount, because the "--testnet-dir" arg -# to "pd testnet join" must point to a non-existent directory, and the volumeMount -# will always exist. -# -if ! test -d /penumbra-config/testnet_data ; then - echo "No pre-existing testnet data, pulling fresh info" - # shellcheck disable=SC2086 - pd testnet --testnet-dir /penumbra-config/testnet_data join \ - --tendermint-p2p-bind 0.0.0.0:26656 \ - --tendermint-rpc-bind 0.0.0.0:26657 \ - $external_address_flag \ - $moniker_flag \ - "$PENUMBRA_BOOTSTRAP_URL" - - if [[ "$PENUMBRA_COMETBFT_INDEXER" = "psql" ]] ; then - sed -i -e "s#^indexer.*#indexer = \"psql\"\\npsql-conn = \"$COMETBFT_POSTGRES_CONNECTION_URL\"#" \ - "/penumbra-config/testnet_data/node0/cometbft/config/config.toml" - fi -fi - -# set ownership for pd user -chown -R 1000:1000 /penumbra-config/testnet_data - -# apply external address. useful for a two-pass deploy, in which external ips -# are created after first deploy. -sed -i -e "s/external_address.*/external_address = \"$external_address\"/" /penumbra-config/testnet_data/node0/cometbft/config/config.toml -sed -i -e "s/moniker.*/moniker = \"$moniker\"/" /penumbra-config/testnet_data/node0/cometbft/config/config.toml - -# configure peer settings -sed -i -e "s/max_num_inbound_peers.*/max_num_inbound_peers = $COMETBFT_CONFIG_P2P_MAX_NUM_INBOUND_PEERS/" /penumbra-config/testnet_data/node0/cometbft/config/config.toml -sed -i -e "s/max_num_outbound_peers.*/max_num_outbound_peers = $COMETBFT_CONFIG_P2P_MAX_NUM_OUTBOUND_PEERS/" /penumbra-config/testnet_data/node0/cometbft/config/config.toml - -# configure seed node, defaulting to false if unspecified. -sed -i -e "s/^seed_mode.*/seed_mode = \"$seed_mode\"/" /penumbra-config/testnet_data/node0/cometbft/config/config.toml - -# set ownership for cometbft configs to match cometbft container "tmuser" uid/gid -chown -R 100:1000 /penumbra-config/testnet_data/node0/cometbft diff --git a/deployments/charts/penumbra-node/files/postgres-cometbft-schema.sql b/deployments/charts/penumbra-node/files/postgres-cometbft-schema.sql deleted file mode 100644 index ce5a241bad..0000000000 --- a/deployments/charts/penumbra-node/files/postgres-cometbft-schema.sql +++ /dev/null @@ -1,85 +0,0 @@ -/* - This file defines the database schema for the PostgresQL ("psql") event sink - implementation in CometBFT. The operator must create a database and install - this schema before using the database to index events. - */ - --- The blocks table records metadata about each block. --- The block record does not include its events or transactions (see tx_results). -CREATE TABLE blocks ( - rowid BIGSERIAL PRIMARY KEY, - - height BIGINT NOT NULL, - chain_id VARCHAR NOT NULL, - - -- When this block header was logged into the sink, in UTC. - created_at TIMESTAMPTZ NOT NULL, - - UNIQUE (height, chain_id) -); - --- Index blocks by height and chain, since we need to resolve block IDs when --- indexing transaction records and transaction events. -CREATE INDEX idx_blocks_height_chain ON blocks(height, chain_id); - --- The tx_results table records metadata about transaction results. Note that --- the events from a transaction are stored separately. -CREATE TABLE tx_results ( - rowid BIGSERIAL PRIMARY KEY, - - -- The block to which this transaction belongs. - block_id BIGINT NOT NULL REFERENCES blocks(rowid), - -- The sequential index of the transaction within the block. - index INTEGER NOT NULL, - -- When this result record was logged into the sink, in UTC. - created_at TIMESTAMPTZ NOT NULL, - -- The hex-encoded hash of the transaction. - tx_hash VARCHAR NOT NULL, - -- The protobuf wire encoding of the TxResult message. - tx_result BYTEA NOT NULL, - - UNIQUE (block_id, index) -); - --- The events table records events. All events (both block and transaction) are --- associated with a block ID; transaction events also have a transaction ID. -CREATE TABLE events ( - rowid BIGSERIAL PRIMARY KEY, - - -- The block and transaction this event belongs to. - -- If tx_id is NULL, this is a block event. - block_id BIGINT NOT NULL REFERENCES blocks(rowid), - tx_id BIGINT NULL REFERENCES tx_results(rowid), - - -- The application-defined type label for the event. - type VARCHAR NOT NULL -); - --- The attributes table records event attributes. -CREATE TABLE attributes ( - event_id BIGINT NOT NULL REFERENCES events(rowid), - key VARCHAR NOT NULL, -- bare key - composite_key VARCHAR NOT NULL, -- composed type.key - value VARCHAR NULL, - - UNIQUE (event_id, key) -); - --- A joined view of events and their attributes. Events that do not have any --- attributes are represented as a single row with empty key and value fields. -CREATE VIEW event_attributes AS - SELECT block_id, tx_id, type, key, composite_key, value - FROM events LEFT JOIN attributes ON (events.rowid = attributes.event_id); - --- A joined view of all block events (those having tx_id NULL). -CREATE VIEW block_events AS - SELECT blocks.rowid as block_id, height, chain_id, type, key, composite_key, value - FROM blocks JOIN event_attributes ON (blocks.rowid = event_attributes.block_id) - WHERE event_attributes.tx_id IS NULL; - --- A joined view of all transaction events. -CREATE VIEW tx_events AS - SELECT height, index, chain_id, type, key, composite_key, value, tx_results.created_at - FROM blocks JOIN tx_results ON (blocks.rowid = tx_results.block_id) - JOIN event_attributes ON (tx_results.rowid = event_attributes.tx_id) - WHERE event_attributes.tx_id IS NOT NULL; diff --git a/deployments/charts/penumbra-node/templates/NOTES.txt b/deployments/charts/penumbra-node/templates/NOTES.txt deleted file mode 100644 index 1cb2c190af..0000000000 --- a/deployments/charts/penumbra-node/templates/NOTES.txt +++ /dev/null @@ -1,23 +0,0 @@ -Penumbra full node config has been deployed! -{{- $count := (.Values.nodes | len | int) }} -Total count of fullnodes: {{ $count }} -{{ if .Values.ingressRoute.enabled }} -You can access the pd gRPC service here: - - https://{{.Values.ingressRoute.hosts.pd }} - -You can access the CometBFT RPC service here: - - https://{{.Values.ingressRoute.hosts.tm }} - -To check progress on synchronizing with the latest transactions on chain, -run this command locally: - - curl -s https://{{ .Values.ingressRoute.hosts.tm }}/status | jq .result.sync_info.catching_up - -{{- else }} -You have not enabled an ingress (via `ingressRoute.enabled=true`), -so consult the logs to ensure that CometBFT is processing blocks -to catch up with the network. Even without an HTTPS ingress, -your node is still able to interact with the network. -{{- end }} diff --git a/deployments/charts/penumbra-node/templates/_helpers.tpl b/deployments/charts/penumbra-node/templates/_helpers.tpl deleted file mode 100644 index d7cea5f0ca..0000000000 --- a/deployments/charts/penumbra-node/templates/_helpers.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "penumbra-node.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "penumbra-node.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "penumbra-node.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "penumbra-node.labels" -}} -helm.sh/chart: {{ include "penumbra-node.chart" . }} -{{ include "penumbra-node.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.part_of }} -app.kubernetes.io/part-of: {{ .Values.part_of }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "penumbra-node.selectorLabels" -}} -app.kubernetes.io/name: {{ include "penumbra-node.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "penumbra-node.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "penumbra-node.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-node/templates/configmap-pd-init.yaml b/deployments/charts/penumbra-node/templates/configmap-pd-init.yaml deleted file mode 100644 index 0d03b08c27..0000000000 --- a/deployments/charts/penumbra-node/templates/configmap-pd-init.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "penumbra-node.fullname" . }}-pd-init - labels: - {{- include "penumbra-node.labels" . | nindent 4 }} -data: - # Mount in the init shell script, for preparing config data. - pd-init: {{ .Files.Get (printf "files/pd-init") | quote }} - # Translate the Helm values for `nodes: []` to a JSON file - # within the pod, so the values are available to the init script. - nodes.json: {{ .Values.nodes | toJson | quote }} diff --git a/deployments/charts/penumbra-node/templates/configmap-postgresql-cometbft-schema.yaml b/deployments/charts/penumbra-node/templates/configmap-postgresql-cometbft-schema.yaml deleted file mode 100644 index 3e57537d1b..0000000000 --- a/deployments/charts/penumbra-node/templates/configmap-postgresql-cometbft-schema.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -{{- /* -The database schema file for CometBFT is required for event indexing via postgres. -See more info at "https://docs.cometbft.com/v0.37/app-dev/indexing-transactions#postgresql". -*/}} -{{- if eq .Values.cometbft.config.indexer "psql" }} -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "penumbra-node.fullname" . }}-postgres-schema -data: - postgres-cometbft-schema.sql: {{ .Files.Get (printf "files/postgres-cometbft-schema.sql") | quote }} -{{ end }} diff --git a/deployments/charts/penumbra-node/templates/ingressroute.yaml b/deployments/charts/penumbra-node/templates/ingressroute.yaml deleted file mode 100644 index b04d95c4a1..0000000000 --- a/deployments/charts/penumbra-node/templates/ingressroute.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.ingressRoute.enabled -}} -{{ $count := (.Values.nodes | len | int) }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: {{ .Release.Name }}-https - labels: - {{- include "penumbra-node.labels" . | nindent 4 }} -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`{{ .Values.ingressRoute.hosts.pd }}`) - {{- with .Values.ingressRoute.middlewares }} - middlewares: - {{- toYaml . | nindent 6 }} - {{- end }} - services: -{{- /* -Skip nodes with seed_mode=true when looping over nodes, to exclude from LB RPCs. -Otherwise, RPC can return surprising results, like very low numbers of peers. -*/}} -{{- range $i,$e := until $count }} -{{- $seed_mode := (index $.Values.nodes $i).seed_mode | default false }} -{{- if $seed_mode }} -{{- else }} -{{ $rpc_svc_name := printf "%s-fn-%d" $.Release.Name $i }} - - name: {{ $rpc_svc_name }} - port: 8080 - scheme: h2c -{{- end }} -{{- end }} - - kind: Rule - match: Host(`{{ .Values.ingressRoute.hosts.tm }}`) - services: -{{- range $i,$e := until $count }} -{{- $seed_mode := (index $.Values.nodes $i).seed_mode | default false }} -{{- if $seed_mode }} -{{- else }} -{{ $rpc_svc_name := printf "%s-fn-%d" $.Release.Name $i }} - - name: {{ $rpc_svc_name }} - port: 26657 -{{- end }} -{{- end }} - tls: - domains: - - main: {{ .Values.ingressRoute.hosts.pd }} - sans: - - {{ .Values.ingressRoute.hosts.tm }} - secretName: {{ .Values.ingressRoute.secretName }} -{{- end }} diff --git a/deployments/charts/penumbra-node/templates/service.yaml b/deployments/charts/penumbra-node/templates/service.yaml deleted file mode 100644 index d7b72a6e52..0000000000 --- a/deployments/charts/penumbra-node/templates/service.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{ $count := (.Values.nodes | len | int) }} -{{ range $i,$e := until $count }} -{{- /* -We set the service names to include the string "-fn" -for compatibility reasons: doing so allows us to reuse pre-existing -services and their associated IPs. -*/}} -{{ $fn_name := printf "%s-%d" $.Release.Name $i }} -{{ $rpc_svc_name := printf "%s-fn-%d" $.Release.Name $i }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $rpc_svc_name }} - labels: - app.kubernetes.io/component: rpc - {{- include "penumbra-node.labels" $ | nindent 4 }} -spec: - type: ClusterIP - ports: - - name: pd-grpc - port: 8080 - targetPort: 8080 - protocol: TCP - - name: pd-metrics - port: 9000 - targetPort: 9000 - protocol: TCP - - name: tm-rpc - port: 26657 - targetPort: 26657 - protocol: TCP - - name: tm-metrics - port: 26660 - targetPort: 26660 - protocol: TCP - {{- if eq $.Values.cometbft.config.indexer "psql" }} - - name: postgres - port: 5432 - targetPort: 5432 - protocol: TCP - {{- end }} - selector: - statefulset.kubernetes.io/pod-name: {{ $fn_name }} - {{- include "penumbra-node.selectorLabels" $ | nindent 4 }} - -{{- if (index $.Values.nodes $i).external_address -}} -{{- /* -We only configure an external LoadBalancer service for p2p -if an IP has been provided. This logic is awkward because we must -first create the LB to get an IP, then use that IP in the config -for CometBFT. Using an operator pattern would enable us to sidestep this. -*/}} -{{ $p2p_svc_name := printf "%s-fn-%d-p2p" $.Release.Name $i }} ---- -apiVersion: v1 -kind: Service -metadata: - # P2P service is a LoadBalancer with externalTrafficPolicy=Local by default, - # because no other networking setup makes sense. We need the source IP preserved - # for CometBFT P2P to work. - name: {{ $p2p_svc_name }} - {{- if $.Values.preserve_lb_svc }} - annotations: - "helm.sh/resource-policy": keep - {{- end }} - labels: - app.kubernetes.io/component: p2p - {{- include "penumbra-node.labels" $ | nindent 4 }} -spec: - externalTrafficPolicy: Local - ports: - - name: tm-p2p - port: 26656 - protocol: TCP - targetPort: 26656 - selector: - statefulset.kubernetes.io/pod-name: {{ $fn_name }} - {{- include "penumbra-node.selectorLabels" $ | nindent 4 }} - type: LoadBalancer -{{ end }} -{{ end }} diff --git a/deployments/charts/penumbra-node/templates/serviceaccount.yaml b/deployments/charts/penumbra-node/templates/serviceaccount.yaml deleted file mode 100644 index 219bf2e906..0000000000 --- a/deployments/charts/penumbra-node/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "penumbra-node.serviceAccountName" . }} - labels: - {{- include "penumbra-node.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/deployments/charts/penumbra-node/templates/statefulset.yaml b/deployments/charts/penumbra-node/templates/statefulset.yaml deleted file mode 100644 index 3ef80338c3..0000000000 --- a/deployments/charts/penumbra-node/templates/statefulset.yaml +++ /dev/null @@ -1,361 +0,0 @@ -{{ $fn_name := printf "%s" .Release.Name }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ $fn_name }} - labels: - {{- include "penumbra-node.labels" . | nindent 4 }} - "app.kubernetes.io/component": fullnode - {{- if .Values.part_of }} - "app.kubernetes.io/part-of": {{ .Values.part_of }} - {{- end }} -spec: - podManagementPolicy: Parallel - replicas: {{ .Values.nodes | len | int }} - volumeClaimTemplates: - - metadata: - name: penumbra-config - labels: - {{- include "penumbra-node.labels" . | nindent 10 }} - "app.kubernetes.io/component": fullnode - {{- if .Values.part_of }} - "app.kubernetes.io/part-of": {{ .Values.part_of }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- if eq .Values.cometbft.config.indexer "psql" }} - - metadata: - name: db - labels: - {{- include "penumbra-node.labels" . | nindent 10 }} - "app.kubernetes.io/component": fullnode - {{- if .Values.part_of }} - "app.kubernetes.io/part-of": {{ .Values.part_of }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 10Gi - {{- end }} - - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - # has to match .spec.template.metadata.labels - {{- include "penumbra-node.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "penumbra-node.labels" . | nindent 8 }} - {{- include "penumbra-node.selectorLabels" . | nindent 8 }} - spec: - # Force the pods to different k8s nodes, so that egress ip is unique per CometBFT node. - # Effectively limits the number of Penumbra nodes to the number of k8s nodes in the cluster. - # Setting `allow_duplicate_ip=true` in CometBFT config removes this constraint. - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - {{- if .Values.part_of }} - - key: "app.kubernetes.io/part-of" - operator: In - values: - - {{ .Values.part_of }} - {{- end }} - - key: "app.kubernetes.io/component" - operator: In - values: - - fullnode - - genesis-validator - topologyKey: kubernetes.io/hostname - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - volumes: - - name: penumbra-init - configMap: - name: {{ include "penumbra-node.fullname" . }}-pd-init - items: - - key: "pd-init" - path: "pd-init" - - key: "nodes.json" - path: "nodes.json" - {{- if eq .Values.cometbft.config.indexer "psql" }} - - name: postgres-schema - configMap: - name: {{ include "penumbra-node.fullname" . }}-postgres-schema - items: - - key: "postgres-cometbft-schema.sql" - path: "postgres-cometbft-schema.sql" - # Create emptyDir volume for /dev/shm, otherwise large psql queries for frontends will fail. - - name: dshm - emptyDir: - medium: Memory - size: 1G - {{ end }} - {{- if .Values.postgres.certificateSecretName }} - - name: db-certificates - secret: - secretName: {{ .Values.postgres.certificateSecretName }} - defaultMode: 0600 - items: - - key: "tls.crt" - path: "server.crt" - - key: "tls.key" - path: "server.key" - {{ end }} - {{- if .Values.maintenanceMode }} - {{- else }} - initContainers: - - name: pd-init - securityContext: - # Run as root during init, so we can chown to penumbra & cometbft uids. - # The application itself will run as a normal user. - runAsUser: 0 - runAsGroup: 0 - allowPrivilegeEscalation: true - env: - - name: PENUMBRA_BOOTSTRAP_URL - value: "{{ .Values.penumbra_bootstrap_node_cometbft_rpc_url }}" - - name: COMETBFT_CONFIG_P2P_MAX_NUM_INBOUND_PEERS - value: "{{ .Values.cometbft.config.p2p.max_num_inbound_peers }}" - - name: COMETBFT_CONFIG_P2P_MAX_NUM_OUTBOUND_PEERS - value: "{{ .Values.cometbft.config.p2p.max_num_outbound_peers }}" - - name: PENUMBRA_COMETBFT_INDEXER - value: "{{ .Values.cometbft.config.indexer }}" - {{- if .Values.penumbra_bootstrap_archive_url }} - - name: PENUMBRA_PD_ARCHIVE_URL - value: "{{ .Values.penumbra_bootstrap_archive_url }}" - {{- end }} - {{- if .Values.postgres.credentialsSecretName }} - - name: COMETBFT_POSTGRES_CONNECTION_URL - valueFrom: - secretKeyRef: - name: {{ .Values.postgres.credentialsSecretName }} - key: connection_url - {{- else }} - - name: COMETBFT_POSTGRES_CONNECTION_URL - value: "{{ .Values.cometbft.config.postgres_connection_url }}" - {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - /opt/penumbra/pd-init - - volumeMounts: - - name: penumbra-init - mountPath: /opt/penumbra - - name: penumbra-config - mountPath: /penumbra-config - - {{- if .Values.postgres.certificateSecretName }} - - name: db-init - securityContext: - # Run as root during init, so we can chown to postgres uid - # The application itself will run as a normal user. - runAsUser: 0 - runAsGroup: 0 - allowPrivilegeEscalation: true - image: "docker.io/debian:stable" - imagePullPolicy: IfNotPresent - # The TLS files are mounted in via Secret, which means they're read-only. - # Postgres requires 999 and no-group access on those files, so we'll copy them out - # to a writable directory and chmod them there. - command: - - sh - - -cex - - | - cert_dir="/var/lib/postgresql/data/certs" - mkdir -p "$cert_dir" - chmod "0750" "$cert_dir" - cp -v /opt/postgres-certificates/server.crt /opt/postgres-certificates/server.key "$cert_dir" - chown -R 999:999 "$cert_dir" - volumeMounts: - - name: db - mountPath: /var/lib/postgresql/data - - name: db-certificates - mountPath: /opt/postgres-certificates - {{- end }} - {{- end }} - - containers: - - name: pd - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - {{- if .Values.maintenanceMode }} - - sleep - - infinity - {{- else }} - - /usr/bin/pd - - start - - --grpc-bind - - 0.0.0.0:8080 - - --metrics-bind - - 0.0.0.0:9000 - - --home - - /penumbra-config/testnet_data/node0/pd - - --enable-expensive-rpc - {{- end }} - ports: - - name: pd-grpc - containerPort: 8080 - protocol: TCP - - name: pd-metrics - containerPort: 9000 - protocol: TCP - - name: pd-abci - containerPort: 26658 - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: penumbra-config - mountPath: /penumbra-config - securityContext: - runAsUser: {{ .Values.maintenanceMode | ternary 0 .Values.securityContext.runAsUser }} - {{- if .Values.maintenanceMode }} - {{- else }} - readinessProbe: - tcpSocket: - port: pd-grpc - timeoutSeconds: 10 - initialDelaySeconds: 10 - {{- end }} - - - name: cometbft - securityContext: - {{- toYaml .Values.cometbft.securityContext | nindent 12 }} - image: "{{ .Values.cometbft.image.repository }}:{{ .Values.cometbft.image.tag }}" - imagePullPolicy: {{ .Values.cometbft.image.pullPolicy }} - command: - {{- if .Values.maintenanceMode }} - - sleep - - infinity - {{- else }} - - cometbft - - start - - --proxy_app=tcp://127.0.0.1:26658 - {{- end }} - ports: - - name: tm-p2p - containerPort: 26656 - protocol: TCP - - name: tm-rpc - containerPort: 26657 - protocol: TCP - {{- if .Values.maintenanceMode }} - {{- else }} - readinessProbe: - tcpSocket: - port: tm-rpc - timeoutSeconds: 10 - initialDelaySeconds: 10 - {{- end }} - resources: - {{- toYaml .Values.cometbft.resources | nindent 12 }} - volumeMounts: - - name: penumbra-config - mountPath: /cometbft - subPath: testnet_data/node0/cometbft - {{- if eq .Values.cometbft.config.indexer "psql" }} - - name: postgres - securityContext: - {{- toYaml .Values.postgres.securityContext | nindent 12 }} - image: "{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}" - imagePullPolicy: {{ .Values.postgres.image.pullPolicy }} - {{- if .Values.postgres.certificateSecretName }} - args: - - -c - - ssl=on - - -c - - ssl_cert_file=/var/lib/postgresql/data/certs/server.crt - - -c - - ssl_key_file=/var/lib/postgresql/data/certs/server.key - {{- end }} - ports: - - name: postgres - containerPort: 5432 - protocol: TCP - env: - {{- if .Values.postgres.credentialsSecretName }} - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.postgres.credentialsSecretName }} - key: database - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.postgres.credentialsSecretName }} - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.postgres.credentialsSecretName }} - key: password - {{- else }} - - name: POSTGRES_DB - value: penumbra - - name: POSTGRES_USER - value: penumbra - - name: POSTGRES_PASSWORD - value: penumbra - {{- end }} - # Set a custom PGDATA directory inside the mountpoint, so that other db config - # like certificates can persist in the volume, without polluting the data dir. - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - - name: ORDINAL_NUMBER - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - {{- if .Values.maintenanceMode }} - {{- else }} - readinessProbe: - tcpSocket: - port: 5432 - timeoutSeconds: 10 - initialDelaySeconds: 10 - {{- end }} - resources: - {{- toYaml .Values.postgres.resources | nindent 12 }} - volumeMounts: - - name: postgres-schema - mountPath: /docker-entrypoint-initdb.d - readOnly: true - - name: db - # N.B. We mount `/var/lib/postgresql/data` specifically, rather than `/var/lib/postgresql`, - # in order to override the internal volume mount used by the Postgres container image. - # With the `/data` suffix, db will not persist. - mountPath: /var/lib/postgresql/data - - name: dshm - mountPath: /dev/shm - {{ end }} - - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/deployments/charts/penumbra-node/templates/tests/test-peers.yaml b/deployments/charts/penumbra-node/templates/tests/test-peers.yaml deleted file mode 100644 index a5b2da0d57..0000000000 --- a/deployments/charts/penumbra-node/templates/tests/test-peers.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ $count := (.Values.nodes | len | int) }} -{{ range $i,$e := until $count }} -{{ $fn_name := printf "%s-%d" $.Release.Name $i }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: {{ $fn_name }}-test-peering - labels: - {{- include "penumbra-node.labels" $ | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: peer-test - # use pd container, since it has curl & jq, which is all we need. - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - command: - - bash - - -cex - - | - # sleep to make sure networking is up; was having connect-timeout problems with curl. - sleep 15 - n_peers="$(curl -sSf --connect-timeout 5 http://{{ $fn_name }}:26657/net_info | jq -r .result.n_peers)" - # Ideally we'd check for `count` peers here, but peering will be limited to the number - # of k8s nodes the Penumbra nodes are spread over, due to 1) k8s node IP being used for egress traffic; - # and 2) cometbft rejecting duplicate IPs by default. The real limit here is n_k8s_nodes, but we - # don't know that number in the context of the tests. - # if [[ "$n_peers" -lt 1 ]] ; then - if [[ "$n_peers" -lt {{ $count }} ]] ; then - >&2 echo "ERROR: fewer peers than expected" - exit 1 - fi - exit 0 - restartPolicy: Never -{{- end }} diff --git a/deployments/charts/penumbra-node/values.yaml b/deployments/charts/penumbra-node/values.yaml deleted file mode 100644 index 04c3de7060..0000000000 --- a/deployments/charts/penumbra-node/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -# Default values for penumbra-node. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - # repository: harbor.ruin.dev/library/penumbra - repository: ghcr.io/penumbra-zone/penumbra - pullPolicy: Always - # "latest" tag means most recently deployed testnet tag. - # Use "main" for tracking preview. - tag: latest - -# Penumbra node from which to bootstrap connection. Defaults to testnet. -# Consider using "preview" for bleeding edge, but make sure container tags match. -penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet.penumbra.zone" - -# Whether to fetch a remote archive for loading historical state, -# e.g. post-upgrade. -penumbra_bootstrap_archive_url: "" - -# Whether to preserve the LB service, in effect reserving the same IP -# for subsequent deploys. This costs money! But sure is convenient. -preserve_lb_svc: false - -# Whether to configure *only* the LoadBalancer Services, in order to provision -# the public IPs prior to application deployment. This allows polling the IPs -# and using them as config inputs, via values. -only_lb_svc: false - -# Configure PVCs for chain data. If disabled, an emptydir will be used, -# which means a fresh node will be created on every pod restart. -persistence: - enabled: false - storageClassName: - accessModes: - - ReadWriteOnce - size: 10G - -# settings for cometbft sidecar -cometbft: - image: - repository: cometbft/cometbft - pullPolicy: IfNotPresent - # https://github.com/cometbft/cometbft#supported-versions - tag: "v0.37.5" - # Override sections of the CometBFT config. Applies to all nodes. - config: - p2p: - max_num_inbound_peers: 300 - max_num_outbound_peers: 200 - # Set the indexer strategy. Can be "kv" or "psql". - indexer: kv - # URL for connecting to the postgresql database. Only used if `indexer=psql`. - # N.B. If `postgres.credentialsSecretName` is set, the value from that Secret will be used instead. - postgres_connection_url: "postgresql://penumbra:penumbra@localhost:5432/penumbra?sslmode=disable" - -# settings for optional postgres sidecar, used for indexing cometbft events -postgres: - image: - repository: docker.io/library/postgres - pullPolicy: IfNotPresent - tag: "16-bookworm" - # In order to support TLS for an external db connection, consider reusing a `kubernetes.io/tls` - # Secret here, which will be mounted read-only and used for SSL. Requires an externally-provisioned LB. - certificateSecretName: "" - # Load database auth info from a Secret resource, created out of band. Must have keys: - # - # - database - # - username - # - password - # - connection_url - # - # where `connection_url` is formatted like the example in `cometbft.config.postgres_connection_url`. - credentialsSecretName: "" - -# Configure nodes. By default, only one is created. -# Extend this list to add more. Valid node attributes are: -# -# - moniker -# - external_address -# - seed_mode -# -# Nodes with seed_mode=true will be excluded from the ingress. -nodes: - - moniker: ididntedittheconfig - external_address: "" - seed_mode: false - -# Custom label for aggregating network, nodes, and metrics into a cohesive deployment. -# Maps to the 'app.kubernetes.io/part-of' label. -part_of: "" - -# N.B. Only `IngressRoute`, a custom CRD specific to Traefik ingress controller -# is supported. This is because a traditional Ingress object doesn't allow us -# to force a backend scheme of h2c, which is required for pd's gRPC service. -ingressRoute: - enabled: false - hosts: - # consider using DNS wildcards, e.g. *.devnet.chart-example.local - pd: pd.chart-example.local - tm: tm.chart-example.local - # Secret object containing TLS info - secretName: "" - # Traefik middleware CRDs, to be applied to pd's gRPC service. - # These config objects must already exist in the API, i.e. create them out of band. - middlewares: - - name: ratelimit-pd - -# Whether to place the application in "maintenance mode", effectively stopping pd and cometbft, -# allowing an administrator to inspect and munge local state, e.g. to perform a chain upgrade. -# Makes two changes: 1) sets the `command` for the containers to `sleep infinity`; and 2) sets -# the uid for the pd container to 0/root -maintenanceMode: false - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: - # The Penumbra container sets 1000 as default UID. We'll use that by default. - # See also `maintenanceMode=true`, which overrides this to 0. - runAsUser: 1000 - - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/deployments/charts/relayer/.helmignore b/deployments/charts/relayer/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/deployments/charts/relayer/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deployments/charts/relayer/Chart.yaml b/deployments/charts/relayer/Chart.yaml deleted file mode 100644 index 1955561232..0000000000 --- a/deployments/charts/relayer/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -name: relayer -description: Run the Cosmos relayer against Penumbra chains - -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/deployments/charts/relayer/templates/_helpers.tpl b/deployments/charts/relayer/templates/_helpers.tpl deleted file mode 100644 index 14008e2211..0000000000 --- a/deployments/charts/relayer/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "relayer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "relayer.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "relayer.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "relayer.labels" -}} -helm.sh/chart: {{ include "relayer.chart" . }} -{{ include "relayer.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "relayer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "relayer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "relayer.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "relayer.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployments/charts/relayer/templates/deployment.yaml b/deployments/charts/relayer/templates/deployment.yaml deleted file mode 100644 index 1700f0aef2..0000000000 --- a/deployments/charts/relayer/templates/deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "relayer.fullname" . }} - labels: - {{- include "relayer.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "relayer.selectorLabels" . | nindent 6 }} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "relayer.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - # The relayer exposes an API by default on localhost:5183; in our container entrypoint, - # we set localhost:5100 on the `rly start` command. Doing so allows us to check - # sockets on the container; if 5183 is open, it's still configuring; if 5100 is open, - # then the service is actually running. - ports: - - containerPort: 5100 - startupProbe: - tcpSocket: - port: 5100 - # The container entrypoint will block for a while, building relayer config - # from remote chain info. Let's give the relayer 10m to start up. - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 60 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/deployments/charts/relayer/values.yaml b/deployments/charts/relayer/values.yaml deleted file mode 100644 index 9911619c45..0000000000 --- a/deployments/charts/relayer/values.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Default values for relayer. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: ghcr.io/penumbra-zone/relayer - # always pull, because we'll be reusing "main" (i.e. latest) tag for now, - # frequently redeploying preview. - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "main" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/deployments/ci.sh b/deployments/ci.sh deleted file mode 100755 index 9d46cde767..0000000000 --- a/deployments/ci.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash -# Utility script to deploy Penumbra testnet(s) to k8s, -# used as part of CI. At a high level, this script does the following: -# -# * reads env vars (e.g. from github actions) to set helm values -# * runs a container with `pd testnet generate` to create genesis -# * munges the generated data into valid (but internal) peer strings -# * deploys helm chart to kubernetes cluster, replacing running pods -# * waits a while, then fetches the public ip addresses -# * re-munges the generated data into publicly-routable peer strings -# * re-deploys the helm chart to overwrite the config -# -set -euo pipefail - -# The following env vars can be used to override config fars -# for the helm chart. N.B. these env vars are also configured -# in GitHub Actions, so the values below may be out of date. -IMAGE="${IMAGE:-ghcr.io/penumbra-zone/penumbra}" -PENUMBRA_VERSION="${PENUMBRA_VERSION:-main}" -# Default to bespoke devnet for deployments; less likely to break public testnets. -# Useful for running ad-hoc via CLI. The workflows override this for testnet/preview. -HELM_RELEASE="${HELM_RELEASE:-penumbra-devnet}" - -# Check that the network we're trying to configure has a valid config. -HELMFILE_MANIFEST="./helmfile.d/${HELM_RELEASE}.yaml" -if [[ ! -e "$HELMFILE_MANIFEST" ]]; then - >&2 echo "ERROR: helm release name '$HELM_RELEASE' not supported" - >&2 echo "Consider creating '$HELMFILE_MANIFEST'" - exit 1 -fi - -# Remove existing deployment and associated storage. Intended to omit removal -# of certain durable resources, such as LoadBalancer and ManagedCertificate. -# We intentionally don't use "helm uninstall" because GCP takes a while -# to propagate ingress recreation, causing delays in endpoint availability. -function helm_uninstall() { - # Use helm uninstall to purge all managed resources. - # grep will return non-zero if no matches are found, so disable pipefail - set +o pipefail - helm list --filter "^${HELM_RELEASE}" -o json | jq -r '.[].name' | grep -v metrics \ - | xargs -r helm uninstall --wait - set -o pipefail - # Follow up with a specific task to remove PVCs. - kubectl delete jobs -l app.kubernetes.io/part-of="$HELM_RELEASE" --wait=true - kubectl delete pvc -l app.kubernetes.io/part-of="$HELM_RELEASE" --wait=true -} - -# Apply the Helm configuration to the cluster. Will overwrite resources -# as necessary. Will *not* replace certain durable resources like -# the LoadBalancer Service objects, which are annotated with helm.sh/resource-policy=keep. -function helm_install() { - helmfile apply -f "$HELMFILE_MANIFEST" --args \ - --set="image.tag=${PENUMBRA_VERSION}" -} - -function wait_for_pods_to_be_running() { - echo "Waiting for pods to be running ($(date))..." - kubectl wait --for=condition=ready pods --timeout=5m \ - -l app.kubernetes.io/part-of="$HELM_RELEASE" - echo "Done waiting for pods to be running ($(date))" -} - -# Deploy a fresh testnet, destroying all prior chain state with new genesis. -function full_ci_rebuild() { - echo "Shutting down existing testnet if necessary..." - helm_uninstall - # Wait a bit longer, to ensure that no lingering references are left in the API. - sleep 20 - - echo "Installing latest config..." - helm_install - # Wait longer, because even though we used `--wait`, some resources will still be coming up. - sleep 20 - - # Report results - if wait_for_pods_to_be_running ; then - echo "Deploy complete!" - else - echo "ERROR: pods failed to enter running start. Deploy has failed." - return 1 - fi -} - -# Determine whether the version to be deployed constitutes a semver "patch" release, -# e.g. 0.1.2 -> 0.1.3. -function is_patch_release() { - # Ensure version format is semver, otherwise fail. - if ! echo "$PENUMBRA_VERSION" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+' ; then - return 1 - fi - - # Split on '.', inspect final field. - z="$(perl -F'\.' -lanE 'print $F[-1]' <<< "$PENUMBRA_VERSION")" - # If "z" in x.y.z is 0, then it's a minor release. (Or a major release, - # but we don't need to worry about that yet.) - if [[ $z = "0" ]] ; then - return 2 - else - return 0 - fi -} - -# Bump the version of pd running for the deployment, across all -# fullnodes and validators. Allow the cluster to reconcile the changes -# by terminating and creating pods to match. Does *not* alter chain state. -# Allows us to handle "patch" versions. -function update_image_for_running_deployment() { - kubectl set image statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" \ - "pd=${IMAGE}:${PENUMBRA_VERSION}" - # Wait for rollout to complete. Will block until pods are marked Ready. - kubectl rollout status statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" -} - -function main() { - echo "Deploying network '${HELM_RELEASE}'..." - # TODO: to deploy older versions, e.g. v0.53.1, an override is necessary here - if is_patch_release ; then - echo "Release target '$PENUMBRA_VERSION' is a patch release; will preserve testnet while bumping version." - update_image_for_running_deployment - else - echo "Release target '$PENUMBRA_VERSION' requires a full re-deploy; will generate new testnet chain info." - full_ci_rebuild - fi -} - -main diff --git a/deployments/helmfile.d/penumbra-devnet.yaml b/deployments/helmfile.d/penumbra-devnet.yaml deleted file mode 100644 index 4cb4f0d128..0000000000 --- a/deployments/helmfile.d/penumbra-devnet.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -releases: - - name: penumbra-devnet - chart: ../charts/penumbra-network - values: - - persistence: - enabled: true - size: 10G - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: "main" - - network: - external_addresses: "104.198.226.117:26656,34.134.110.25:26656" - proposal_voting_blocks: "50" - epoch_duration: "20" - - part_of: penumbra-devnet - # Sidecar vars file for storing external ips. The "penumbra-network" chart - # doesn't read these vars, but the "get-lb-ips" script writes them there, - # and they've been manually duplicated above in the values.network.external_addresses field. - - vars/penumbra-devnet-ips.yml - - - name: penumbra-devnet-nodes - needs: - - penumbra-devnet - chart: ../charts/penumbra-node - values: - - ingressRoute: - enabled: true - hosts: - pd: grpc.devnet.penumbra.zone - tm: rpc.devnet.penumbra.zone - secretName: penumbra-devnet-wildcard - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: "main" - # Communicate intra-cluster to the private validator rpc address. - - penumbra_bootstrap_node_cometbft_rpc_url: "http://penumbra-devnet-val-0:26657" - - persistence: - enabled: true - size: 10G - - part_of: penumbra-devnet - # empty vars file for storing external ips - - vars/penumbra-devnet-nodes-ips.yml - - - name: penumbra-devnet-metrics - chart: ../charts/penumbra-metrics - values: - - ingressRoute: - enabled: true - hosts: - grafana: grafana.devnet.penumbra.zone - secretName: penumbra-devnet-wildcard - - image: - tag: main - - scrape_configs: - # Must match settings from "penumbra-node" chart - numFullNodes: 3 - fmtFullNodeSvc: "penumbra-devnet-nodes-fn-%d" - # Must match settings from "penumbra-network" chart - numValidators: 2 - fmtValidatorSvc: "penumbra-devnet-val-%d" - - persistence: - enabled: true - size: 1G - - # A devnet almost certainly doesn't need a dedicated postgresql node, but including it for parity's sake: - # it's useful to validate config on a devnet without disrupting services on the public networks. - - name: penumbra-devnet-cuiloa-node - chart: ../charts/penumbra-node - needs: - - penumbra-devnet - # It's not strictly necessary to wait for node deploys, but doing so allows us to exercise - # the public HTTPS RPC endpoint for joining, which is nice. - - penumbra-devnet-nodes - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.devnet.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: main - - persistence: - enabled: true - size: 10G - - cometbft: - config: - indexer: psql - - part_of: penumbra-devnet - - nodes: - - moniker: cuiloa diff --git a/deployments/helmfile.d/penumbra-preview.yaml b/deployments/helmfile.d/penumbra-preview.yaml deleted file mode 100644 index 0f7a09b104..0000000000 --- a/deployments/helmfile.d/penumbra-preview.yaml +++ /dev/null @@ -1,113 +0,0 @@ ---- -releases: - - name: penumbra-preview - chart: ../charts/penumbra-network - values: - - persistence: - enabled: true - size: 20G - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: main - - network: - external_addresses: "35.192.203.35:26656,34.28.180.178:26656" - - part_of: penumbra-preview - # Sidecar vars file for storing external ips. The "penumbra-network" chart - # doesn't read these vars, but the "get-lb-ips" script writes them there, - # and they've been manually duplicated above in the values.network.external_addresses field. - - vars/penumbra-preview-ips.yml - - - name: penumbra-preview-nodes - chart: ../charts/penumbra-node - needs: - - penumbra-preview - values: - - ingressRoute: - enabled: true - hosts: - pd: grpc.testnet-preview.penumbra.zone - tm: rpc.testnet-preview.penumbra.zone - secretName: penumbra-preview-wildcard - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: main - # Communicate intra-cluster to the private validator rpc address. - - penumbra_bootstrap_node_cometbft_rpc_url: "http://penumbra-preview-val-0:26657" - - persistence: - enabled: true - size: 20G - - part_of: penumbra-preview - # Node config info, including ip address, monikers, and seed-mode status. - - vars/penumbra-preview-nodes-ips.yml - - - name: penumbra-preview-metrics - chart: ../charts/penumbra-metrics - values: - - ingressRoute: - enabled: true - hosts: - grafana: grafana.testnet-preview.penumbra.zone - secretName: penumbra-preview-wildcard - - scrape_configs: - # Must match settings from "penumbra-node" chart - numFullNodes: 4 - fmtFullNodeSvc: "penumbra-preview-nodes-fn-%d" - # Must match settings from "penumbra-network" chart - numValidators: 2 - fmtValidatorSvc: "penumbra-preview-val-%d" - - image: - tag: main - - persistence: - enabled: true - size: 10G - - - name: penumbra-preview-cuiloa-node - chart: ../charts/penumbra-node - needs: - - penumbra-preview - # It's not strictly necessary to wait for node deploys, but doing so allows us to exercise - # the public HTTPS RPC endpoint for joining, which is nice. - - penumbra-preview-nodes - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet-preview.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: main - - persistence: - enabled: true - size: 20G - - cometbft: - config: - indexer: psql - - part_of: penumbra-preview - - nodes: - - moniker: cuiloa - - - name: penumbra-preview-dex-explorer-node - chart: ../charts/penumbra-node - needs: - - penumbra-preview - # It's not strictly necessary to wait for node deploys, but doing so allows us to exercise - # the public HTTPS RPC endpoint for joining, which is nice. - - penumbra-preview-nodes - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet-preview.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: main - - persistence: - enabled: true - size: 20G - - cometbft: - config: - indexer: psql - - part_of: penumbra-preview - - nodes: - - moniker: dex-explorer - - postgres: - certificateSecretName: penumbra-preview-wildcard - credentialsSecretName: postgres-creds diff --git a/deployments/helmfile.d/penumbra-testnet.yaml b/deployments/helmfile.d/penumbra-testnet.yaml deleted file mode 100644 index 9685fc5a3b..0000000000 --- a/deployments/helmfile.d/penumbra-testnet.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- -releases: - - name: penumbra-testnet - chart: ../charts/penumbra-network - values: - - persistence: - enabled: true - size: 300G - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: latest - - network: - preserve_chain_id: true - external_addresses: "34.68.222.252:26656,35.226.255.25:26656" - - part_of: penumbra-testnet - # Sidecar vars file for storing external ips. The "penumbra-network" chart - # doesn't read these vars, but the "get-lb-ips" script writes them there, - # and they've been manually duplicated above in the values.network.external_addresses field. - - vars/penumbra-testnet-ips.yml - - - name: penumbra-testnet-nodes - chart: ../charts/penumbra-node - needs: - - penumbra-testnet - values: - - ingressRoute: - enabled: true - hosts: - pd: grpc.testnet.penumbra.zone - tm: rpc.testnet.penumbra.zone - secretName: penumbra-testnet-wildcard - - preserve_lb_svc: true - - only_lb_svc: false - - image: - tag: latest - # Communicate intra-cluster to the private validator rpc address. - - penumbra_bootstrap_node_cometbft_rpc_url: "http://penumbra-testnet-val-0:26657" - - persistence: - enabled: true - size: 300G - - part_of: penumbra-testnet - # Node config info, including ip address, monikers, and seed-mode status. - - vars/penumbra-testnet-nodes-ips.yml - - - name: penumbra-testnet-metrics - chart: ../charts/penumbra-metrics - values: - - ingressRoute: - enabled: true - hosts: - grafana: grafana.testnet.penumbra.zone - secretName: penumbra-testnet-wildcard - - scrape_configs: - # Must match settings from "penumbra-node" chart - numFullNodes: 4 - fmtFullNodeSvc: "penumbra-testnet-nodes-fn-%d" - # Must match settings from "penumbra-network" chart - numValidators: 2 - fmtValidatorSvc: "penumbra-testnet-val-%d" - - image: - tag: latest - - persistence: - enabled: true - size: 20G - - - name: penumbra-testnet-cuiloa-node - chart: ../charts/penumbra-node - needs: - - penumbra-testnet - # It's not strictly necessary to wait for node deploys, but doing so allows us to exercise - # the public HTTPS RPC endpoint for joining, which is nice. - - penumbra-testnet-nodes - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: latest - - persistence: - enabled: true - size: 300G - - cometbft: - config: - indexer: psql - - part_of: penumbra-testnet - - nodes: - - moniker: cuiloa - - - name: penumbra-testnet-dex-explorer-node - chart: ../charts/penumbra-node - needs: - - penumbra-testnet - - penumbra-testnet-nodes - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: latest - - persistence: - enabled: true - size: 300G - - cometbft: - config: - indexer: psql - - part_of: penumbra-testnet - - nodes: - - moniker: dex-explorer - - postgres: - certificateSecretName: penumbra-testnet-wildcard - credentialsSecretName: postgres-creds - - - name: penumbra-testnet-gov-dash-node - chart: ../charts/penumbra-node - values: - - penumbra_bootstrap_node_cometbft_rpc_url: "https://rpc.testnet.penumbra.zone" - - ingressRoute: - enabled: false - - image: - tag: latest - - persistence: - enabled: true - size: 300G - - cometbft: - config: - indexer: psql - - part_of: penumbra-testnet - - nodes: - - moniker: gov-dash - - postgres: - certificateSecretName: penumbra-testnet-wildcard - credentialsSecretName: postgres-creds-gov-dash diff --git a/deployments/helmfile.d/vars/penumbra-devnet-ips.yml b/deployments/helmfile.d/vars/penumbra-devnet-ips.yml deleted file mode 100644 index eb3b0ff418..0000000000 --- a/deployments/helmfile.d/vars/penumbra-devnet-ips.yml +++ /dev/null @@ -1,3 +0,0 @@ -nodes: - - external_address: 104.198.226.117:26656 - - external_address: 34.134.110.25:26656 diff --git a/deployments/helmfile.d/vars/penumbra-devnet-nodes-ips.yml b/deployments/helmfile.d/vars/penumbra-devnet-nodes-ips.yml deleted file mode 100644 index 828fa95cf5..0000000000 --- a/deployments/helmfile.d/vars/penumbra-devnet-nodes-ips.yml +++ /dev/null @@ -1,8 +0,0 @@ -nodes: - - external_address: 35.202.100.199:26656 - moniker: ceres-seed - seed_mode: true - - external_address: 34.16.34.194:26656 - moniker: vesta - - external_address: 34.173.166.32:26656 - moniker: pallas diff --git a/deployments/helmfile.d/vars/penumbra-preview-ips.yml b/deployments/helmfile.d/vars/penumbra-preview-ips.yml deleted file mode 100644 index 7db5b7c648..0000000000 --- a/deployments/helmfile.d/vars/penumbra-preview-ips.yml +++ /dev/null @@ -1,3 +0,0 @@ -nodes: - - external_address: 35.192.203.35:26656 - - external_address: 34.133.250.112:26656 diff --git a/deployments/helmfile.d/vars/penumbra-preview-nodes-ips.yml b/deployments/helmfile.d/vars/penumbra-preview-nodes-ips.yml deleted file mode 100644 index 07441f78d0..0000000000 --- a/deployments/helmfile.d/vars/penumbra-preview-nodes-ips.yml +++ /dev/null @@ -1,10 +0,0 @@ -nodes: - - external_address: 34.135.6.235:26656 - moniker: ceres-seed - seed_mode: true - - external_address: 34.28.180.178:26656 - moniker: vesta - - external_address: 34.42.196.153:26656 - moniker: pallas - - external_address: 35.239.76.154:26656 - moniker: hygiea diff --git a/deployments/helmfile.d/vars/penumbra-testnet-ips.yml b/deployments/helmfile.d/vars/penumbra-testnet-ips.yml deleted file mode 100644 index a69b6e9274..0000000000 --- a/deployments/helmfile.d/vars/penumbra-testnet-ips.yml +++ /dev/null @@ -1,3 +0,0 @@ -nodes: - - external_address: 34.68.222.252:26656 - - external_address: 35.226.255.25:26656 diff --git a/deployments/helmfile.d/vars/penumbra-testnet-nodes-ips.yml b/deployments/helmfile.d/vars/penumbra-testnet-nodes-ips.yml deleted file mode 100644 index d6b36ebf19..0000000000 --- a/deployments/helmfile.d/vars/penumbra-testnet-nodes-ips.yml +++ /dev/null @@ -1,10 +0,0 @@ -nodes: - - external_address: 35.225.116.144:26656 - moniker: ceres-seed - seed_mode: true - - external_address: 35.224.80.161:26656 - moniker: vesta - - external_address: 34.68.200.112:26656 - moniker: pallas - - external_address: 35.192.219.42:26656 - moniker: hygiea diff --git a/deployments/networks/preview/README.md b/deployments/networks/preview/README.md deleted file mode 100644 index 60673af18c..0000000000 --- a/deployments/networks/preview/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Penumbra Testnet Preview Deployment -This directory contains files related to rapid-release -"testnet-preview.penumbra.zone" setup. New deploys -are triggered on every merge into the `main` branch. - -Helm vars files provide environment-specific config like FQDNs. -There are no Terraform config files; see `../testnet/` for -cluster config options. diff --git a/deployments/networks/testnet/.terraform.lock.hcl b/deployments/networks/testnet/.terraform.lock.hcl deleted file mode 100644 index b0d52bf2d9..0000000000 --- a/deployments/networks/testnet/.terraform.lock.hcl +++ /dev/null @@ -1,99 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/external" { - version = "2.2.2" - hashes = [ - "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=", - "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", - "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", - "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", - "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", - "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", - "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", - "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", - "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", - "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", - "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", - ] -} - -provider "registry.terraform.io/hashicorp/google" { - version = "4.32.0" - constraints = ">= 3.39.0, >= 3.53.0, ~> 4.12, >= 4.25.0, < 5.0.0" - hashes = [ - "h1:n4dCdx9EhvoQO/SiLKZGkGKWxpCHodL5cjFtYDQhOQY=", - "zh:03fa16d2811fc3ef523b8afad5ce4c1c72e686a425f48f9432f21b16c55c2872", - "zh:23ad507dad0b3478c46b050f9d4660251e20b2ae6f334f4904af9aeef7e6f5d2", - "zh:2a20c8c6bb1c8185c7c4b6e418cbdb36ab212c549ffa7ab4c027f929224798bc", - "zh:53b8cd6ecc73c6fc1570dfbf9a549af975741c25cf544d6fec13d96c7312bd93", - "zh:5856c11c35636c362e04ddaf3cce7ed94e0aea74f22b6d3fc2449f1c0ce4b159", - "zh:68cda07855d20984d4fce6959a760392b1ef4e09e4f8e74bf10765b020727f0c", - "zh:84b501635c135a692f378dec2e56beca088d25f5e6c98276dbab8de30d27ce5e", - "zh:972e990c88f1b4c9bfe501e3a829c02bd89a494b3b445900216906365397a672", - "zh:a47acfb0b07d83687fab00275381755817aacec6f9f949e8d52e0bcae45e870f", - "zh:dcb078b2be1d8527e7bf9283112ba1214bb76d2279d78d921bebd413fb0310e0", - "zh:e00a1b11f0782e389b02c8a4487b2f25c42647714adcb56770f87883440997e9", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.12.1" - constraints = "~> 2.0, ~> 2.10" - hashes = [ - "h1:6ZgqegUao9WcfVzYg7taxCQOQldTmMVw0HqjG5S46OY=", - "zh:1ecb2adff52754fb4680c7cfe6143d1d8c264b00bb0c44f07f5583b1c7f978b8", - "zh:1fbd155088cd5818ad5874e4d59ccf1801e4e1961ac0711442b963315f1967ab", - "zh:29e927c7c8f112ee0e8ab70e71b498f2f2ae6f47df1a14e6fd0fdb6f14b57c00", - "zh:42c2f421da6b5b7c997e42aa04ca1457fceb13dd66099a057057a0812b680836", - "zh:522a7bccd5cd7acbb4ec3ef077d47f4888df7e59ff9f3d598b717ad3ee4fe9c9", - "zh:b45d8dc5dcbc5e30ae570d0c2e198505f47d09098dfd5f004871be8262e6ec1e", - "zh:c3ea0943f2050001c7d6a7115b9b990f148b082ebfc4ff3c2ff3463a8affcc4a", - "zh:f111833a64e06659d2e21864de39b7b7dec462615294d02f04c777956742a930", - "zh:f182dba5707b90b0952d5984c23f7a2da3baa62b4d71e78df7759f16cc88d957", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f76655a68680887daceabd947b2f68e2103f5bbec49a2bc29530f82ab8e3bca3", - "zh:fadb77352caa570bd3259dfb59c31db614d55bc96df0ff15a3c0cd2e685678b9", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" - hashes = [ - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.3.2" - hashes = [ - "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=", - "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", - "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", - "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", - "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", - "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", - "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", - "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", - "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", - "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", - "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", - ] -} diff --git a/deployments/networks/testnet/README.md b/deployments/networks/testnet/README.md deleted file mode 100644 index cbff7a02b3..0000000000 --- a/deployments/networks/testnet/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Penumbra Testnet Deployment -This directory contains files related to the weekly penumbra testnet deployment. -It includes Helm vars files and Terraform config logic. -The Terraform config contains some "testnet-preview" logic, as well. -This is because we use a single cluster to host multiple deployments. diff --git a/deployments/networks/testnet/cluster.tf b/deployments/networks/testnet/cluster.tf deleted file mode 100644 index 1808a0660d..0000000000 --- a/deployments/networks/testnet/cluster.tf +++ /dev/null @@ -1,22 +0,0 @@ -// Cluster configuration for testnet deployments. -// As of 2022Q4, we're reusing a single cluster to host -// multiple environments, e.g. "testnet" and "preview". -// We may migrate to multiple clusters in the future. -module "gcp_terraform_state_testnet" { - source = "../../terraform/modules/gcp/terraform_state/chain" - - chain_name = "penumbra" - labels = {} - location = "US" - network_environment = "testnet" -} - -module "gke_testnet" { - source = "../../terraform/modules/node/v1" - - project_id = "penumbra-sl-testnet" - cluster_name = "testnet" - region = "us-central1" - cluster_zones = ["us-central1-a", "us-central1-b"] - machine_type = "n2d-standard-4" -} diff --git a/deployments/networks/testnet/providers.tf b/deployments/networks/testnet/providers.tf deleted file mode 100644 index 648298e208..0000000000 --- a/deployments/networks/testnet/providers.tf +++ /dev/null @@ -1,19 +0,0 @@ -terraform { - required_version = ">= 1.0" - - backend "gcs" { - bucket = "penumbra-testnet-tfstate" - } - - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.12" - } - } -} - -provider "google" { - project = "penumbra-sl-testnet" - region = "us-central1" -} diff --git a/deployments/relayer/README.md b/deployments/relayer/README.md deleted file mode 100644 index e42bca4927..0000000000 --- a/deployments/relayer/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# relayer config - -Stores config generation scripts for use with the [relayer](https://github.com/cosmos/relayer), -for IBC functionality. Prior to mainnet, we plan to use `relayer` to synchronize actions -from preview to testnet. During 2023Q2, we're focusing on relaying between -preview and a local devnet on the same or similar commit. - -## Running a local devnet -To create a path between the public preview chain and a local devnet: - -0. Download the `rly` binary from [cosmos/relayer](https://github.com/cosmos/relayer/releases) and stick it in your `$PATH`. -1. Run `./deployments/scripts/relayer-local-devnet` to bootstrap the local chain. -2. Wait until the message "OK, devnet is up and running" is printed. -3. In another terminal, `cd deployments/relayer` and `./build-path`. -4. Finally, run `rly --debug start` to run a local instance of the relayer. - -The `pd` logs visible from the `relayer-local-devnet` are intentionally verbose, -to aid in debugging the creation of clients, connections, and channels. You may -wish to add more tracing statements to your local copy of `pd`. - -See the [docs on IBC withdrawal transactions](https://guide.penumbra.zone/main/pcli/transaction.html#ibc-withdrawals) -and adapt the node arguments to match local devnet and preview. - -## Building a path between testnet & preview -Inside this directory, run: - -``` -./generate-configs preview -./generate-configs testnet -./configure-relayer - -./build-path -``` -Or, you can use `just` to run it all, soup to nuts. See the path configuration -block in the `./configure-relayer` script for some example paths between chains -that aren't yet known to work. - -Given the rapid pace of development, it's possible that proto definitions -are out of sync between testnet & preview, in which case there may be errors. -To debug, consider running a local devnet and linking it with preview. - -## Updating proto definitions in relayer -Sometimes the protos between preview & testnet get out of sync. When this happens, -we must submit a PR upstream to the relayer repo. See [example here](https://github.com/cosmos/relayer/pull/1170), -along with instructions on the commands to generate the protos for the golang repo. -Until the protos are back in sync, relaying between Penumbra chains may not work. - -## Further reading -The config format for the JSON files are adapted from the [example-configs](https://github.com/cosmos/relayer/tree/main/docs/example-configs) -in the relayer repo. Our configs will get out of date very quickly: the preview chain id changes -on every merge into main, for instance. Short-term, that's fine: we want to exercise IBC -in our CI deployments, and dynamically generating the configs is good enough. Longer term, we'll want -to upload our configs to the [chain-registry repo](https://github.com/cosmos/chain-registry). -Full documentation on the underlying steps used by the relayer can be found in the -[cross-chain docs](https://github.com/cosmos/relayer/blob/main/docs/create-path-across-chain.md). diff --git a/deployments/relayer/build-path b/deployments/relayer/build-path deleted file mode 100755 index eb5cd8ce78..0000000000 --- a/deployments/relayer/build-path +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Wrapper script to finalize configuration on relayer, -# and submit a transaction to verify manual relaying of cross-chain -# info for Penumbra. We look up all paths configured in the relayer, -# and attempt to build a link across them. -set -euo pipefail - - -# Function to add green bg to text, so it stands out amid -# a wall of debug logs. -function visible_log() { - local s="$1" - shift - >&2 printf '\e[42m%s\e[0m\n' "$s" -} - -while read -r p ; do - visible_log "Attempting to 'transact link' the $p path..." - rly --debug transact link "$p" -# We reverse-sort so that "penumbra" (which works) comes before "babylon" (which doesn't work, yet). -done < <(rly paths list --json | jq 'keys | join ("\n")' -r | sort -r) - -visible_log "Finished! No errors encountered setting up link. Available paths:" -rly paths list - -visible_log "These commands should all yield results:" - -cat <&2 echo "Configuring relayer path between testnet & preview environments" -elif [[ "$relaying_target_mode" = "local" ]] ; then - >&2 echo "Configuring relayer path between preview & local devnet environments" -else - >&2 echo "WARNING: unsupported relaying target '$relaying_target_mode'" -fi - -rm -rf ~/.relayer -rly config init --memo "Automatic IBC for Penumbra, via relayer" - ->&2 echo "Adding chain specs to relayer config..." -find ./configs/ -type f -iname 'penumbra*.json' -exec \ - rly chains add -f {} \; - -# Ideally we wouldn't need to bother with generating keys for the relayer paths, -# because Penumbra hasn't implemented fees yet, so there's no need for a wallet to pay out of. -# If we skip keygen, though, then `rly transact link ` shows an error: -# -# Error: key default not found on src chain penumbra-testnet-carme-dac8be27 -for chain in $(rly chains list --json | jq 'keys | join("\n")' -r) ; do - >&2 echo "Generating key for $chain" - # We silence output to avoid dumping seed phrases to screen/logging. - rly keys add "$chain" default > /dev/null -done - -function create_paths() { - if [[ $# -lt 3 ]] ; then - >&2 echo "ERROR: networks not specified. Use, e.g., 'penumbra-testnet penumbra-preview'." - >&2 echo "Usage: $0 " - return 1 - fi - - local chain_a="$1" - local chain_b="$2" - local path_name="$3" - shift 3 - - # Make sure requested chain configs exist locally. This won't be necessary - # when the referenced chains exist in the upstream public chain registry. - if [[ ! -e "configs/${chain_a}.json" ]]; then - >&2 echo "ERROR: file not found: configs/${chain_a}.json" - return 2 - elif [[ ! -e "configs/${chain_b}.json" ]]; then - >&2 echo "ERROR: file not found: configs/${chain_b}.json" - return 2 - fi - - chain_a_id="$(jq -r '.value["chain-id"]' "configs/${chain_a}.json")" - chain_b_id="$(jq -r '.value["chain-id"]' "configs/${chain_b}.json")" - rly paths new "$chain_a_id" "$chain_b_id" "$path_name" -} - -if [[ "$relaying_target_mode" = "local" ]] ; then - # Create Penumbra-only path, between preview and devnet. - create_paths penumbra-preview penumbra-local penumbra_path -else - # Create Penumbra-only path, between preview and testnet. Works! - create_paths penumbra-testnet penumbra-preview penumbra_path -fi - -# Create paths between Penumbra and/or other Cosmos-adjacent testnets. -# These are not working yet, so commenting them out by default. -# -# create_paths penumbra-preview babylon-testnet babylon -# create_paths osmosis-testnet babylon-testnet osmosis -# create_paths osmosis-testnet cosmwasm-testnet osmosis-wasm -# create_paths osmosis-testnet celestia-testnet osmosis-celestia - ->&2 echo "Emitting status info:" -rly chains list -rly paths list diff --git a/deployments/relayer/entrypoint.sh b/deployments/relayer/entrypoint.sh deleted file mode 100755 index 370b1fad2b..0000000000 --- a/deployments/relayer/entrypoint.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Container entrypoint for running an IBC relayer for Penumbra, -# specifically between penumbra-testnet and penumbra-preview. -set -euo pipefail - - -# We set a custom debug address (default is 5183) to support -# healthchecks determining whether it's running. -# Setting all-interfaces rather than localhost so that k8s -# probes can access the socket. -RELAYER_DEBUG_ADDR="${RELAYER_DEBUG_ADDR:-0.0.0.0:5100}" - -# Generate latest configs, polling chain id from RPC endpoints -cd /usr/src/penumbra-relayer || exit 1 -./generate-configs preview -./generate-configs testnet - -# Generate relayer YAML config, specifying Penumbra path. -./configure-relayer -rly --debug transact link penumbra_path -cat <&2 echo "ERROR: no network declared. Use one of: testnet, preview, or local." - >&2 echo "Usage: $0 " - exit 1 -fi -penumbra_network="${1:-}" -shift 1 - -function get_chain_id() { - local u - u="${1:-}" - shift 1 - curl -sSf "${u}/status" | jq -r .result.node_info.network -} - -case $penumbra_network in - # N.B. the port suffix on the URL is required; otherwise, rly complains about missing port. - preview) - PENUMBRA_RPC_URL="https://rpc.testnet-preview.penumbra.zone:443" - PENUMBRA_CHAIN_ID="$(get_chain_id "$PENUMBRA_RPC_URL")" - ;; - testnet) - PENUMBRA_RPC_URL="https://rpc.testnet.penumbra.zone:443" - PENUMBRA_CHAIN_ID="$(get_chain_id "$PENUMBRA_RPC_URL")" - ;; - local) - PENUMBRA_RPC_URL="http://localhost:26657" - PENUMBRA_CHAIN_ID="$(get_chain_id "$PENUMBRA_RPC_URL")" - ;; - *) - >&2 echo "ERROR: network '$penumbra_network' not supported" - exit 2 - ;; -esac - -export PENUMBRA_RPC_URL -export PENUMBRA_CHAIN_ID -envsubst < penumbra.tpl > "configs/penumbra-${penumbra_network}.json" diff --git a/deployments/relayer/justfile b/deployments/relayer/justfile deleted file mode 100644 index 72bb09d93c..0000000000 --- a/deployments/relayer/justfile +++ /dev/null @@ -1,11 +0,0 @@ -all: - just configs - just run - -configs: - ./generate-configs preview - ./generate-configs testnet - -run: - ./configure-relayer - ./build-path diff --git a/deployments/relayer/penumbra.tpl b/deployments/relayer/penumbra.tpl deleted file mode 100644 index c42691a8b5..0000000000 --- a/deployments/relayer/penumbra.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{ - "type": "penumbra", - "value": { - "key": "default", - "chain-id": "$PENUMBRA_CHAIN_ID", - "rpc-addr": "$PENUMBRA_RPC_URL", - "account-prefix": "penumbra", - "keyring-backend": "test", - "gas-adjustment": 1.0, - "gas-prices": "0.00upenumbra", - "debug": true, - "timeout": "20s", - "output-format": "json", - "sign-mode": "direct" - } -} diff --git a/deployments/scripts/bounce-relayer b/deployments/scripts/bounce-relayer deleted file mode 100755 index 415c999d8e..0000000000 --- a/deployments/scripts/bounce-relayer +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# CI script to handle re-deploying the IBC relayer deployment. -# Unlike most of our CI deployments, we only run one (1) relayer instance. -# It's deployed right after a new preview deploy goes out, referencing the -# freshly generated preview chain, as well as the currently running testnet. -# -# At all times, we expect there to be one (1) relayer deployment, and we're -# currently deploying the latest image built from "main". Therefore we cannot -# expect helm to handle resetting the deployment, because on the surface, -# the config looks identical: same container tag, same vars, same number of replicas. -# To accommodate, we'll look up whether a relayer deployment exists, and if so, -# bounce it via `rollout deployment restart`, which will trigger a new image pull -# due to the chart's `image.pull=Always` setting. If and when we decide to redeploy -# the relayer as part of the testnets, rather than preview, we should modify this -# logic to set a specific version, e.g. `image.tag=050-thebe` or similar. -set -euo pipefail - - -# Set name for expected deployment. -relayer_deployment="relayer-preview" - -# If any deployments with the string "relayer" in the name are found, -# consider the relayer to be running already, in which case we'll bounce. -if kubectl get deployments --output json | jq .items[].metadata.name -r | grep -q "$relayer_deployment" ; then - >&2 echo "Found existing relayer deployment, bouncing it..." - kubectl rollout restart deployment "$relayer_deployment" - # Block until deployment is complete, but not until pod is ready. - kubectl rollout status deployment "$relayer_deployment" --timeout=5m - # Wait a bit for the pod to be created, so we can find its name. - sleep 30s - relayer_pod="$(kubectl get pods -l app.kubernetes.io/instance="$relayer_deployment" -o name | head -n1)" - if [[ -z "$relayer_pod" ]] ; then - >&2 echo "ERROR: failed to find pod for deployed relayer" - exit 1 - fi - # Block until pod is ready. Entrypoint script takes ~90s to build configs. - kubectl wait --for=condition=ready "$relayer_pod" --timeout=5m - -# Otherwise, relayer is not running. Maybe it was manually destroyed? -# Enforce state again by applying the helm chart. -else - >&2 echo "Relayer NOT currently running. Deploying it..." - repo_root="$(git rev-parse --show-toplevel)" - cd "${repo_root}/deployments" || exit 1 - helm upgrade --install "$relayer_deployment" ./charts/relayer -fi diff --git a/deployments/scripts/get-lb-ips b/deployments/scripts/get-lb-ips deleted file mode 100755 index fce404867f..0000000000 --- a/deployments/scripts/get-lb-ips +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# Utility script to scrape LoadBalancer IPs from k8s Service objects, -# polling for ready state, so that the deployment can be re-run -# with IP information as input values, optionally version-controlled. -set -euo pipefail - -if [[ $# -lt 1 ]] ; then - >&2 echo "ERROR: found no Helm release to target" - >&2 echo "Run 'helm list' to see available options" - >&2 echo "Usage: $0 " - exit 1 -fi - -# Declare monikers for nodes on the network. -# These monikers will be added to the generated vars file, -# alongside the IP info. Here we use notable asteroids, -# reserving moons for testnet names. -node_names=(ceres-seed vesta pallas hygiea) - -HELM_RELEASE="${1:-}" -shift 1 -vars_file="${PWD}/helmfile.d/vars/${HELM_RELEASE}-ips.yml" - -if [[ ! -e "$vars_file" ]] ; then - touch "$vars_file" -fi - -# Poll k8s API for loadbalancer IPs, for a specific helm deployment. -function get_ips() { - if ! kubectl get svc \ - -l "app.kubernetes.io/instance=${HELM_RELEASE},app.kubernetes.io/component=p2p" \ - -o json | jq '.items[].status.loadBalancer.ingress[].ip' -r 2>/dev/null ; then - # if the scrape failed, emit an empty string, so caller can wait. - echo ""; - fi -} - -ip_info="$(get_ips)" -printf "Waiting for LoadBalancer IPs for Helm release '%s'" "$HELM_RELEASE" -while [[ -z "$ip_info" ]] ; do - printf '.' - sleep 5 - ip_info="$(get_ips)" -done -printf ' done!\n' - -# Write out a YAML file suitable for using as input values in a Helm chart. -# This format is very specific to values format required by the given Helm chart. -function generate_yaml_penumbra_nodes() { - printf 'nodes:\n' - counter=0 - while read -r ip_addr ; do - node_name="${node_names[$counter]}" - cat < "$vars_file" -echo "IP info written to $vars_file for $HELM_RELEASE" diff --git a/deployments/scripts/k8s-deploy-point-release b/deployments/scripts/k8s-deploy-point-release deleted file mode 100755 index e2e1561f00..0000000000 --- a/deployments/scripts/k8s-deploy-point-release +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# CI script to deploy a point-release to a Penumbra network, modifying -# existing versions while preserving state. Does *not* perform a migration. -# At a fundamental level, this script represents logic broken out from the -# catch-all 'ci.sh' script. -set -euo pipefail - -# Reference the usual vars. -IMAGE="${IMAGE:-ghcr.io/penumbra-zone/penumbra}" -# Force explicit version declaration -TO_VERSION="${TO_VERSION:-}" -if [[ -z "$TO_VERSION" ]] ; then - >&2 echo "ERROR: TO_VERSION must be set with point-release version to deploy" - exit 1 -fi - -HELM_RELEASE="${HELM_RELEASE:-penumbra-devnet}" - -# Check that the network we're trying to configure has a valid config. -HELMFILE_MANIFEST="./helmfile.d/${HELM_RELEASE}.yaml" -if [[ ! -e "$HELMFILE_MANIFEST" ]]; then - >&2 echo "ERROR: helm release name '$HELM_RELEASE' not supported" - >&2 echo "Consider creating '$HELMFILE_MANIFEST'" - exit 1 -fi - -# Bump the version of pd running for the deployment, across all -# fullnodes and validators. Allow the cluster to reconcile the changes -# by terminating and creating pods to match. Does *not* alter chain state. -# Allows us to handle "patch" versions. -function update_image_for_running_deployment() { - kubectl set image statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" \ - "pd=${IMAGE}:${TO_VERSION}" - # Wait for rollout to complete. Will block until pods are marked Ready. - kubectl rollout status statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" -} - -function main() { - >&2 echo "Performing point-release of '$HELM_RELEASE' to ${TO_VERSION}..." - sleep 2 - update_image_for_running_deployment -} - -main diff --git a/deployments/scripts/k8s-disable-maintenance-mode b/deployments/scripts/k8s-disable-maintenance-mode deleted file mode 100755 index 3eb93c1d90..0000000000 --- a/deployments/scripts/k8s-disable-maintenance-mode +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env bash -# CI script to set a given testnet deployment environment in "maintenaceMode", -# essentially stopping both pd and cometbft, so that an interactive environment -# can be created, without the services writing to local state. -set -euo pipefail - -# script expects to be in deployments/ dir -if [[ ! -e ci.sh ]] ; then - >&2 echo "ERROR: script should be run from inside 'deployments/' dir" - exit 1 -fi - -TO_VERSION="${TO_VERSION:-}" -if [[ -z "$TO_VERSION" ]] ; then - >&2 echo "ERROR: TO_VERSION must be set with an explicit version" - exit 1 -fi - -# Default to devnet to avoid touching testnet unless explicitly requested. -HELM_RELEASE="${HELM_RELEASE:-penumbra-devnet}" - -# Set maintenaceMode=false. -function disable_maintenance_mode() { - >&2 echo "Disabling maintenance mode..." - helmfile --quiet apply -f "helmfile.d/${HELM_RELEASE}.yaml" --args \ - --set=maintenanceMode=false \ - --set="image.tag=${TO_VERSION}" - - >&2 echo "Waiting for services to be running again..." - kubectl rollout status statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" - - >&2 echo "Done, the statefulsets are running again" -} - -# Main entrypoint -function main() { - disable_maintenance_mode -} - -main -exit 0 diff --git a/deployments/scripts/k8s-enable-maintenance-mode b/deployments/scripts/k8s-enable-maintenance-mode deleted file mode 100755 index 814e7d22ac..0000000000 --- a/deployments/scripts/k8s-enable-maintenance-mode +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bash -# CI script to set a given testnet deployment environment in "maintenaceMode", -# essentially stopping both pd and cometbft, so that an interactive environment -# can be created, without the services writing to local state. -set -euo pipefail - -# script expects to be in deployments/ dir -if [[ ! -e ci.sh ]] ; then - >&2 echo "ERROR: script should be run from inside 'deployments/' dir" - exit 1 -fi - -TO_VERSION="${TO_VERSION:-}" -if [[ -z "$TO_VERSION" ]] ; then - >&2 echo "ERROR: TO_VERSION must be set with an explicit version" - exit 1 -fi - -# Default to devnet to avoid touching testnet unless explicitly requested. -HELM_RELEASE="${HELM_RELEASE:-penumbra-devnet}" - -# Set maintenaceMode=true. -function enable_maintenance_mode() { - >&2 echo "Enabling maintenance mode on ${HELM_RELEASE}..." - helmfile --quiet apply -f "helmfile.d/${HELM_RELEASE}.yaml" --args \ - --set=maintenanceMode=true \ - --set="image.tag=${TO_VERSION}" - - >&2 echo "Waiting for maintenance mode..." - kubectl rollout status statefulset \ - -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component in (fullnode, genesis-validator)" - - >&2 echo "Done, the statefulsets are paused now" -} - -# Main entrypoint -function main() { - # uncomment at will - enable_maintenance_mode -} - -main -exit 0 diff --git a/deployments/scripts/k8s-perform-chain-upgrade-via-pd-migrate b/deployments/scripts/k8s-perform-chain-upgrade-via-pd-migrate deleted file mode 100755 index f8bc6f2b49..0000000000 --- a/deployments/scripts/k8s-perform-chain-upgrade-via-pd-migrate +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/env bash -# CI script to perform a chain migration via `pd migrate` on testnet deployment. -# The general flow is: -# -# 1. determine target environment -# 2. determine end-state version -# 3. set environment to maintenance mode (i.e. stop penumbra & cometbft) -# 4. backup -# 5. migrate -# 6. export archives (required for testnet join later) -# 7. disable maint mode. -# -# Eventually we can make this logic durable enough to run in CI, but for now -# we expect this script to be run on an admin's workstation, to be responsive -# to migration behavior. -set -euo pipefail - -# script expects to be in deployments/ dir -if [[ ! -e ci.sh ]] ; then - >&2 echo "ERROR: script should be run from inside 'deployments/' dir" - exit 1 -fi - -TO_VERSION="${TO_VERSION:-}" -if [[ -z "$TO_VERSION" ]] ; then - >&2 echo "ERROR: TO_VERSION must be set with post-upgrade version" - exit 1 -fi - -# Default to devnet to avoid touching testnet unless explicitly requested. -HELM_RELEASE="${HELM_RELEASE:-penumbra-devnet}" - -# Get the pod names for the genesis-validators in the target environment. -function get_validators() { - kubectl get pods -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/component=genesis-validator" -o name -} - -# Get the pod names for all fullnodes in the target environment. -function get_fullnodes() { - kubectl get pods -l "app.kubernetes.io/part-of=${HELM_RELEASE}, app.kubernetes.io/name=penumbra-node" -o name -} - -# Perform chain migration. Generic over fullnode/validator, -# which have slightly different mount points for their data. -# Assumes that service has already been paused! -function perform_migration() { - local podname - local testnet_dir - podname="${1:-}" - testnet_dir="${2:-}" - shift 2 - - >&2 echo "Backing up node state for '$podname'..." - backup_tarball="${testnet_dir}/node0-state-backup.tar" - kubectl exec -it "$podname" -c pd -- rm -f "$backup_tarball" - kubectl exec -it "$podname" -c pd -- tar -C "$testnet_dir" -cf "$backup_tarball" node0 - - >&2 echo "Performing migration for '$podname'..." - kubectl exec -it "$podname" -c pd -- pd migrate \ - --home "${testnet_dir}/node0/pd" \ - --comet-home "${testnet_dir}/node0/cometbft" - - >&2 echo "Exporting state archive for '$podname'..." - migration_archive="${testnet_dir}/node0-migration-archive.tar.gz" - kubectl exec -it "$podname" -c pd -- rm -f "$migration_archive" - kubectl exec -it "$podname" -c pd -- tar -C "$testnet_dir" \ - --transform='s#node0/pd/##;s#node0/cometbft/config/##;s#node0/cometbft/data/##' \ - -czf "$migration_archive" \ - node0/pd/rocksdb \ - node0/cometbft/config/genesis.json \ - node0/cometbft/data/priv_validator_state.json - >&2 echo "Migration complete! Archive available at: ${podname}:${migration_archive}" -} - -# Fetch pre-upgrade export archive, and post-export migration archive, -# locally, for rehosting on snapshots server. New-joining nodes will need -# a post-migration snapshot, and archive nodes (e.g. for Hermes) will need -# the pre-migration state. -function fetch_archives() { - # pick any node - pod_name="${HELM_RELEASE}-nodes-1" - - >&2 echo "Fetching archives from $pod_name ..." - # N.B. these filepaths are hardcoded and brittle, any refactor must be careful to update throughout. - for f in "node0-migration-archive.tar.gz" "node0-state-backup.tar" ; do - rm -f "$f" - kubectl cp -c pd "${pod_name}:/penumbra-config/testnet_data/${f}" "$f" - done - mv -v "node0-migration-archive.tar.gz" "${pod_name}-${TO_VERSION}-migration-archive.tar.gz" - mv -v "node0-state-backup.tar" "${pod_name}-state-backup-pre-${TO_VERSION}.tar" -} - -function main() { - >&2 echo "Upgrading environment '${HELM_RELEASE}' to version ${TO_VERSION}..." - # sleep for a chance to ctrl+c if wrong environment specified - sleep 5 - - export HELM_RELEASE - export TO_VERSION - scripts/k8s-enable-maintenance-mode - # validators and fullnodes have a slightly different mount path - for v in $(get_validators) ; do - testnet_dir="/penumbra-config/${HELM_RELEASE}-val" - perform_migration "$v" "$testnet_dir" - done - - for n in $(get_fullnodes) ; do - testnet_dir="/penumbra-config/testnet_data" - perform_migration "$n" "$testnet_dir" - done - - fetch_archives - scripts/k8s-disable-maintenance-mode - >&2 echo "Migration complete! ${HELM_RELEASE} is now running version ${TO_VERSION}" -} - -main - -exit 0 diff --git a/deployments/terraform/modules/README.md b/deployments/terraform/modules/README.md deleted file mode 100644 index f2a3bd4e76..0000000000 --- a/deployments/terraform/modules/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Penumbra Terraform Modules -This directory contains terraform modules for penumbra deployments. diff --git a/deployments/terraform/modules/gcp/README.md b/deployments/terraform/modules/gcp/README.md deleted file mode 100644 index 7471d86600..0000000000 --- a/deployments/terraform/modules/gcp/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# GCP Modules - -GCP contains business rule agnostic modules for Google Cloud Provider. diff --git a/deployments/terraform/modules/gcp/gcs/README.md b/deployments/terraform/modules/gcp/gcs/README.md deleted file mode 100644 index da709e1966..0000000000 --- a/deployments/terraform/modules/gcp/gcs/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# GCS - -GCS buckets are encrypted by default, though you can override that with a custom KMS key(s). - -Uniform bucket level access is auto-enabled because of [Google's recommendation](https://cloud.google.com/storage/docs/uniform-bucket-level-access). - -## TODO: -* Custom KMS key(s) for encryption -* Lifecycle rules diff --git a/deployments/terraform/modules/gcp/gcs/main.tf b/deployments/terraform/modules/gcp/gcs/main.tf deleted file mode 100644 index 4d6a24a781..0000000000 --- a/deployments/terraform/modules/gcp/gcs/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "google_storage_bucket" "bucket" { - name = var.name - project = var.project - location = var.location - force_destroy = var.force_destroy - - // Generally, using uniform bucket-level access is recommended, because it - // unifies and simplifies how you grant access to your Cloud Storage resources. - // https://cloud.google.com/storage/docs/uniform-bucket-level-access - uniform_bucket_level_access = true - - versioning { - enabled = var.object_versioning - } - - labels = var.labels -} diff --git a/deployments/terraform/modules/gcp/gcs/outputs.tf b/deployments/terraform/modules/gcp/gcs/outputs.tf deleted file mode 100644 index 02a0110bfd..0000000000 --- a/deployments/terraform/modules/gcp/gcs/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "bucket_url" { - value = google_storage_bucket.bucket.url -} - -output "bucket_name" { - value = google_storage_bucket.bucket.name -} diff --git a/deployments/terraform/modules/gcp/gcs/providers.tf b/deployments/terraform/modules/gcp/gcs/providers.tf deleted file mode 100644 index b5061ef396..0000000000 --- a/deployments/terraform/modules/gcp/gcs/providers.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.25" - } - } -} diff --git a/deployments/terraform/modules/gcp/gcs/variables.tf b/deployments/terraform/modules/gcp/gcs/variables.tf deleted file mode 100644 index 34a5597d00..0000000000 --- a/deployments/terraform/modules/gcp/gcs/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "labels" { - type = map(string) -} - -variable "name" { - description = "Bucket name. Must be globally unique." - type = string -} - -variable "project" { - description = "Project ID. If absent, uses the provider's project." - type = string - default = null -} - -variable "location" { - description = "Location/region" - type = string -} - -variable "force_destroy" { - description = "Delete bucket even though it has objects in it?" - type = bool - default = false -} - -variable "object_versioning" { - description = "Enable object versioning." - type = bool - default = false -} diff --git a/deployments/terraform/modules/gcp/project/services/README.md b/deployments/terraform/modules/gcp/project/services/README.md deleted file mode 100644 index 6c8fee2e74..0000000000 --- a/deployments/terraform/modules/gcp/project/services/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Project Services - -Allows you to enable one or many Google APIs. Requires project has billing setup or else enabling services may fail. - -To see all services: -```shell -gcloud services list --available -``` - -Services are never disabled. You must disable outside of Terraform. diff --git a/deployments/terraform/modules/gcp/project/services/main.tf b/deployments/terraform/modules/gcp/project/services/main.tf deleted file mode 100644 index 10d202a8f1..0000000000 --- a/deployments/terraform/modules/gcp/project/services/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "google_project_service" "enable_service" { - for_each = var.services - service = each.value - project = var.project - - // Intentionally avoid disabling in case project has other resources that depend on this service. - disable_on_destroy = false -} diff --git a/deployments/terraform/modules/gcp/project/services/outputs.tf b/deployments/terraform/modules/gcp/project/services/outputs.tf deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/deployments/terraform/modules/gcp/project/services/providers.tf b/deployments/terraform/modules/gcp/project/services/providers.tf deleted file mode 100644 index a73e496056..0000000000 --- a/deployments/terraform/modules/gcp/project/services/providers.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.25.0" - } - } -} diff --git a/deployments/terraform/modules/gcp/project/services/variables.tf b/deployments/terraform/modules/gcp/project/services/variables.tf deleted file mode 100644 index 27e86f7714..0000000000 --- a/deployments/terraform/modules/gcp/project/services/variables.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "services" { - description = "Services (aka APIs) to enable. E.g. compute.googleapis.com. See all via $ gcloud services list --available" - type = set(string) -} - -variable "project" { - description = "The project ID. If not provided, the provider project is used." - type = string - default = null -} diff --git a/deployments/terraform/modules/gcp/terraform_state/README.md b/deployments/terraform/modules/gcp/terraform_state/README.md deleted file mode 100644 index 8cd5fb0b94..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# GCS Terraform State - -Creates a GCS bucket to house terraform state for a remote backend for any deployment. - -**If you have a validator or chain deployment** use [the specific chain backend](./) - -## Bucket Location - -For important or production networks, use "US" or similar as the bucket location. This creates a multi-region bucket for -redundancy. E.g. All saas deployments use multi-region. - -Otherwise, use a specific region like "us-central1" if redundancy is not critical. - -## Bootstrapping - -Bootstrapping a new terraform root module (i.e. the directory where you `terraform apply`) requires using a local backend first. Then, -migrating the local backend to the remote backend. - -1. In the `terraform {}` block, ensure no backend is set. -2. Add this module and `terraform apply` to create the bucket. -3. Add the following to the terraform block: -```hcl -backend "gcs" { - bucket = "" -} -``` -4. Run `terraform init -migrate-state` -5. Likely enable public access prevention detailed below. - -## Public Access Prevention - -Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. - -Currently, terraforming this feature is not possible per bucket. Per [a Dec 2021 PR](https://github.com/GoogleCloudPlatform/magic-modules/pull/5519), -it appears the google-beta provider *should* support it. - -However, testing with google-beta v4.28.0, the variable is invalid. - -```shell -❯ terraform plan -╷ -│ Error: Unsupported argument -│ -│ on ../../../../terraform/modules/gcp/gcs/main.tf line 16, in resource "google_storage_bucket" "bucket": -│ 16: public_access_prevention = "true" -│ -│ An argument named "public_access_prevention" is not expected here. -``` - -The [4.28.0 docs](https://registry.terraform.io/providers/hashicorp/google-beta/4.28.0/docs/resources/storage_bucket) do not -expose any such variable either. - -It's unclear when or if this feature will be included in a google provider. - -As a workaround, [manually activate public access prevention](https://cloud.google.com/storage/docs/using-public-access-prevention). - -## TODOs: -* Public access prevention -* Lifecycle rules for old object versions diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/README.md b/deployments/terraform/modules/gcp/terraform_state/chain/README.md deleted file mode 100644 index bd59817755..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# GCS Terraform State Chain - -Creates a GCS bucket to house terraform state for a remote backend for a chain deployment. - -The same caveats apply as [a generic backend](../README.md). diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/locals.tf b/deployments/terraform/modules/gcp/terraform_state/chain/locals.tf deleted file mode 100644 index 1dd9d43a0a..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - name_prefix = join("-", [var.chain_name, var.network_environment]) -} diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/main.tf b/deployments/terraform/modules/gcp/terraform_state/chain/main.tf deleted file mode 100644 index 3b2ef632fe..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/main.tf +++ /dev/null @@ -1,9 +0,0 @@ -module "gcs_backend" { - source = "../../gcs" - - labels = var.labels - location = var.location - name = "${local.name_prefix}-tfstate" - object_versioning = true - project = var.project -} diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/outputs.tf b/deployments/terraform/modules/gcp/terraform_state/chain/outputs.tf deleted file mode 100644 index 8d46848b40..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "bucket_url" { - value = module.gcs_backend.bucket_url -} - -output "bucket_name" { - value = module.gcs_backend.bucket_name -} diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/providers.tf b/deployments/terraform/modules/gcp/terraform_state/chain/providers.tf deleted file mode 100644 index b5061ef396..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/providers.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.25" - } - } -} diff --git a/deployments/terraform/modules/gcp/terraform_state/chain/variables.tf b/deployments/terraform/modules/gcp/terraform_state/chain/variables.tf deleted file mode 100644 index 7961306f64..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/chain/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "labels" { - type = map(string) -} - -variable "chain_name" { - description = "Short, canonical name for the chain. E.g. osmosis, juno, cosmoshub" - type = string -} - -variable "network_environment" { - description = "One of mainnet, testnet, devnet" - type = string - validation { - condition = contains(["mainnet", "testnet", "devnet"], var.network_environment) - error_message = "Must be mainnet, testnet, or devnet." - } -} - -variable "project" { - description = "Project ID. If absent, uses the provider's project." - type = string - default = null -} - -variable "location" { - description = "Bucket location/region" - type = string -} diff --git a/deployments/terraform/modules/gcp/terraform_state/main.tf b/deployments/terraform/modules/gcp/terraform_state/main.tf deleted file mode 100644 index 98e1205f9e..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/main.tf +++ /dev/null @@ -1,9 +0,0 @@ -module "gcs_backend" { - source = "../gcs" - - labels = var.labels - location = var.location - name = "${var.name_prefix}-tfstate" - object_versioning = true - project = var.project -} diff --git a/deployments/terraform/modules/gcp/terraform_state/outputs.tf b/deployments/terraform/modules/gcp/terraform_state/outputs.tf deleted file mode 100644 index 8d46848b40..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "bucket_url" { - value = module.gcs_backend.bucket_url -} - -output "bucket_name" { - value = module.gcs_backend.bucket_name -} diff --git a/deployments/terraform/modules/gcp/terraform_state/providers.tf b/deployments/terraform/modules/gcp/terraform_state/providers.tf deleted file mode 100644 index b5061ef396..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/providers.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.25" - } - } -} diff --git a/deployments/terraform/modules/gcp/terraform_state/variables.tf b/deployments/terraform/modules/gcp/terraform_state/variables.tf deleted file mode 100644 index 1fa4937eed..0000000000 --- a/deployments/terraform/modules/gcp/terraform_state/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "labels" { - type = map(string) -} - -variable "name_prefix" { - description = "A generic name prefix. Must be globally unique." - type = string -} - -variable "project" { - description = "Project ID. If absent, uses the provider's project." - type = string - default = null -} - -variable "location" { - description = "Bucket location/region" - type = string -} diff --git a/deployments/terraform/modules/node/v1/gke.tf b/deployments/terraform/modules/node/v1/gke.tf deleted file mode 100644 index 3f63c7f38e..0000000000 --- a/deployments/terraform/modules/node/v1/gke.tf +++ /dev/null @@ -1,88 +0,0 @@ -provider "kubernetes" { - host = "https://${module.gke.endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(module.gke.ca_certificate) -} - -resource "google_project_service" "enable_api_gke" { - service = "container.googleapis.com" - - // Intentionally prevent disabling service in case project shares other resources that use this api. - disable_on_destroy = false -} - -module "gke" { - depends_on = [ - module.project_services, - resource.google_compute_subnetwork.subnetwork, - ] - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "22.1.0" - project_id = var.project_id - name = var.cluster_name - region = var.region - zones = var.cluster_zones - network = google_compute_network.vpc_network.name - subnetwork = "subnetwork-${var.cluster_name}" - ip_range_pods = "pods-${var.cluster_name}" - ip_range_services = "services-${var.cluster_name}" - http_load_balancing = true - # config_connector = true - horizontal_pod_autoscaling = false - network_policy = false - enable_private_endpoint = false - enable_private_nodes = false - master_ipv4_cidr_block = var.master_cidr - remove_default_node_pool = true - // Manually specifying a version because we can only do one minor hop at a time, - // and we'd fallen behind 1.27.x -> 1.29.x. As of 2024-03-07, we were running `1.27.5-gke.200`, - // and the 1.27.x series EOLs in 2024-06. - // See for reference: https://cloud.google.com/kubernetes-engine/docs/release-notes - // To see available versions: - // - // gcloud container get-server-config --format "yaml(channels)" --zone us-central1 - // - // and choose something from the STABLE channel. - kubernetes_version = "1.28.3-gke.1286000" - - node_pools = [ - { - name = "chain-node-pool" - node_count = var.num_nodes - disk_size_gb = var.disk_size_gb - machine_type = var.machine_type - disk_type = var.disk_type - image_type = var.image_type - auto_repair = true - auto_upgrade = false - autoscaling = false - preemptible = false - }, - ] - - node_pools_oauth_scopes = { - all = [] - - chain-node-pool = [ - "https://www.googleapis.com/auth/cloud-platform", - ] - } - - node_pools_tags = { - chain-node-pool = ["${var.cluster_name}-node"] - } -} - -module "kubernetes-engine_workload-identity" { - source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "22.1.0" - gcp_sa_name = "config-connector" - cluster_name = module.gke.name - name = "cnrm-controller-manager" - location = var.region - use_existing_k8s_sa = true - annotate_k8s_sa = false - namespace = "cnrm-system" - project_id = var.project_id - roles = ["roles/compute.publicIpAdmin"] -} diff --git a/deployments/terraform/modules/node/v1/main.tf b/deployments/terraform/modules/node/v1/main.tf deleted file mode 100644 index 3ab746fec1..0000000000 --- a/deployments/terraform/modules/node/v1/main.tf +++ /dev/null @@ -1,6 +0,0 @@ -data "google_client_config" "default" {} - -module "project_services" { - source = "../../gcp/project/services" - services = ["compute.googleapis.com", "container.googleapis.com"] -} diff --git a/deployments/terraform/modules/node/v1/outputs.tf b/deployments/terraform/modules/node/v1/outputs.tf deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/deployments/terraform/modules/node/v1/providers.tf b/deployments/terraform/modules/node/v1/providers.tf deleted file mode 100644 index a73e496056..0000000000 --- a/deployments/terraform/modules/node/v1/providers.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.25.0" - } - } -} diff --git a/deployments/terraform/modules/node/v1/variables.tf b/deployments/terraform/modules/node/v1/variables.tf deleted file mode 100644 index cbfc08616c..0000000000 --- a/deployments/terraform/modules/node/v1/variables.tf +++ /dev/null @@ -1,63 +0,0 @@ -variable "cluster_name" { - description = "The name of the GKE cluster" -} - -variable "project_id" { - description = "The project ID to host the cluster in" -} - -variable "region" { - description = "The region to host the cluster in" -} - -variable "cluster_zones" { - description = "The zones where the cluster will be deployed" - type = list(any) -} - -variable "num_nodes" { - description = "The number of nodes per zone" - default = 4 -} - -### The rest of the variables have logical defaults -variable "machine_type" { - description = "The machine type for the nodes" - default = "e2-highmem-4" -} - -variable "image_type" { - description = "The image type for the nodes" - default = "COS_CONTAINERD" -} - -variable "disk_type" { - description = "The disk type for the nodes" - default = "pd-ssd" -} - -variable "disk_size_gb" { - description = "The disk space (GB) for the nodes" - default = 100 -} - -# Sentry Cluster CIDR Ranges -variable "master_cidr" { - description = "The CIDR for the cluster" - default = "192.168.2.0/28" -} - -variable "subnet_cidr" { - description = "The CIDR for the node subnet" - default = "192.168.5.0/24" -} - -variable "subnet_pods_cidr" { - description = "The CIDR for the node pods subnet" - default = "10.7.0.0/16" -} - -variable "subnet_service_cidr" { - description = "The CIDR for the node service subnet" - default = "10.8.0.0/16" -} diff --git a/deployments/terraform/modules/node/v1/vpc.tf b/deployments/terraform/modules/node/v1/vpc.tf deleted file mode 100644 index 79003f9167..0000000000 --- a/deployments/terraform/modules/node/v1/vpc.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "google_compute_network" "vpc_network" { - depends_on = [ - module.project_services - ] - project = var.project_id - name = "vpc-${var.cluster_name}" - auto_create_subnetworks = false -} - -resource "google_compute_subnetwork" "subnetwork" { - project = var.project_id - name = "subnetwork-${var.cluster_name}" - ip_cidr_range = var.subnet_cidr - region = var.region - network = google_compute_network.vpc_network.id - secondary_ip_range { - range_name = "pods-${var.cluster_name}" - ip_cidr_range = var.subnet_pods_cidr - } - secondary_ip_range { - range_name = "services-${var.cluster_name}" - ip_cidr_range = var.subnet_service_cidr - } -}