From c48c0b3baa70afd40799d2cbd2198e0474e5066d Mon Sep 17 00:00:00 2001 From: Vladyslav Deryhin Date: Mon, 9 Oct 2023 18:52:19 +0300 Subject: [PATCH] Add Polygon Bor chart (#264) --- dysnix/bor/Chart.yaml | 21 + dysnix/bor/templates/NOTES.txt | 12 + dysnix/bor/templates/_helpers.tpl | 152 +++++++ dysnix/bor/templates/configmap-scripts.yaml | 11 + dysnix/bor/templates/configmap.yaml | 9 + dysnix/bor/templates/ingress-http.yaml | 61 +++ dysnix/bor/templates/ingress-ws.yaml | 61 +++ .../templates/scripts/_check-readiness.tpl | 20 + .../templates/scripts/_download-snapshot.tpl | 15 + dysnix/bor/templates/service-heimdall.yaml | 38 ++ dysnix/bor/templates/service-metrics.yaml | 38 ++ dysnix/bor/templates/service-p2p-disc.yaml | 42 ++ dysnix/bor/templates/service-p2p.yaml | 42 ++ dysnix/bor/templates/service-rpc.yaml | 46 ++ dysnix/bor/templates/serviceaccount.yaml | 8 + dysnix/bor/templates/servicemonitor.yaml | 22 + dysnix/bor/templates/statefulset.yaml | 192 ++++++++ dysnix/bor/values.yaml | 428 ++++++++++++++++++ 18 files changed, 1218 insertions(+) create mode 100644 dysnix/bor/Chart.yaml create mode 100644 dysnix/bor/templates/NOTES.txt create mode 100644 dysnix/bor/templates/_helpers.tpl create mode 100644 dysnix/bor/templates/configmap-scripts.yaml create mode 100644 dysnix/bor/templates/configmap.yaml create mode 100644 dysnix/bor/templates/ingress-http.yaml create mode 100644 dysnix/bor/templates/ingress-ws.yaml create mode 100644 dysnix/bor/templates/scripts/_check-readiness.tpl create mode 100644 dysnix/bor/templates/scripts/_download-snapshot.tpl create mode 100644 dysnix/bor/templates/service-heimdall.yaml create mode 100644 dysnix/bor/templates/service-metrics.yaml create mode 100644 dysnix/bor/templates/service-p2p-disc.yaml create mode 100644 dysnix/bor/templates/service-p2p.yaml create mode 100644 dysnix/bor/templates/service-rpc.yaml create mode 100644 dysnix/bor/templates/serviceaccount.yaml create mode 100644 dysnix/bor/templates/servicemonitor.yaml create mode 100644 dysnix/bor/templates/statefulset.yaml create mode 100644 dysnix/bor/values.yaml diff --git a/dysnix/bor/Chart.yaml b/dysnix/bor/Chart.yaml new file mode 100644 index 00000000..c48ed741 --- /dev/null +++ b/dysnix/bor/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: bor +description: Polygon Bor execution layer node Helm chart + +version: 0.0.1 +appVersion: "1.0.6" + +keywords: + - geth + - bor + - polygon + - matic + - cryptocurrency + - blockchain + +sources: + - https://github.com/dysnix/charts + +maintainers: + - name: VladStarr + email: vlad.derigin@dysnix.com diff --git a/dysnix/bor/templates/NOTES.txt b/dysnix/bor/templates/NOTES.txt new file mode 100644 index 00000000..70f07977 --- /dev/null +++ b/dysnix/bor/templates/NOTES.txt @@ -0,0 +1,12 @@ +Bor RPC can be accessed via port {{ .Values.services.rpc.http.port }} on the following DNS name from within your cluster: +{{ include "bor.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To connect to Bor RPC: + +1. Forward the port of the pod: + + $ kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bor.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath='{ .items[0].metadata.name }') {{ .Values.services.rpc.http.port }} + +2. Connect using the bor cli: + + $ bor attach http://{{ include "bor.fullname" . }}:{{ .Values.services.rpc.http.port }} diff --git a/dysnix/bor/templates/_helpers.tpl b/dysnix/bor/templates/_helpers.tpl new file mode 100644 index 00000000..4f5674f1 --- /dev/null +++ b/dysnix/bor/templates/_helpers.tpl @@ -0,0 +1,152 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bor.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bor.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bor.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "bor.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "bor.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "bor.labels" -}} +helm.sh/chart: {{ include "bor.chart" . }} +app.kubernetes.io/name: {{ include "bor.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "bor.selectorLabels" -}} +app.kubernetes.io/name: {{ include "bor.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 0 }} +{{- end }} +{{- end }} + +{{/* +Convert Golang slice to Toml array +*/}} +{{- define "toml.list" -}} +{{- print "[" }} +{{- range $idx, $element := . }} + {{- if $idx }}, {{ end }} + {{- $element | quote }} +{{- end -}} +{{ print "]" -}} +{{- end }} + +{{/* +Render Toml properties +*/}} +{{- define "toml.properties" -}} +{{- $root := index . 0 }} +{{- $context := index . 1 }} +{{- range $k, $v := $root }} + {{- if not (kindIs "map" $v) }} + {{- if kindIs "string" $v }} + {{- if contains "{{" $v }} {{- /* render templated values */}} + {{- $v = tpl $v $context }} + {{- if not (or (regexMatch "^[0-9]+$" $v) (regexMatch "^(true|false)$" $v)) }} + {{- $v = quote $v }} + {{- end }} + {{- else }} + {{- $v = quote $v }} + {{- end }} + {{- else if or (kindIs "int" $v) (kindIs "float64" $v) }} + {{- $v = int $v }} + {{- else if kindIs "slice" $v }} + {{- $v = include "toml.list" $v }} + {{- end }} + {{- if contains "." $k }} + {{- $k = quote $k }} + {{- end }} +{{ $k }} = {{ $v }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Render full Toml config including tables +*/}} +{{- define "toml.config" -}} +{{- $context := index . 0 }} +{{- $root := index . 1 }} +{{- include "toml.properties" (list $root $context) }} {{- /* top-level table */}} +{{- range $k, $v := $root }} + {{- if kindIs "map" $v }} + {{- if contains "." $k }} + {{- $k = quote $k }} + {{- end }} + +[{{ $k }}] + {{- include "toml.properties" (list $v $context) }} {{- /* 1st-level table */}} + {{- range $i, $j := $v }} + {{- if kindIs "map" $j }} + {{- if contains "." $i }} + {{- $i = quote $i }} + {{- end }} + {{- $i = print $k "." $i }} + +[{{ $i }}] + {{- include "toml.properties" (list $j $context) }} {{- /* 2nd-level table */}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "bor.healthcheck" -}} +{{- $context := index . 0 }} +{{- $root := index . 1 }} +{{- if and $root.exec (kindIs "string" $root.exec.command) }} +{{- omit $root "enabled" "exec" | toYaml }} +exec: + command: + {{- tpl $root.exec.command $context | nindent 4 }} +{{- else }} +{{- omit $root "enabled" | toYaml }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/configmap-scripts.yaml b/dysnix/bor/templates/configmap-scripts.yaml new file mode 100644 index 00000000..121a8286 --- /dev/null +++ b/dysnix/bor/templates/configmap-scripts.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "bor.fullname" . }}-scripts + labels: + {{- include "bor.labels" . | nindent 4 }} +data: + check-readiness.sh: |- + {{- include (print $.Template.BasePath "/scripts/_check-readiness.tpl") . | nindent 4 }} + download-snapshot.sh: |- + {{- include (print $.Template.BasePath "/scripts/_download-snapshot.tpl") . | nindent 4 }} diff --git a/dysnix/bor/templates/configmap.yaml b/dysnix/bor/templates/configmap.yaml new file mode 100644 index 00000000..98611f50 --- /dev/null +++ b/dysnix/bor/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "bor.fullname" . }}-config + labels: + {{- include "bor.labels" . | nindent 4 }} +data: + config.toml: |- + {{- include "toml.config" (list $ .Values.config) | indent 4 }} diff --git a/dysnix/bor/templates/ingress-http.yaml b/dysnix/bor/templates/ingress-http.yaml new file mode 100644 index 00000000..544a6ecc --- /dev/null +++ b/dysnix/bor/templates/ingress-http.yaml @@ -0,0 +1,61 @@ +{{- if and .Values.services.rpc.enabled .Values.ingress.http.enabled -}} +{{- $fullName := include "bor.fullname" . -}} +{{- $svcPort := .Values.services.rpc.httpPort -}} +{{- if and .Values.ingress.http.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.http.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.http.annotations "kubernetes.io/ingress.class" .Values.ingress.http.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-http + labels: + {{- include "bor.labels" . | nindent 4 }} + {{- with .Values.ingress.http.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.http.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.http.className }} + {{- end }} + {{- if .Values.ingress.http.tls }} + tls: + {{- range .Values.ingress.http.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.http.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rpc + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rpc + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/dysnix/bor/templates/ingress-ws.yaml b/dysnix/bor/templates/ingress-ws.yaml new file mode 100644 index 00000000..351b3e45 --- /dev/null +++ b/dysnix/bor/templates/ingress-ws.yaml @@ -0,0 +1,61 @@ +{{- if and .Values.services.rpc.enabled .Values.ingress.ws.enabled -}} +{{- $fullName := include "bor.fullname" . -}} +{{- $svcPort := .Values.services.rpc.wsPort -}} +{{- if and .Values.ingress.ws.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.ws.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.ws.annotations "kubernetes.io/ingress.class" .Values.ingress.ws.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-ws + labels: + {{- include "bor.labels" . | nindent 4 }} + {{- with .Values.ingress.ws.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ws.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.ws.className }} + {{- end }} + {{- if .Values.ingress.ws.tls }} + tls: + {{- range .Values.ingress.ws.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.ws.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rpc + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rpc + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/dysnix/bor/templates/scripts/_check-readiness.tpl b/dysnix/bor/templates/scripts/_check-readiness.tpl new file mode 100644 index 00000000..693b0b8c --- /dev/null +++ b/dysnix/bor/templates/scripts/_check-readiness.tpl @@ -0,0 +1,20 @@ +#!/usr/bin/env sh +set -e + +# Retrieving latest block timestamp +get_block_timestamp() { + bor attach http://localhost:{{ .Values.config.jsonrpc.http.port }} --exec "eth.getBlock(eth.blockNumber).timestamp" 2>/dev/null +} + +if [ -z $1 ]; then + echo "Usage: $0 {allowed-block-gap-in-seconds}" && exit 1 +fi + +allowed_gap=$1 +current_gap=$(expr $(date +%s) - $(get_block_timestamp)) + +if [ $current_gap -le $allowed_gap ]; then + exit 0 +else + echo "Current block timestamp gap ($current_gap) is higher than allowed ($allowed_gap)" && exit 1 +fi \ No newline at end of file diff --git a/dysnix/bor/templates/scripts/_download-snapshot.tpl b/dysnix/bor/templates/scripts/_download-snapshot.tpl new file mode 100644 index 00000000..aad37d7f --- /dev/null +++ b/dysnix/bor/templates/scripts/_download-snapshot.tpl @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +if [ ! -f /data/.downloaded ]; then + apt-get -y update && apt-get -y install wget + wget -qO download.sh https://snapshot-download.polygon.technology/snapdown.sh + sed -i 's/sudo//g' download.sh + chmod +x download.sh + + ./download.sh --network {{ .Values.config.chain }} --client bor --extract-dir /data/bor/chaindata --validate-checksum true + touch /data/.downloaded +else + echo "Initial snapshot already downloaded, skipping." +fi diff --git a/dysnix/bor/templates/service-heimdall.yaml b/dysnix/bor/templates/service-heimdall.yaml new file mode 100644 index 00000000..ab1880bb --- /dev/null +++ b/dysnix/bor/templates/service-heimdall.yaml @@ -0,0 +1,38 @@ +{{- with .Values.services.heimdall }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bor.fullname" $ }}-heimdall + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: heimdall + {{- include "bor.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: http + port: {{ .port }} + targetPort: http + selector: + {{- include "bor.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/service-metrics.yaml b/dysnix/bor/templates/service-metrics.yaml new file mode 100644 index 00000000..04afc0be --- /dev/null +++ b/dysnix/bor/templates/service-metrics.yaml @@ -0,0 +1,38 @@ +{{- with .Values.services.metrics }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bor.fullname" $ }}-metrics + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: metrics + {{- include "bor.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: metrics + port: {{ .port }} + targetPort: metrics + selector: + {{- include "bor.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/service-p2p-disc.yaml b/dysnix/bor/templates/service-p2p-disc.yaml new file mode 100644 index 00000000..e0ec9af9 --- /dev/null +++ b/dysnix/bor/templates/service-p2p-disc.yaml @@ -0,0 +1,42 @@ +{{- with .Values.services.p2pDiscovery }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bor.fullname" $ }}-p2p-discovery + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: p2p-discovery + {{- include "bor.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: p2p-discovery + port: {{ .port }} + targetPort: p2p-discovery + protocol: UDP + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "bor.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/service-p2p.yaml b/dysnix/bor/templates/service-p2p.yaml new file mode 100644 index 00000000..e0571ade --- /dev/null +++ b/dysnix/bor/templates/service-p2p.yaml @@ -0,0 +1,42 @@ +{{- with .Values.services.p2p }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bor.fullname" $ }}-p2p + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: p2p + {{- include "bor.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: p2p + port: {{ .port }} + targetPort: p2p + protocol: TCP + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "bor.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/service-rpc.yaml b/dysnix/bor/templates/service-rpc.yaml new file mode 100644 index 00000000..cfcfdf01 --- /dev/null +++ b/dysnix/bor/templates/service-rpc.yaml @@ -0,0 +1,46 @@ +{{- with .Values.services.rpc }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bor.fullname" $ }}-rpc + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: rpc + {{- include "bor.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: http + port: {{ .http.port }} + targetPort: http + {{- if .ws.enabled }} + - name: ws + port: {{ .ws.port }} + targetPort: ws + {{- end }} + selector: + {{- include "bor.selectorLabels" $ | nindent 4 }} + {{- with $.Values.podStatusLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/dysnix/bor/templates/serviceaccount.yaml b/dysnix/bor/templates/serviceaccount.yaml new file mode 100644 index 00000000..8d315d30 --- /dev/null +++ b/dysnix/bor/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "bor.serviceAccountName" . }} + labels: + {{- include "bor.labels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/bor/templates/servicemonitor.yaml b/dysnix/bor/templates/servicemonitor.yaml new file mode 100644 index 00000000..63dd41b9 --- /dev/null +++ b/dysnix/bor/templates/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.services.metrics.enabled .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "bor.fullname" . }} + labels: + {{- include "bor.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + service-type: metrics + {{- include "bor.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + path: /debug/metrics/prometheus + {{- with (omit .Values.serviceMonitor "enabled") }} + {{- toYaml . | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/dysnix/bor/templates/statefulset.yaml b/dysnix/bor/templates/statefulset.yaml new file mode 100644 index 00000000..91749022 --- /dev/null +++ b/dysnix/bor/templates/statefulset.yaml @@ -0,0 +1,192 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "bor.fullname" . }} + labels: + {{- include "bor.labels" . | nindent 4 }} +spec: + serviceName: {{ template "bor.name" . }} + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + selector: + matchLabels: + {{- include "bor.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }} + labels: + {{- include "bor.selectorLabels" . | nindent 8 }} + {{- with .Values.podStatusLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "bor.serviceAccountName" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- if .Values.init.pruneState.enabled }} + - name: prune-state + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + args: + - snapshot + - prune-state + - --datadir + - /data + {{- with .Values.init.pruneState.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if .Values.init.downloadGenesis.enabled }} + - name: download-genesis + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + command: + - sh + - -ce + - > + wget -O /data/genesis.json + {{ .Values.init.downloadGenesis.url }} + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- with .Values.init.downloadSnapshot }} + {{- if .enabled }} + - name: download-snapshot + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.pullPolicy | quote }} + command: ["sh", "/scripts/download-snapshot.sh"] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: data + mountPath: /data + {{- end }} + {{- end }} + {{- with .Values.extraInitContainers }} + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + containers: + {{- with .Values.sidecarContainers }} + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + - name: {{ template "bor.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.command }} + command: + {{- toYaml . | nindent 10 }} + {{- end }} + args: + - server + - --config + - /config/config.toml + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + {{- range $k, $v := .Values.containerPorts }} + {{- if $v.enabled }} + - name: {{ $k }} + containerPort: {{ $v.port }} + {{- with $v.protocol }} + protocol: {{ . }} + {{- end }} + {{- with $v.hostPort }} + hostPort: {{ .}} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + {{- include "bor.healthcheck" (list $ .Values.livenessProbe) | nindent 10 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + {{- include "bor.healthcheck" (list $ .Values.readinessProbe) | nindent 10 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.config.datadir }} + - name: config + mountPath: /config + - name: scripts + mountPath: /scripts + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.sidecarContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: scripts + configMap: + name: {{ include "bor.fullname" . }}-scripts + - name: config + configMap: + name: {{ include "bor.fullname" . }}-config + {{- if eq .Values.persistence.type "hostPath" }} + - name: data + hostPath: + path: {{ .Values.persistence.hostPath.path }} + type: {{ .Values.persistence.hostPath.type }} + {{- end }} + {{- if eq .Values.persistence.type "pvc" }} + volumeClaimTemplates: + - metadata: + name: data + labels: + {{- include "bor.selectorLabels" . | nindent 8 }} + {{- with .Values.persistence.pvc.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.pvc.accessMode }} + {{- if .Values.persistence.pvc.storageClass }} + {{- if eq .Values.persistence.pvc.storageClass "-" }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.pvc.storageClass | quote }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.pvc.size | quote }} + {{- end }} \ No newline at end of file diff --git a/dysnix/bor/values.yaml b/dysnix/bor/values.yaml new file mode 100644 index 00000000..b0bc5cf8 --- /dev/null +++ b/dysnix/bor/values.yaml @@ -0,0 +1,428 @@ +image: + repository: 0xpolygon/bor + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +updateStrategy: + type: RollingUpdate + +## Ensure we shut down gracefully +terminationGracePeriodSeconds: 600 + +## Extra pod labels +podLabels: {} + # environment: production + +## This labels mark bor node as ready to serve the traffic. +## Used as selector for RPC service together with `.Values.podLabels` and default labels. +podStatusLabels: {} + # manualstatus: in-service + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # runAsGroup: 1000 + +## Override bor container command (can be templated) +command: [] + +## Extra container arguments (can be templated) +extraArgs: [] + +## Extra init containers, can be templated +extraInitContainers: [] + # - name: dumpconfig + # image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + # imagePullPolicy: "{{ .Values.image.pullPolicy }}" + # command: ["dumpconfig"] + # volumeMounts: + # - name: config + # mountPath: /config + +## Sidecar containers, can be templated +sidecarContainers: [] + # - name: exporter + # image: ethpandaops/ethereum-metrics-exporter:latest + # imagePullPolicy: Always + # args: + # - --execution-url=http://localhost:{{ .Values.containerPorts.http.port }} + # ports: + # - name: exporter + # containerPort: 9090 + +containerPorts: + http: + enabled: true + port: 8545 + ws: + enabled: false + port: 8546 + metrics: + enabled: false + port: 7071 + p2p: + enabled: true + port: 30303 + protocol: TCP + # hostPort: 30303 + p2p-discovery: + enabled: true + port: 30303 + protocol: UDP + # hostPort: 30303 + +## Services config +services: + p2p: + enabled: true + type: NodePort + loadBalancerIP: "" + port: 30303 + # it's better to set nodePort equal to .Values.config.node.p2p.port when the svc type is "NodePort" + # nodePort: 30303 + annotations: {} + publishNotReadAddresses: true + p2pDiscovery: + enabled: true + type: NodePort + loadBalancerIP: "" + port: 30303 + # it's better to set nodePort equal to .Values.config.node.p2p.port when the svc type is "NodePort" + # nodePort: 30303 + annotations: {} + publishNotReadAddresses: true + rpc: + enabled: true + type: ClusterIP + http: + port: 8545 + ws: + enabled: false + port: 8546 + annotations: {} + metrics: + enabled: false + type: ClusterIP + port: 7071 + annotations: {} + publishNotReadAddresses: true + heimdall: + enabled: true + type: ClusterIP + port: 8545 + annotations: {} + publishNotReadAddresses: true + +ingress: + http: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: [] + # - host: bor.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: bor-tls + # hosts: + # - bor.local + ws: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + # - host: bor-ws.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: bor-ws-tls + # hosts: + # - bor-ws.local + +persistence: + type: pvc + # type: hostPath + pvc: + size: 4Ti # bor full node occupies ~4TB disk space + accessMode: ReadWriteOnce + storageClass: "" # set to "-" if you want to manually create persistent volume + annotations: {} + hostPath: + path: /data/bor + type: Directory # by default you need to create directory yourself + +affinity: {} + +nodeSelector: {} + +tolerations: [] + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# Create Prometheus Operator serviceMonitor +serviceMonitor: + enabled: false + # interval: 10s + # scrapeTimeout: 2s + # honorLabels: true + # relabelings: [] + # metricRelabelings: [] + +# Assume that node is stuck if it's lag is more than 300 seconds. +# .livenessProbe.exec.command can also be in a templated string format +livenessProbe: + enabled: false + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 10 + exec: + command: + - sh + - /scripts/check-readiness.sh + - "300" + +# Assume that node is not ready to serve traffic if it's lag is more than 60 seconds. +# .readinessProbe.exec.command can also be in a templated string format +readinessProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - sh + - /scripts/check-readiness.sh + - "60" + +####### +### Bor init containers +####### + +init: + # offline pruning + pruneState: + enabled: false + extraArgs: [] + # download Bor snapshot from official source + downloadSnapshot: + enabled: false + image: + repository: docker.io/debian + tag: stable-slim + pullPolicy: Always + # download Genesis + downloadGenesis: + enabled: true + url: https://raw.githubusercontent.com/maticnetwork/bor/master/builder/files/genesis-mainnet-v1.json + +####### +### Main Bor config, will be converted into Toml format +####### +config: + chain: mainnet + identity: '{{ include "bor.fullname" . }}' + verbosity: 3 + vmdebug: false + datadir: /data + ancient: "" + keystore: "" + rpc.batchlimit: 100 + rpc.returndatalimit: 100000 + syncmode: full + gcmode: full + snapshot: true + bor.logs: false + ethstats: "" + devfakeauthor: false + eth.requiredblocks: {} + log: + vmodule: "" + json: false + backtrace: "" + debug: false + p2p: + maxpeers: 50 + maxpendpeers: 50 + bind: 0.0.0.0 + port: 30303 + nodiscover: false + nat: any # set it to "extip:" if p2p is not exposed via hostPort + netrestrict: "" + nodekey: "" + nodekeyhex: "" + txarrivalwait: 500ms + discovery: + v5disc: false + bootnodes: + - enode://b8f1cc9c5d4403703fbf377116469667d2b1823c0daf16b7250aa576bacf399e42c3930ccfcb02c5df6879565a2b8931335565f0e8d3f8e72385ecf4a4bf160a@3.36.224.80:30303 # mainnet + - enode://8729e0c825f3d9cad382555f3e46dcff21af323e89025a0e6312df541f4a9e73abfa562d64906f5e59c51fe6f0501b3e61b07979606c56329c020ed739910759@54.194.245.5:30303 # mainnet + - enode://76316d1cb93c8ed407d3332d595233401250d48f8fbb1d9c65bd18c0495eca1b43ec38ee0ea1c257c0abb7d1f25d649d359cdfe5a805842159cfe36c5f66b7e8@52.78.36.216:30303 # mainnet + - enode://681ebac58d8dd2d8a6eef15329dfbad0ab960561524cf2dfde40ad646736fe5c244020f20b87e7c1520820bc625cfb487dd71d63a3a3bf0baea2dbb8ec7c79f1@34.240.245.39:30303 # mainnet + # - enode://bdcd4786a616a853b8a041f53496d853c68d99d54ff305615cd91c03cd56895e0a7f6e9f35dbf89131044e2114a9a782b792b5661e3aff07faf125a98606a071@43.200.206.40:30303 # mumbai testnet + # - enode://209aaf7ed549cf4a5700fd833da25413f80a1248bd3aa7fe2a87203e3f7b236dd729579e5c8df61c97bf508281bae4969d6de76a7393bcbd04a0af70270333b3@54.216.248.9:30303 # mumbai testnet + bootnodesv4: [] + bootnodesv5: [] + static-nodes: [] + trusted-nodes: [] + dns: [] + heimdall: + url: http://heimdall-rest:1317 + grpc-address: "" + bor.without: false + bor.runheimdall: false + bor.runheimdallargs: "" + bor.useheimdallapp: false + txpool: + locals: [] + nolocals: false + journal: transactions.rlp + rejournal: 1h0m0s + pricelimit: 1 + pricebump: 10 + accountslots: 16 + globalslots: 32768 + accountqueue: 16 + globalqueue: 32768 + lifetime: 3h0m0s + miner: + mine: false + etherbase: "" + extradata: "" + gaslimit: 30000000 + gasprice: "1000000000" + recommit: 2m5s + commitinterrupt: true + jsonrpc: + ipcdisable: false + ipcpath: "" + gascap: 50000000 + evmtimeout: 5s + txfeecap: 5.0 + allow-unprotected-txs: false + http: + enabled: true + port: "{{ .Values.containerPorts.http.port }}" + prefix: "" + host: 0.0.0.0 + api: ["eth", "net", "web3"] + vhosts: ["*"] + corsdomain: ["*"] + ep-size: 40 + ep-requesttimeout: 0s + ws: + enabled: false + port: "{{ .Values.containerPorts.ws.port }}" + prefix: "" + host: 0.0.0.0 + api: ["eth", "net", "web3"] + origins: ["*"] + ep-size: 40 + ep-requesttimeout: 0s + auth: + jwtsecret: /secrets/jwt.hex + addr: 0.0.0.0 + port: 8551 + vhosts: ["*"] + timeouts: + read: 10s + write: 30s + idle: 2m0s + gpo: + blocks: 20 + percentile: 60 + maxheaderhistory: 1024 + maxblockhistory: 1024 + maxprice: "5000000000000" + ignoreprice: "2" + telemetry: + metrics: false + expensive: false + prometheus-addr: "0.0.0.0:{{ .Values.containerPorts.metrics.port }}" + opencollector-endpoint: "" + influx: + influxdb: false + endpoint: "" + database: "" + username: "" + password: "" + influxdbv2: false + token: "" + bucket: "" + organization: "" + cache: + cache: 1024 + gc: 25 + snapshot: 10 + database: 50 + trie: 15 + journal: triecache + rejournal: 1h0m0s + noprefetch: false + preimages: false + txlookuplimit: 2350000 + triesinmemory: 128 + timeout: 1h0m0s + fdlimit: 0 + accounts: + unlock: [] + password: "" + allow-insecure-unlock: false + lightkdf: false + disable-bor-wallet: true + grpc: + addr: ":3131" + developer: + dev: false + period: 0 + gaslimit: 11500000 + parallelevm: + enable: true + procs: 8 + pprof: + pprof: false + port: 6060 + addr: 0.0.0.0 + memprofilerate: 524288 + blockprofilerate: 0