-
Notifications
You must be signed in to change notification settings - Fork 129
/
validator2-statefulset.yaml
155 lines (151 loc) · 4.18 KB
/
validator2-statefulset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: validator2-sa
namespace: besu
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: validator2-key-read-role
namespace: besu
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: [ besu-validator2-key ]
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: validator2-rb
namespace: besu
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: validator2-key-read-role
subjects:
- kind: ServiceAccount
name: validator2-sa
namespace: besu
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: validator2
labels:
app: validator2
namespace: besu
spec:
replicas: 1
selector:
matchLabels:
app: validator2
serviceName: besu-validator2
template:
metadata:
labels:
app: validator2
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9545"
prometheus.io/path: "/metrics"
spec:
serviceAccountName: validator2-sa
initContainers:
- name: init-bootnode
image: curlimages/curl:7.79.1
command:
- "sh"
- "-c"
- "curl -X GET --connect-timeout 30 --max-time 10 --retry 6 --retry-delay 0 --retry-max-time 300 ${BESU_VALIDATOR1_SERVICE_HOST}:8545/liveness"
containers:
- name: validator2
image: hyperledger/besu:24.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 1024Mi
limits:
cpu: 500m
memory: 2048Mi
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: VALIDATOR1_PUBKEY
valueFrom:
configMapKeyRef:
name: besu-validators-configmap
key: validator1PubKey
- name: VALIDATOR2_PUBKEY
valueFrom:
configMapKeyRef:
name: besu-validators-configmap
key: validator2PubKey
volumeMounts:
- name: key
mountPath: /secrets
readOnly: true
- name: genesis-config
mountPath: /etc/genesis
readOnly: true
- name: config-toml
mountPath: /etc/besu
readOnly: true
- name: node-permissions
mountPath: /etc/permissions
- name: data
mountPath: /data
ports:
- containerPort: 8545
name: json-rpc
protocol: TCP
- containerPort: 8546
name: ws
protocol: TCP
- containerPort: 8547
name: graphql
protocol: TCP
- containerPort: 30303
name: rlpx
protocol: TCP
- containerPort: 30303
name: discovery
protocol: UDP
command:
- /bin/sh
- -c
args:
- |
exec /opt/besu/bin/besu \
--node-private-key-file=/secrets/nodekey \
--config-file=/etc/besu/config.toml \
--Xdns-enabled=true --Xdns-update-enabled=true --Xnat-kube-service-name=besu-validator2 \
--bootnodes=enode://${VALIDATOR1_PUBKEY}@validator1-0.besu-validator1.besu.svc.cluster.local:30303,enode://${VALIDATOR2_PUBKEY}@validator2-0.besu-validator2.besu.svc.cluster.local:30303
volumes:
- name: key
secret:
secretName: besu-validator2-key
- name: genesis-config
configMap:
name: besu-genesis-configmap
- name: config-toml
configMap:
name: besu-config-toml-configmap
- name: node-permissions
configMap:
name: besu-node-permissions-configmap
- name: data
emptyDir:
sizeLimit: "1Gi"