From 0b35483c4f3991b6b1ecadcbff46a6335cda369c Mon Sep 17 00:00:00 2001 From: Vladyslav Deryhin Date: Tue, 26 Sep 2023 19:22:39 +0300 Subject: [PATCH] [geth] pre-release v1.0.0 --- dysnix/geth/Chart.yaml | 33 +- dysnix/geth/README.md | 84 ----- dysnix/geth/templates/NOTES.txt | 12 - dysnix/geth/templates/_config.tpl | 116 +++++++ dysnix/geth/templates/_helpers.tpl | 80 +++-- dysnix/geth/templates/configmap-scripts.yaml | 9 + dysnix/geth/templates/configmap.yaml | 9 + dysnix/geth/templates/hpa.yaml | 26 -- dysnix/geth/templates/ingress-http.yaml | 61 ++++ dysnix/geth/templates/ingress-rpc.yaml | 59 ---- dysnix/geth/templates/ingress-ws.yaml | 94 +++--- .../templates/scripts/_check-readiness.tpl | 20 ++ dysnix/geth/templates/secret.yaml | 12 +- dysnix/geth/templates/service-authrpc.yaml | 34 ++ dysnix/geth/templates/service-metrics.yaml | 34 ++ dysnix/geth/templates/service-p2p.yaml | 45 +++ dysnix/geth/templates/service-rpc.yaml | 41 +++ dysnix/geth/templates/serviceaccount.yaml | 12 + dysnix/geth/templates/servicemonitor.yaml | 25 +- dysnix/geth/templates/statefulset.yaml | 196 +++++------ dysnix/geth/templates/svc-p2p.yaml | 37 --- dysnix/geth/templates/svc.yaml | 41 --- dysnix/geth/values.yaml | 306 ++++++++++-------- 23 files changed, 775 insertions(+), 611 deletions(-) delete mode 100644 dysnix/geth/README.md delete mode 100644 dysnix/geth/templates/NOTES.txt create mode 100644 dysnix/geth/templates/_config.tpl create mode 100644 dysnix/geth/templates/configmap-scripts.yaml create mode 100644 dysnix/geth/templates/configmap.yaml delete mode 100644 dysnix/geth/templates/hpa.yaml create mode 100644 dysnix/geth/templates/ingress-http.yaml delete mode 100644 dysnix/geth/templates/ingress-rpc.yaml create mode 100644 dysnix/geth/templates/scripts/_check-readiness.tpl create mode 100644 dysnix/geth/templates/service-authrpc.yaml create mode 100644 dysnix/geth/templates/service-metrics.yaml create mode 100644 dysnix/geth/templates/service-p2p.yaml create mode 100644 dysnix/geth/templates/service-rpc.yaml create mode 100644 dysnix/geth/templates/serviceaccount.yaml delete mode 100644 dysnix/geth/templates/svc-p2p.yaml delete mode 100644 dysnix/geth/templates/svc.yaml diff --git a/dysnix/geth/Chart.yaml b/dysnix/geth/Chart.yaml index 2147f09f..60b0df09 100644 --- a/dysnix/geth/Chart.yaml +++ b/dysnix/geth/Chart.yaml @@ -1,21 +1,18 @@ apiVersion: v2 -appVersion: v1.11.4 -description: Official Go implementation of the Ethereum protocol -home: https://geth.ethereum.org -icon: https://geth.ethereum.org/static/images/ethereum.png -keywords: -- geth -- cryptocurrency -- blockchain -maintainers: -- email: daniel@dysnix.com - name: daniel-yavorovich -- email: av@dysnix.com - name: voron -- email: vd@dysnix.com - name: vladstarr name: geth +description: Go-ethereum blockchain node Helm Chart + +version: 1.0.0 +appVersion: v1.13.1 + +keywords: + - geth + - cryptocurrency + - blockchain + sources: -- https://github.com/dysnix/charts -- https://github.com/ethereum/go-ethereum -version: 0.5.0 + - https://github.com/dysnix/charts + +maintainers: + - name: VladStarr + email: vlad.derigin@dysnix.com diff --git a/dysnix/geth/README.md b/dysnix/geth/README.md deleted file mode 100644 index 97da17a3..00000000 --- a/dysnix/geth/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Ethereum Public Network - -[Geth](https://geth.ethereum.org) is official Go implementation of the Ethereum protocol - -## Introduction - -This chart bootstraps a Statefulset Ethereum nodes cluster on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.8+ - -## Installing the Chart -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/geth -``` - -The command deploys Geth on the Kubernetes cluster in the default configuration. -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release`: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the geth chart and their default values. - - Parameter | Description | Default ----------------------------|-------------------------------------------------------------------------------------|-------- -`image.repository` | Image source repository name | `ethereum/client-go` -`image.tag` | `geth` image tag. | `stable` -`image.pullPolicy` | Image pull policy | `IfNotPresent` -`rpcPort` | HTTP-RPC server listening port | `8545` -`wsPort` | WS-RPC server listening port | `8546` -`rpcApi` | API's offered over the HTTP-RPC interface | `net,eth,personal,web3` -`wsApi` | API's offered over the WS-RPC interface | `net,eth,personal,web3` -`wsOrigins` | Origins from which to accept websockets requests | `*` -`networkId` | Network identifier (integer, 1=Frontier, 2=Morden (disused), 3=Ropsten, 4=Rinkeby) | `1` -`syncMode` | Blockchain sync mode ("fast", "full", or "light") | `fast` -`testnet` | Ropsten network: pre-configured proof-of-work test network | `false` -`rinkeby` | Rinkeby network: pre-configured proof-of-authority test network | `false` -`customArgs` | Custom geth arguments with values | `{}` -`persistence.enabled` | Create a volume to store data | `true` -`persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` -`persistence.size` | Size of persistent volume claim | `300Gi` -`resources` | CPU/Memory resource requests/limits | `{}` -`serviceExternal.enabled` | Enable or disable external access to RPC/WS | `true` -`hpa.minReplicas` | Minimal replicas count of TX nodes | `1` -`hpa.maxReplicas` | Maximum replicas count of TX nodes | `3` -`hpa.targetCPUUtilizationPercentage`| CPU utilization percentage for activate scale | `300` - - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/geth -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Persistence - -The geth image stores the geth node data (Blockchain and wallets) and configurations at the `/root` path of the container. - -By default a PersistentVolumeClaim is created and mounted into that directory. In order to disable this functionality -you can change the values.yaml to disable persistence and use an emptyDir instead. - -> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* - -!!! WARNING !!! - -Please NOT use emptyDir for production cluster! Your wallets will be lost on container restart! - diff --git a/dysnix/geth/templates/NOTES.txt b/dysnix/geth/templates/NOTES.txt deleted file mode 100644 index 0729a357..00000000 --- a/dysnix/geth/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -geth RPC can be accessed via port {{ .Values.rpcPort }} on the following DNS name from within your cluster: -{{ template "geth.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To connect to geth RPC: - -1. Forward the port for the node: - - $ kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "geth.name" . }},release={{ .Release.Name }}" -o jsonpath='{ .items[0].metadata.name }') {{ .Values.rpcPort }} - -2. Connect using the geth cli: - - $ geth attach http://{{ template "geth.fullname" . }}:{{ .Values.rpcPort }} diff --git a/dysnix/geth/templates/_config.tpl b/dysnix/geth/templates/_config.tpl new file mode 100644 index 00000000..6203ccbe --- /dev/null +++ b/dysnix/geth/templates/_config.tpl @@ -0,0 +1,116 @@ +{{- with .Values.config.eth -}} +[Eth] +SyncMode = {{ .syncMode | quote }} +EthDiscoveryURLs = ["enrtree://AKA3AM6LPBYEUDMVNU3BSVQJ5AD45Y7YPOHJLEF6W26QOE4VTUDPE@all.mainnet.ethdisco.net"] +SnapDiscoveryURLs = ["enrtree://AKA3AM6LPBYEUDMVNU3BSVQJ5AD45Y7YPOHJLEF6W26QOE4VTUDPE@all.mainnet.ethdisco.net"] +NoPruning = {{ eq .gcMode "archive" | ternary true false }} +NoPrefetch = false +TxLookupLimit = {{ int .txLookupLimit }} +TransactionHistory = {{ int .transactionHistory }} +StateHistory = {{ int .stateHistory }} +StateScheme = {{ .stateScheme | quote }} +LightPeers = 100 +DatabaseCache = 512 +DatabaseFreezer = "" +TrieCleanCache = 154 +TrieDirtyCache = 256 +TrieTimeout = 3600000000000 +SnapshotCache = 102 +Preimages = {{ .preimages }} +FilterLogCacheSize = 32 +EnablePreimageRecording = false +RPCGasCap = 50000000 +RPCEVMTimeout = 5000000000 +RPCTxFeeCap = 1e+00 +{{- end }} + +[Eth.Miner] +GasFloor = 0 +GasCeil = 30000000 +GasPrice = 1000000000 +Recommit = 2000000000 +NewPayloadTimeout = 2000000000 + +[Eth.TxPool] +Locals = [] +NoLocals = false +Journal = "transactions.rlp" +Rejournal = 3600000000000 +PriceLimit = 1 +PriceBump = 10 +AccountSlots = 16 +GlobalSlots = 5120 +AccountQueue = 64 +GlobalQueue = 1024 +Lifetime = 10800000000000 + +[Eth.BlobPool] +Datadir = "blobpool" +Datacap = 10737418240 +PriceBump = 100 + +[Eth.GPO] +Blocks = 20 +Percentile = 60 +MaxHeaderHistory = 1024 +MaxBlockHistory = 1024 +MaxPrice = 500000000000 +IgnorePrice = 2 + +{{- with .Values.config.node }} +[Node] +DataDir = "/root/.ethereum" +IPCPath = {{ .ipc.enabled | ternary .ipc.path "" | quote }} +HTTPHost = {{ .http.enabled | ternary "0.0.0.0" "" | quote }} +HTTPPort = {{ .http.port }} +HTTPVirtualHosts = {{ include "geth.tomlList" .http.vhosts }} +HTTPModules = {{ include "geth.tomlList" .http.modules }} +HTTPCors = {{ include "geth.tomlList" .http.cors }} +AuthAddr = "0.0.0.0" +AuthPort = {{ .authrpc.port }} +AuthVirtualHosts = {{ include "geth.tomlList" .authrpc.vhosts }} +WSHost = {{ .ws.enabled | ternary "0.0.0.0" "" | quote }} +WSPort = {{ .ws.port }} +WSModules = {{ include "geth.tomlList" .ws.modules }} +WSOrigins = {{ include "geth.tomlList" .ws.origins }} +GraphQLVirtualHosts = ["localhost"] +BatchRequestLimit = 1000 +BatchResponseMaxSize = 25000000 +JWTSecret = "/secrets/jwt.hex" +{{- end }} + +{{- with .Values.config.node.p2p }} +[Node.P2P] +MaxPeers = {{ int .maxPeers }} +NoDiscovery = {{ .noDiscovery }} +DiscoveryV4 = true +BootstrapNodes = {{ include "geth.tomlList" .bootstrapNodes }} +BootstrapNodesV5 = {{ include "geth.tomlList" .bootstrapNodesV5 }} +StaticNodes = {{ include "geth.tomlList" .staticNodes }} +TrustedNodes = {{ include "geth.tomlList" .trustedNodes }} +ListenAddr = ":{{ .port }}" +DiscAddr = "" +EnableMsgEvents = false +{{- end }} + +[Node.HTTPTimeouts] +ReadTimeout = 30000000000 +ReadHeaderTimeout = 30000000000 +WriteTimeout = 30000000000 +IdleTimeout = 120000000000 + +{{- with .Values.config.metrics }} +[Metrics] +Enabled = {{ .enabled }} +EnabledExpensive = {{ .expensive }} +HTTP = "0.0.0.0" +Port = {{ .port }} +InfluxDBEndpoint = "http://localhost:8086" +InfluxDBDatabase = "geth" +InfluxDBUsername = "test" +InfluxDBPassword = "test" +InfluxDBTags = "host=localhost" +InfluxDBToken = "test" +InfluxDBBucket = "geth" +InfluxDBOrganization = "geth" +{{- end }} \ No newline at end of file diff --git a/dysnix/geth/templates/_helpers.tpl b/dysnix/geth/templates/_helpers.tpl index ecb78977..d2abfc95 100644 --- a/dysnix/geth/templates/_helpers.tpl +++ b/dysnix/geth/templates/_helpers.tpl @@ -32,56 +32,48 @@ Create chart name and version as used by the chart label. {{- end -}} {{/* -Geth statefullset annotations +Common labels */}} -{{- define "geth.statefulset.annotations" -}} -{{- if .Values.persistence.snapshotValue -}} -snapshot: {{ .Values.persistence.snapshotValue }} -{{- end -}} -{{- end -}} +{{- define "geth.labels" -}} +helm.sh/chart: {{ include "geth.chart" . }} +app.kubernetes.io/name: {{ include "geth.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} {{/* -Geth args +Selector labels */}} -{{- define "geth.args" -}} - -{{- $customArgs := list -}} -{{- $args := list "--maxpeers" .Values.maxPeers "--cache" .Values.cache -}} -{{- $args = concat $args (list "--syncmode" .Values.syncMode "--pprof" "--pprof.addr=0.0.0.0") -}} -{{- $args = concat $args (list "--pprof.port=6060" "--metrics" "--http" "--http.api" .Values.http.api) -}} -{{- $args = concat $args (list "--http.addr" "0.0.0.0" "--http.port" .Values.http.port "--http.vhosts" .Values.http.vhosts) -}} -{{- $args = concat $args (list "--http.corsdomain" "*" "--ws" "--ws.addr" "0.0.0.0" "--ws.port" .Values.ws.port) -}} -{{- $args = concat $args (list "--ws.api" .Values.ws.api "--ws.origins" .Values.ws.origins) -}} -{{- $args = concat $args (list "--port" .Values.p2p.port "--discovery.port" .Values.p2p.discoveryPort) -}} -{{- if .Values.authrpc.enabled }} -{{- $args = concat $args (list "--authrpc.addr=0.0.0.0" "--authrpc.port" .Values.authrpc.port ) -}} -{{- $args = concat $args (list "--authrpc.vhosts" .Values.authrpc.vhosts ) -}} -{{- $args = concat $args (list "--authrpc.jwtsecret" .Values.authrpc.jwtpath ) -}} -{{- end -}} -{{- if .Values.p2p.nat }} -{{- $args = concat $args (list "--nat" .Values.p2p.nat ) -}} +{{- define "geth.selectorLabels" -}} +app.kubernetes.io/name: {{ include "geth.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 0 }} {{- end }} -{{- if .Values.maxPendPeers }} -{{- $args = concat $args (list "--maxpendpeers" .Values.maxPendPeers) -}} {{- end }} -{{- range $testnet := list "ropsten" "rinkeby" "goerli" -}} - {{- if eq ($testnet | get $.Values | toString) "true" -}} - {{- $args = prepend $args ($testnet | printf "--%s") -}} - {{- end -}} -{{- end -}} - -{{- range $k, $v := .Values.customArgs -}} - {{- $customArgs = concat $customArgs (list ($k | printf "--%s") $v) -}} -{{- end -}} - -{{- $mode := "snapshot" | get .Values | toString -}} -{{- if eq $mode "true" -}} - {{- $args = append $args "--snapshot" -}} -{{- else if eq $mode "false" -}} - {{- $args = append $args "--snapshot=false" -}} -{{- end -}} - -{{- concat $args $customArgs | compact | toStrings | toYaml -}} +{{/* +Create the name of the service account to use +*/}} +{{- define "geth.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "geth.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} +{{/* +Toml list generation +*/}} +{{- define "geth.tomlList" -}} +{{- print "[" }} +{{- range $idx, $element := . }} + {{- if $idx }}, {{ end }} + {{- $element | quote }} {{- end -}} +{{ print "]" -}} +{{- end }} \ No newline at end of file diff --git a/dysnix/geth/templates/configmap-scripts.yaml b/dysnix/geth/templates/configmap-scripts.yaml new file mode 100644 index 00000000..c94717a4 --- /dev/null +++ b/dysnix/geth/templates/configmap-scripts.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "geth.fullname" . }}-scripts + labels: + {{- include "geth.labels" . | nindent 4 }} +data: + check-readiness.sh: |- + {{- include (print $.Template.BasePath "/scripts/_check-readiness.tpl") . | nindent 4 }} diff --git a/dysnix/geth/templates/configmap.yaml b/dysnix/geth/templates/configmap.yaml new file mode 100644 index 00000000..c3f1d5c0 --- /dev/null +++ b/dysnix/geth/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "geth.fullname" . }}-config + labels: + {{- include "geth.labels" . | nindent 4 }} +data: + config.toml: |- + {{- include (print $.Template.BasePath "/_config.tpl") . | nindent 4 }} diff --git a/dysnix/geth/templates/hpa.yaml b/dysnix/geth/templates/hpa.yaml deleted file mode 100644 index 64065727..00000000 --- a/dysnix/geth/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v1beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "geth.fullname" . }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: StatefulSet - name: {{ template "geth.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/dysnix/geth/templates/ingress-http.yaml b/dysnix/geth/templates/ingress-http.yaml new file mode 100644 index 00000000..ae196b71 --- /dev/null +++ b/dysnix/geth/templates/ingress-http.yaml @@ -0,0 +1,61 @@ +{{- if and .Values.services.rpc.enabled .Values.ingress.http.enabled -}} +{{- $fullName := include "geth.fullname" . -}} +{{- $svcPort := .Values.services.rpc.httpPort -}} +{{- if and .Values.ingress.http.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.http.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.http.annotations "kubernetes.io/ingress.class" .Values.ingress.http.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-http + labels: + {{- include "geth.labels" . | nindent 4 }} + {{- with .Values.ingress.http.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.http.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.http.className }} + {{- end }} + {{- if .Values.ingress.http.tls }} + tls: + {{- range .Values.ingress.http.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.http.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rpc + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rpc + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/dysnix/geth/templates/ingress-rpc.yaml b/dysnix/geth/templates/ingress-rpc.yaml deleted file mode 100644 index 71db45ab..00000000 --- a/dysnix/geth/templates/ingress-rpc.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- $fullName := include "geth.fullname" . -}} -{{- $svcProxyPort := ternary .Values.proxy.http.port .Values.http.port .Values.proxy.enabled -}} -{{- $svcPort := .Values.http.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - {{- if .Values.ingress.certmanagerClusterIssuer }} - cert-manager.io/cluster-issuer: {{ .Values.ingress.certmanagerClusterIssuer }} - {{- end }} - {{- with .Values.ingress.rpc.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app: {{ template "geth.name" . }} - chart: {{ template "geth.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ template "geth.fullname" . }}-geth-rpc -spec: - {{- if (or .Values.ingress.class .Values.ingress.rpc.class) }} - ingressClassName: {{ coalesce .Values.ingress.rpc.class .Values.ingress.class }} - {{- end }} - rules: - {{- range .Values.ingress.rpc.proxyHosts }} - - host: {{ . | quote }} - http: - paths: - - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcProxyPort }} - path: / - pathType: Prefix - {{- end }} - {{- range .Values.ingress.rpc.hosts }} - - host: {{ . | quote }} - http: - paths: - - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - path: / - pathType: Prefix - {{- end }} - tls: - - hosts: - {{- range .Values.ingress.rpc.proxyHosts }} - - {{ . | quote }} - {{- end }} - {{- range .Values.ingress.rpc.hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ $fullName }}-rpc-tls -{{- end }} diff --git a/dysnix/geth/templates/ingress-ws.yaml b/dysnix/geth/templates/ingress-ws.yaml index 271bfc39..c14ca51e 100644 --- a/dysnix/geth/templates/ingress-ws.yaml +++ b/dysnix/geth/templates/ingress-ws.yaml @@ -1,59 +1,61 @@ -{{- if .Values.ingress.enabled }} +{{- if and .Values.services.rpc.enabled .Values.ingress.ws.enabled -}} {{- $fullName := include "geth.fullname" . -}} -{{- $svcProxyPort := ternary .Values.proxy.ws.port .Values.ws.port .Values.proxy.enabled -}} -{{- $svcPort := .Values.ws.port -}} +{{- $svcPort := .Values.services.rpc.wsPort -}} +{{- if and .Values.ingress.ws.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.ws.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.ws.annotations "kubernetes.io/ingress.class" .Values.ingress.ws.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: + name: {{ $fullName }}-ws + labels: + {{- include "geth.labels" . | nindent 4 }} + {{- with .Values.ingress.ws.annotations }} annotations: - {{- if .Values.ingress.certmanagerClusterIssuer }} - cert-manager.io/cluster-issuer: {{ .Values.ingress.certmanagerClusterIssuer }} - {{- end }} - {{- with .Values.ingress.ws.annotations }} {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app: {{ template "geth.name" . }} - chart: {{ template "geth.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ template "geth.fullname" . }}-geth-ws -spec: - {{- if (or .Values.ingress.class .Values.ingress.ws.class) }} - ingressClassName: {{ coalesce .Values.ingress.ws.class .Values.ingress.class }} - {{- end }} - rules: - {{- range .Values.ingress.ws.proxyHosts }} - - host: {{ . | quote }} - http: - paths: - - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcProxyPort }} - path: / - pathType: Prefix {{- end }} - {{- range .Values.ingress.ws.hosts }} - - host: {{ . | quote }} - http: - paths: - - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - path: / - pathType: Prefix +spec: + {{- if and .Values.ingress.ws.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.ws.className }} {{- end }} + {{- if .Values.ingress.ws.tls }} tls: - - hosts: - {{- range .Values.ingress.ws.proxyHosts }} - - {{ . | quote }} + {{- range .Values.ingress.ws.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} {{- end }} + {{- end }} + rules: {{- range .Values.ingress.ws.hosts }} - - {{ . | quote }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rpc + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rpc + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} {{- end }} - secretName: {{ $fullName }}-ws-tls {{- end }} diff --git a/dysnix/geth/templates/scripts/_check-readiness.tpl b/dysnix/geth/templates/scripts/_check-readiness.tpl new file mode 100644 index 00000000..4209e71a --- /dev/null +++ b/dysnix/geth/templates/scripts/_check-readiness.tpl @@ -0,0 +1,20 @@ +#!/usr/bin/env sh +set -e + +# Retrieving latest block timestamp +get_block_timestamp() { + geth attach --exec "eth.getBlock(eth.blockNumber).timestamp" +} + +if [ -z $1 ]; then + echo "Usage: $0 {allowed-block-gap-in-seconds}" && exit 1 +fi + +allowed_gap=$1 +current_gap=$(expr $(date +%s) - $(get_block_timestamp)) + +if [ $current_gap -le $allowed_gap ]; then + exit 0 +else + echo "Current block timestamp gap ($current_gap) is higher than allowed ($allowed_gap)" && exit 1 +fi \ No newline at end of file diff --git a/dysnix/geth/templates/secret.yaml b/dysnix/geth/templates/secret.yaml index 1ee05306..e319cbeb 100644 --- a/dysnix/geth/templates/secret.yaml +++ b/dysnix/geth/templates/secret.yaml @@ -1,10 +1,8 @@ -{{- if .Values.authrpc.jwtsecret }} apiVersion: v1 kind: Secret metadata: - name: {{ template "geth.fullname" }}-jwt -type: Opaque -stringData: - jwt.hex: | - {{ .Values.authrpc.jwtsecret }} -{{- end }} + name: {{ include "geth.fullname" . }} + labels: + {{- include "geth.labels" . | nindent 4 }} +data: + jwt.hex: {{ .Values.config.jwt | b64enc | quote }} diff --git a/dysnix/geth/templates/service-authrpc.yaml b/dysnix/geth/templates/service-authrpc.yaml new file mode 100644 index 00000000..a48a0c1f --- /dev/null +++ b/dysnix/geth/templates/service-authrpc.yaml @@ -0,0 +1,34 @@ +{{- if .Values.services.authrpc.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "geth.fullname" . }}-authrpc + {{- if .Values.services.authrpc.annotations }} + annotations: + {{- .Values.services.authrpc.annotations | nindent 4 }} + {{- end }} + labels: + service-type: authrpc + {{- include "geth.labels" . | nindent 4 }} +spec: + type: {{ .Values.services.authrpc.type }} + {{- with .Values.services.authrpc.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.services.authrpc.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .Values.services.authrpc.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .Values.services.authrpc.internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: authrpc + port: {{ .Values.services.authrpc.port }} + targetPort: authrpc + selector: + {{- include "geth.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/geth/templates/service-metrics.yaml b/dysnix/geth/templates/service-metrics.yaml new file mode 100644 index 00000000..c077fdfc --- /dev/null +++ b/dysnix/geth/templates/service-metrics.yaml @@ -0,0 +1,34 @@ +{{- if .Values.services.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "geth.fullname" . }}-metrics + {{- if .Values.services.metrics.annotations }} + annotations: + {{- .Values.services.metrics.annotations | nindent 4 }} + {{- end }} + labels: + service-type: metrics + {{- include "geth.labels" . | nindent 4 }} +spec: + type: {{ .Values.services.metrics.type }} + {{- with .Values.services.metrics.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.services.metrics.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .Values.services.metrics.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .Values.services.metrics.internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: metrics + port: {{ .Values.services.metrics.port }} + targetPort: metrics + selector: + {{- include "geth.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/geth/templates/service-p2p.yaml b/dysnix/geth/templates/service-p2p.yaml new file mode 100644 index 00000000..8fa690bb --- /dev/null +++ b/dysnix/geth/templates/service-p2p.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.services.p2p.enabled (not .Values.config.node.p2p.useHostPort) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "geth.fullname" . }}-p2p + {{- if .Values.services.p2p.annotations }} + annotations: + {{- .Values.services.p2p.annotations | nindent 4 }} + {{- end }} + labels: + service-type: p2p + {{- include "geth.labels" . | nindent 4 }} +spec: + type: {{ .Values.services.p2p.type }} + {{- with .Values.services.p2p.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.services.p2p.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .Values.services.p2p.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .Values.services.p2p.internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: p2p-tcp + port: {{ .Values.services.p2p.port }} + targetPort: p2p-tcp + protocol: TCP + {{- with .Values.services.p2p.nodePort }} + nodePort: {{ . }} + {{- end }} + - name: p2p-udp + port: {{ .Values.services.p2p.port }} + targetPort: p2p-udp + protocol: UDP + {{- with .Values.services.p2p.nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "geth.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/geth/templates/service-rpc.yaml b/dysnix/geth/templates/service-rpc.yaml new file mode 100644 index 00000000..8e7f64f6 --- /dev/null +++ b/dysnix/geth/templates/service-rpc.yaml @@ -0,0 +1,41 @@ +{{- if .Values.services.rpc.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "geth.fullname" . }}-rpc + {{- if .Values.services.rpc.annotations }} + annotations: + {{- .Values.services.rpc.annotations | nindent 4 }} + {{- end }} + labels: + service-type: rpc + {{- include "geth.labels" . | nindent 4 }} +spec: + type: {{ .Values.services.rpc.type }} + {{- with .Values.services.rpc.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.services.rpc.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .Values.services.rpc.externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .Values.services.rpc.internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .Values.services.rpc.publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: http + port: {{ .Values.services.rpc.httpPort }} + targetPort: http + {{- if .Values.config.node.ws.enabled }} + - name: ws + port: {{ .Values.services.rpc.wsPort }} + targetPort: ws + {{- end }} + selector: + {{- include "geth.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/geth/templates/serviceaccount.yaml b/dysnix/geth/templates/serviceaccount.yaml new file mode 100644 index 00000000..bb28f09f --- /dev/null +++ b/dysnix/geth/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "geth.serviceAccountName" . }} + labels: + {{- include "geth.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/dysnix/geth/templates/servicemonitor.yaml b/dysnix/geth/templates/servicemonitor.yaml index 3dbdbf08..bbdb0895 100644 --- a/dysnix/geth/templates/servicemonitor.yaml +++ b/dysnix/geth/templates/servicemonitor.yaml @@ -1,31 +1,22 @@ -{{- if .Values.serviceMonitor.enabled }} +{{- if and .Values.config.metrics.enabled .Values.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "geth.fullname" . }} labels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "geth.labels" . | nindent 4 }} spec: selector: matchLabels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} + type: metrics + {{- include "geth.selectorLabels" . | nindent 6 }} endpoints: - - port: monitoring + - port: metrics path: /debug/metrics/prometheus - interval: {{ .Values.serviceMonitor.interval }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - honorLabels: {{ .Values.serviceMonitor.honorLabels }} - {{- if .Values.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.serviceMonitor.metricRelabelings }} - {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 8 }} + {{- with (omit .Values.serviceMonitor "enabled") }} + {{- toYaml . | nindent 6 }} {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/dysnix/geth/templates/statefulset.yaml b/dysnix/geth/templates/statefulset.yaml index 5960f9a4..f0898273 100644 --- a/dysnix/geth/templates/statefulset.yaml +++ b/dysnix/geth/templates/statefulset.yaml @@ -1,25 +1,32 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ template "geth.fullname" . }} + name: {{ include "geth.fullname" . }} labels: - app: {{ template "geth.name" . }} - chart: {{ template "geth.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "geth.labels" . | nindent 4 }} spec: serviceName: {{ template "geth.name" . }} + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} + {{- include "geth.selectorLabels" . | nindent 6 }} template: metadata: + annotations: labels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} - {{- include "geth.statefulset.annotations" . | nindent 8 }} + {{- include "geth.selectorLabels" . | nindent 8 }} spec: + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "geth.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -32,75 +39,70 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - initContainers: - - name: remove-lock - command: - - rm - - -f - - /root/.ethereum/geth/LOCK - image: busybox - imagePullPolicy: IfNotPresent - volumeMounts: - - name: data - mountPath: /root - {{- if .Values.init.removeNodeKey }} - - name: remove-nodekey - command: - - rm - - -f - - /root/.ethereum/geth/nodekey - image: busybox - imagePullPolicy: IfNotPresent - volumeMounts: - - name: data - mountPath: /root - {{- end }} containers: - {{- if .Values.proxy.enabled }} - - name: {{ template "geth.fullname" . }}-proxy - image: "{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy | quote }} - ports: - - name: proxy-rpc - containerPort: {{ .Values.proxy.http.port }} - - name: proxy-ws - containerPort: {{ .Values.proxy.ws.port }} - env: - - name: OTP_SECRET - value: {{ .Values.proxy.otpSecret | quote }} - {{- end }} - - name: {{ template "geth.fullname" . }} + - name: geth image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: ["/usr/local/bin/geth"] - args: {{- include "geth.args" . | nindent 10 }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.command }} + command: + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + args: + {{- with .Values.config.eth.network }} + - --{{ . }} + {{- end }} + - --config=/config/config.toml + {{- with .Values.config.node.p2p.nat }} + - --nat={{ . }} + {{- end }} + {{- with .Values.config.cache }} + - --cache={{ . }} + {{- end }} + - --verbosity={{ .Values.config.verbosity }} + {{- with .Values.config.vmodule }} + - --log.vmodule={{ join "," . }} + {{- end }} + {{- with .Values.extraArgs }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} ports: - - name: rpc - containerPort: {{ .Values.http.port }} + - name: http + containerPort: {{ .Values.config.node.http.port }} + - name: authrpc + containerPort: {{ .Values.config.node.authrpc.port }} + {{- if .Values.config.node.ws.enabled }} - name: ws - containerPort: {{ .Values.ws.port }} - - name: monitoring - containerPort: 6060 - - name: p2p - containerPort: {{ .Values.p2p.port }} - {{- if .Values.p2p.useHostPort }} - hostPort: {{ .Values.p2p.port }} + containerPort: {{ .Values.config.node.ws.port }} + {{- end }} + {{- if .Values.config.metrics.enabled }} + - name: metrics + containerPort: {{ .Values.config.metrics.port }} + {{- end }} + - name: p2p-tcp + containerPort: {{ .Values.config.node.p2p.port }} + {{- if .Values.config.node.p2p.useHostPort }} + hostPort: {{ .Values.config.node.p2p.port }} {{- end }} protocol: TCP - - name: p2p-discovery - containerPort: {{ .Values.p2p.discoveryPort }} - {{- if .Values.p2p.useHostPort }} - hostPort: {{ .Values.p2p.discoveryPort }} + - name: p2p-udp + containerPort: {{ .Values.config.node.p2p.port }} + {{- if .Values.config.node.p2p.useHostPort }} + hostPort: {{ .Values.config.node.p2p.port }} {{- end }} protocol: UDP - {{- if .Values.authrpc.enabled }} - - name: authrpc - containerPort: {{ .Values.authrpc.port }} - {{- end }} + volumeMounts: + - name: config + mountPath: /config + - name: data + mountPath: /root/.ethereum + - name: secrets + mountPath: /secrets + - name: env + mountPath: /env {{- if .Values.livenessProbe.enabled }} livenessProbe: {{- if and .Values.livenessProbe.exec (kindIs "string" .Values.livenessProbe.exec.command) }} @@ -123,39 +125,47 @@ spec: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 10 }} {{- end }} {{- end }} - volumeMounts: - - name: data - mountPath: /root - {{- if .Values.authrpc.enabled }} - - name: jwtsecret - mountPath: /root/jwt - readOnly: true - {{- end }} resources: {{- toYaml .Values.resources | nindent 10 }} - {{- if .Values.authrpc.enabled }} volumes: - - name: jwtsecret - secret: - secretName: "{{ .Release.Name }}-jwt" + - name: env + emptyDir: {} + - name: secrets + secret: + secretName: {{ template "geth.fullname" . }} + - name: scripts + configMap: + name: {{ template "geth.fullname" . }}-scripts + - name: config + configMap: + name: {{ template "geth.fullname" . }}-config + {{- if eq .Values.persistence.type "hostPath" }} + - name: data + hostPath: + path: {{ .Values.persistence.hostPath.path }} + type: {{ .Values.persistence.hostPath.type }} {{- end }} + {{- if eq .Values.persistence.type "pvc" }} volumeClaimTemplates: - metadata: name: data - annotations: - "helm.sh/resource-policy": keep labels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} - {{- if .Values.persistence.snapshotValue }} - snapshot: {{ .Values.persistence.snapshotValue }} - {{- end }} + {{- include "geth.selectorLabels" . | nindent 8 }} + {{- with .Values.persistence.pvc.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: accessModes: - - "ReadWriteOnce" - {{- if .Values.persistence.storageClassName }} - storageClassName: {{ .Values.persistence.storageClassName | quote }} + - {{ .Values.persistence.pvc.accessMode }} + {{- if .Values.persistence.pvc.storageClass }} + {{- if eq .Values.persistence.pvc.storageClass "-" }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.pvc.storageClass | quote }} + {{- end }} {{- end }} resources: requests: - storage: {{ .Values.persistence.size | quote }} + storage: {{ .Values.persistence.pvc.size | quote }} + {{- end }} diff --git a/dysnix/geth/templates/svc-p2p.yaml b/dysnix/geth/templates/svc-p2p.yaml deleted file mode 100644 index 8278facb..00000000 --- a/dysnix/geth/templates/svc-p2p.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.p2p.service.enabled (not .Values.p2p.useHostPort) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "geth.fullname" . }}-p2p - {{- if .Values.p2p.service.annotations }} - annotations: - {{- .Values.p2p.service.annotations | nindent 4 }} - {{- end }} - labels: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.p2p.service.type }} - {{- if .Values.p2p.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.p2p.service.loadBalancerIP }} - {{- end }} - ports: - - name: p2p-discovery - port: {{ .Values.p2p.discoveryPort }} - targetPort: p2p-discovery - protocol: UDP - {{- if .Values.p2p.service.discoveryNodePort }} - nodePort: {{ .Values.p2p.service.discoveryNodePort }} - {{- end }} - - name: p2p-tcp - port: {{ .Values.p2p.port }} - targetPort: p2p-tcp - protocol: TCP - {{- if .Values.p2p.service.nodePort }} - nodePort: {{ .Values.p2p.service.nodePort }} - {{- end }} - selector: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/dysnix/geth/templates/svc.yaml b/dysnix/geth/templates/svc.yaml deleted file mode 100644 index a902504b..00000000 --- a/dysnix/geth/templates/svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "geth.fullname" . }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app: {{ template "geth.name" . }} - chart: {{ template "geth.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - name: rpc - port: {{ .Values.http.port }} - targetPort: rpc - - name: ws - port: {{ .Values.ws.port }} - targetPort: ws - {{- if .Values.authrpc.enabled }} - - name: authrpc - port: {{ .Values.authrpc.port }} - targetPort: authrpc - {{- end }} - {{- if .Values.proxy.enabled }} - - name: proxy-rpc - port: {{ .Values.proxy.http.port }} - targetPort: proxy-rpc - - name: proxy-ws - port: {{ .Values.proxy.ws.port }} - targetPort: proxy-ws - {{- end }} - - name: monitoring - port: 6060 - targetPort: monitoring - selector: - app: {{ template "geth.name" . }} - release: {{ .Release.Name }} diff --git a/dysnix/geth/values.yaml b/dysnix/geth/values.yaml index 5f6cd262..904045a5 100644 --- a/dysnix/geth/values.yaml +++ b/dysnix/geth/values.yaml @@ -1,106 +1,119 @@ image: - repository: "ethereum/client-go" - ## AppVersion is used when not set - # tag: "" + repository: ethereum/client-go pullPolicy: IfNotPresent + tag: "" imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -init: - removeNodeKey: false - -proxy: - enabled: false - http: - port: 9545 - ws: - port: 9546 - otpSecret: "" - image: - pullPolicy: IfNotPresent - repository: dysnix/protected-proxy - tag: latest - -p2p: - service: - enabled: false - # can be NodePort or LoadBalancer - type: LoadBalancer - loadBalancerIP: "" - nodePort: "" - discoveryNodePort: "" - discoveryPort: 30303 - port: 30303 - # improves p2p connection if autodetection fails. i.e., nat: "extip:1.2.3.4" - nat: "" - # if specified, hostPort will be allocated instead of creating k8s service - useHostPort: false - -http: - port: 8545 - api: "net,eth,personal,web3" - vhosts: "*" -ws: - port: 8546 - api: "net,eth,personal,web3" - origins: "*" -authrpc: - enabled: false - port: 8551 - # Use a utility like OpenSSL to create the token via command: openssl rand -hex 32 | tr -d "\n" > "jwt.hex". - jwtsecret: "" - jwtpath: /root/jwt/jwt.hex - vhosts: "*" - -networkId: 1 -ropsten: false -rinkeby: false -goerli: false - -## Snapshot database mode (if not set, not passed) -## true/false -# snapshot: -syncMode: "snap" - -maxPeers: 50 -maxPendPeers: 0 -cache: 4096 -customArgs: {} - -service: - type: ClusterIP +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-internal: ... + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +updateStrategy: + type: RollingUpdate + +terminationGracePeriodSeconds: 300 + +podLabels: {} + # environment: production + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +## Override geth container command (can be templated) +command: [] + +## Extra container arguments (can be templated) +extraArgs: [] + +## Services config +services: + p2p: + enabled: true + type: NodePort + loadBalancerIP: "" # you may want to set .Values.config.node.p2p.nat if you are behind NAT + port: 30303 + # nodePort: 30303 + rpc: + enabled: true + type: ClusterIP + httpPort: 8545 + wsPort: 8546 + metrics: + enabled: false + type: ClusterIP + port: 6060 + authrpc: + enabled: true + type: ClusterIP + port: 8551 ingress: - certmanagerClusterIssuer: "" - class: nginx - enabled: false - rpc: - annotations: - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, PATCH, OPTIONS, DELETE" - nginx.ingress.kubernetes.io/cors-allow-origin: "*" - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/session-cookie-change-on-failure: "true" - nginx.ingress.kubernetes.io/session-cookie-expires: "172800" - nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" - nginx.ingress.kubernetes.io/session-cookie-name: route - proxyHosts: - - rpc.example.com - hosts: - - secret-rpc.example.com + http: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: [] + # - host: geth.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: geth-tls + # hosts: + # - geth.local ws: - annotations: [] - proxyHosts: - - ws.example.com + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - - secret-ws.example.com + # - host: geth-ws.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: geth-ws-tls + # hosts: + # - geth-ws.local persistence: - # snapshotValue: "" - size: 400Gi - # storageClassName: + type: pvc + # type: hostPath + pvc: + size: 900Gi # starting point for snap-synced node as of 2023-09 + accessMode: ReadWriteOnce + storageClass: "" # set to "-" if you want to manually create persistent volume + annotations: {} + hostPath: + path: /data/geth + type: Directory # by default you need to create directory yourself + +affinity: {} + +nodeSelector: {} + +tolerations: [] resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -108,57 +121,96 @@ resources: {} # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: - # cpu: 1000m - # memory: 2000Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 1000m - # memory: 2000Mi + # cpu: 100m + # memory: 128Mi -## Autoscaling parameters -## -autoscaling: +# Create Prometheus Operator serviceMonitor +serviceMonitor: enabled: false - # minReplicas: 1 - # maxReplicas: 10 - # targetCPU: 50 - # targetMemory: 50 - + # interval: 10s + # scrapeTimeout: 2s + # honorLabels: true + # relabelings: [] + # metricRelabelings: [] + +# Assume that node is stuck if it's lag is more than 300 seconds. +# .livenessProbe.exec.command can also be in a templated string format livenessProbe: enabled: false initialDelaySeconds: 120 periodSeconds: 60 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 15 + timeoutSeconds: 10 exec: - command: | + command: - sh - - -c - - "echo -e 'POST / HTTP/1.1\nHost: localhost:{{ .Values.http.port }}\nUser-Agent: curl/7.61.1\nAccept: */*\nContent-Type: application/json\nContent-Length: 60\n\n{\"jsonrpc\":\"2.0\",\"method\":\"net_version\",\"params\":[],\"id\":67}' | nc localhost {{ .Values.http.port }} | grep -q 'HTTP/1.1 200 OK' && echo -e 'GET / HTTP/1.1\nHost: localhost:{{ .Values.ws.port }}\nUpgrade: websocket\nConnection: Upgrade\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\nSec-WebSocket-Version: 13\n' | nc localhost {{ .Values.ws.port }} | grep -q 'HTTP/1.1 101'" + - /scripts/check-readiness.sh + - "300" +# Assume that node is not ready to serve traffic if it's lag is more than 60 seconds. +# .readinessProbe.exec.command can also be in a templated string format readinessProbe: enabled: false initialDelaySeconds: 60 - periodSeconds: 60 + periodSeconds: 10 successThreshold: 1 - failureThreshold: 30 - timeoutSeconds: 10 + failureThreshold: 1 + timeoutSeconds: 5 exec: - command: | + command: - sh - - -c - - "geth {{ if .Values.ropsten }} --ropsten {{ end }} {{ if .Values.rinkeby }} --rinkeby {{ end }} attach --exec '!eth.syncing || eth.syncing.highestBlock-eth.syncing.currentBlock < 100' | grep -q true && return 0 || return 1" - -affinity: {} - -nodeSelector: {} - -tolerations: [] - -serviceMonitor: - enabled: false - interval: 30s - scrapeTimeout: 30s - honorLabels: true - relabelings: [] - metricRelabelings: [] + - /scripts/check-readiness.sh + - "60" + +# Main Geth config +config: + jwt: "" + eth: + network: mainnet + syncMode: snap + gcMode: full + txLookupLimit: 2350000 + transactionHistory: 2350000 + stateHistory: 90000 + stateScheme: hash + preimages: false + node: + ipc: + enabled: true + path: geth.ipc + http: + enabled: true + port: 8545 + vhosts: ["*"] + cors: ["*"] + modules: ["eth", "net", "web3"] + authrpc: + port: 8551 + vhosts: ["*"] + ws: + enabled: false + port: 8546 + origins: ["*"] + modules: ["eth", "net", "web3"] + p2p: + useHostPort: false # when true, .Values.services.p2p will be disabled, and hostPort will be allocated + port: 30303 + nat: "" + maxPeers: 50 + noDiscovery: false + bootstrapNodes: ["enode://d860a01f9722d78051619d1e2351aba3f43f943f6f00718d1b9baa4101932a1f5011f16bb2b1bb35db20d6fe28fa0bf09636d26a87d31de9ec6203eeedb1f666@18.138.108.67:30303", "enode://22a8232c3abc76a16ae9d6c3b164f98775fe226f0917b0ca871128a74a8e9630b458460865bab457221f1d448dd9791d24c4e5d88786180ac185df813a68d4de@3.209.45.79:30303", "enode://2b252ab6a1d0f971d9722cb839a42cb81db019ba44c08754628ab4a823487071b5695317c8ccd085219c3a03af063495b2f1da8d18218da2d6a82981b45e6ffc@65.108.70.101:30303", "enode://4aeb4ab6c14b23e2c4cfdce879c04b0748a20d8e9b59e25ded2a08143e265c6c25936e74cbc8e641e3312ca288673d91f2f93f8e277de3cfa444ecdaaf982052@157.90.35.166:30303"] + bootstrapNodesV5: ["enr:-KG4QOtcP9X1FbIMOe17QNMKqDxCpm14jcX5tiOE4_TyMrFqbmhPZHK_ZPG2Gxb1GE2xdtodOfx9-cgvNtxnRyHEmC0ghGV0aDKQ9aX9QgAAAAD__________4JpZIJ2NIJpcIQDE8KdiXNlY3AyNTZrMaEDhpehBDbZjM_L9ek699Y7vhUJ-eAdMyQW_Fil522Y0fODdGNwgiMog3VkcIIjKA", "enr:-KG4QDyytgmE4f7AnvW-ZaUOIi9i79qX4JwjRAiXBZCU65wOfBu-3Nb5I7b_Rmg3KCOcZM_C3y5pg7EBU5XGrcLTduQEhGV0aDKQ9aX9QgAAAAD__________4JpZIJ2NIJpcIQ2_DUbiXNlY3AyNTZrMaEDKnz_-ps3UUOfHWVYaskI5kWYO_vtYMGYCQRAR3gHDouDdGNwgiMog3VkcIIjKA", "enr:-Ku4QImhMc1z8yCiNJ1TyUxdcfNucje3BGwEHzodEZUan8PherEo4sF7pPHPSIB1NNuSg5fZy7qFsjmUKs2ea1Whi0EBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpD1pf1CAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQOVphkDqal4QzPMksc5wnpuC3gvSC8AfbFOnZY_On34wIN1ZHCCIyg", "enr:-Ku4QP2xDnEtUXIjzJ_DhlCRN9SN99RYQPJL92TMlSv7U5C1YnYLjwOQHgZIUXw6c-BvRg2Yc2QsZxxoS_pPRVe0yK8Bh2F0dG5ldHOIAAAAAAAAAACEZXRoMpD1pf1CAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQMeFF5GrS7UZpAH2Ly84aLK-TyvH-dRo0JM1i8yygH50YN1ZHCCJxA", "enr:-Ku4QPp9z1W4tAO8Ber_NQierYaOStqhDqQdOPY3bB3jDgkjcbk6YrEnVYIiCBbTxuar3CzS528d2iE7TdJsrL-dEKoBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpD1pf1CAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQMw5fqqkw2hHC4F5HZZDPsNmPdB1Gi8JPQK7pRc9XHh-oN1ZHCCKvg", "enr:-IS4QLkKqDMy_ExrpOEWa59NiClemOnor-krjp4qoeZwIw2QduPC-q7Kz4u1IOWf3DDbdxqQIgC4fejavBOuUPy-HE4BgmlkgnY0gmlwhCLzAHqJc2VjcDI1NmsxoQLQSJfEAHZApkm5edTCZ_4qps_1k_ub2CxHFxi-gr2JMIN1ZHCCIyg", "enr:-IS4QDAyibHCzYZmIYZCjXwU9BqpotWmv2BsFlIq1V31BwDDMJPFEbox1ijT5c2Ou3kvieOKejxuaCqIcjxBjJ_3j_cBgmlkgnY0gmlwhAMaHiCJc2VjcDI1NmsxoQJIdpj_foZ02MXz4It8xKD7yUHTBx7lVFn3oeRP21KRV4N1ZHCCIyg", "enr:-Ku4QHqVeJ8PPICcWk1vSn_XcSkjOkNiTg6Fmii5j6vUQgvzMc9L1goFnLKgXqBJspJjIsB91LTOleFmyWWrFVATGngBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpC1MD8qAAAAAP__________gmlkgnY0gmlwhAMRHkWJc2VjcDI1NmsxoQKLVXFOhp2uX6jeT0DvvDpPcU8FWMjQdR4wMuORMhpX24N1ZHCCIyg", "enr:-Ku4QG-2_Md3sZIAUebGYT6g0SMskIml77l6yR-M_JXc-UdNHCmHQeOiMLbylPejyJsdAPsTHJyjJB2sYGDLe0dn8uYBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpC1MD8qAAAAAP__________gmlkgnY0gmlwhBLY-NyJc2VjcDI1NmsxoQORcM6e19T1T9gi7jxEZjk_sjVLGFscUNqAY9obgZaxbIN1ZHCCIyg", "enr:-Ku4QPn5eVhcoF1opaFEvg1b6JNFD2rqVkHQ8HApOKK61OIcIXD127bKWgAtbwI7pnxx6cDyk_nI88TrZKQaGMZj0q0Bh2F0dG5ldHOIAAAAAAAAAACEZXRoMpC1MD8qAAAAAP__________gmlkgnY0gmlwhDayLMaJc2VjcDI1NmsxoQK2sBOLGcUb4AwuYzFuAVCaNHA-dy24UuEKkeFNgCVCsIN1ZHCCIyg", "enr:-Ku4QEWzdnVtXc2Q0ZVigfCGggOVB2Vc1ZCPEc6j21NIFLODSJbvNaef1g4PxhPwl_3kax86YPheFUSLXPRs98vvYsoBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpC1MD8qAAAAAP__________gmlkgnY0gmlwhDZBrP2Jc2VjcDI1NmsxoQM6jr8Rb1ktLEsVcKAPa08wCsKUmvoQ8khiOl_SLozf9IN1ZHCCIyg"] + staticNodes: [] + trustedNodes: [] + cache: 4096 + verbosity: 3 + vmodule: [] + # - rpc=5 + metrics: + enabled: false + expensive: false + port: 6060