diff --git a/charts/Deploy.md.yaml b/charts/Deploy.md.yaml new file mode 100644 index 0000000..e12caec --- /dev/null +++ b/charts/Deploy.md.yaml @@ -0,0 +1,73 @@ +#! if sequencer, then +#! 0. + # genesisURL - in chain.yaml + # rollup.json - in chain.yaml +#! 1. NodePort + # opGethAdvertiseTcpPort: 32201 - in values + # opNodeAdvertiseTcpPort: 32221 - in values + #? netRestrictCIDR: 10.0.0.0/8 ?? - in values +#! 2. Only the sequencers are the peers + # sequencersOpGethAddresses: [] - in chain.yaml + # sequencersOpNodeAddresses: [] - in chain.yaml +#! 3. ExternalSecrets + # externalSecretRoleARN - in `environment.yaml` ?? naming convention + # sequencerOpNodeP2PKeySecretName - $chainName-$Namespace dev-hari-sequencer-1-opnode-p2p + # sequencerOpGethP2PKeySecretName - $chainName-$Namespace dev-hari-sequencer-1-opgeth-p2p + # sequencerPrivateKeySecretName - $chainName-$Namespace dev-hari-sequencers-private-key +#! 4. Internal ingress + # securityGroup - in `environment.yaml` + # accessLogsS3 - in `environment.yaml` + # internalDnsZone - in `environment.yaml` +#! 5. replicas =1 + sources: + - repoURL: https://github.com/Soneium/soneium-infra-gitops.git + path: "{{.path.path}}" + targetRevision: stg-infra + helm: + parameters: + - name: environment + value: dev-hari + valuesObject: + #* {{ tpl (printf "values/%s" $valuesFile | $.Files.Get) $ | indent 10 }} + #* sequencer.yaml + sequencer: true + opGethAdvertiseTcpPort: 32201 + opNodeAdvertiseTcpPort: 32221 + netRestrictCIDR: 10.0.0.0/8 + + externalSecretRoleARN: {{(get .Values .cluster.argoCluster).sequencer-1.externalSecretRoleARN}} + securityGroup: {{(get .Values .cluster.argoCluster).securityGroup}} + accessLogsS3: {{(get .Values .cluster.argoCluster).accessLogsS3}} + internalDnsZone: {{(get .Values .cluster.argoCluster).internalDnsZone}} + + + + + # The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example. + region: {{(get .Values .cluster.argoCluster).eksRegion}} + + valueFiles: + - $values/$ENV/chain.yaml + - $values/$ENV/environment.yaml + - repoURL: https://github.com/Soneium/soneium-infra-gitops.git + targetRevision: stg-infra + ref: values + + + + +#! If Peer +#! 1. LoadBalancer service + # nlbSubnetPrefix: subnets preffix - in `environment.yaml` + # eip list - in `environment.yaml` + # securityGroup - in `environment.yaml` +#! 2. Sequencer URL ??? any or active ??? + # sequencer rpc URL (only if snap ???) +#! 3. ExternalSecrets + # extSecretRoleARN - can get secrets of any peer + # p2pKeySecretPrefix - just chain name (dev-hari-....) +#? 4. Ingress + # securityGroup - in `environment.yaml` + # accessLogsS3 - in `environment.yaml` + #? internalDnsZone - in `environment.yaml` +#! 5. replicas >1 diff --git a/charts/hari-values.yaml b/charts/hari-values.yaml new file mode 100644 index 0000000..4965263 --- /dev/null +++ b/charts/hari-values.yaml @@ -0,0 +1,59 @@ +#* L1 connection +l1RpcUrl: https://sepolia-execution.dev.hypersonicl2.com +l1BeaconUrl: https://sepolia-beacon.dev.hypersonicl2.com +l1RpcKind: any + +#* Chain definition +genesisUrl: https://shared-assets.astar.network/files/tools/tmp/hari/genesis.json +l2NetworkId: "8745126" +rollup.json: | + { + "genesis": { + "l1": { + "hash": "0x9c2b802c06c3ddd448f4b622a1743d6920a4fd6ce6b81fabe7de281aa241890f", + "number": 6975613 + }, + "l2": { + "hash": "0xf3d7134f24d92265902ef529ba9953fe247a42fc44c308a6ca5b5c241301e4c7", + "number": 0 + }, + "l2_time": 1730278668, + "system_config": { + "batcherAddr": "0xde626d10edea9d4fadb787d999d01c568e4e27fa", + "overhead": "0x00000000000000000000000000000000000000000000000000000000000000bc", + "scalar": "0x00000000000000000000000000000000000000000000000000000000000a6fe0", + "gasLimit": 30000000 + } + }, + "block_time": 2, + "max_sequencer_drift": 1800, + "seq_window_size": 3600, + "channel_timeout": 300, + "l1_chain_id": 11155111, + "l2_chain_id": 8745126, + "regolith_time": 0, + "canyon_time": 0, + "delta_time": 0, + "ecotone_time": 0, + "batch_inbox_address": "0x002b8c9f5613113ce88307a950922aedef77928e", + "deposit_contract_address": "0x74b46e5ba71652a61339fb08befa12c4f0e093f2", + "l1_system_config_address": "0xd22b89326b2bf532aa4252f751bb139bb526a3a0", + "protocol_versions_address": "0x0000000000000000000000000000000000000000" + } + + +# #* Secrets and external secret role +# saExternalSecretRole: arn:aws:iam::239376465783:role/dev-hari-eks-seq-external-secret +#* LB configuration +internalDnsZone: hari.dev.hypersonicl2.internal + +#* P2P configuration +sequencerOpGethAddresses: + - enode://df502c2b2d1672a26180f8d53441497ff8e38913b974288a9a9388dc8b1bf90f7b386662ff5013512448eae44085604d44729cabe6143f379c324a9bf1e18b0b@seq-1.hari.dev.hypersonicl2.internal:32201 + - enode://b79ecf81c88536cae795b6bdaf0969fb0a1c583ad437f0930ded3a5e3b76a80e4eb807f24bcad1024ebf4cd0b8dc9861e44274d5bb3dcc8365a55e1cf0a4286d@seq-2.hari.dev.hypersonicl2.internal:32202 + - enode://222ecf81c88536cae795b6bdaf0969fb0a1c583ad437f0930ded3a5e3b76a80e4eb807f24bcad1024ebf4cd0b8dc9861e44274d5bb3dcc8365a55e1cf0a4286d@seq-3.hari.dev.hypersonicl2.internal:32203 + +sequencerOpNodeAddresses: + - /dns4/seq-1.hari.dev.hypersonicl2.internal/tcp/32221/p2p/16Uiu2HAkvPrtNaazRNdr1zYqJGkS8m6VXYY7Z6Z6dxVYQtegpwXT + - /dns4/seq-2.hari.dev.hypersonicl2.internal/tcp/32222/p2p/16Uiu2HAmRCJHftQFzmK2FjpDkk73uNPeiRjkXMrRH5JTwX9JnwVi + - /dns4/seq-3.hari.dev.hypersonicl2.internal/tcp/32222/p2p/16Uiu2HAuuuJHftQFzmK2FjpDkk73uNPeiRjkXMrRH5JTwX9JnwDD diff --git a/charts/opnode/templates/additional-manifests.yaml b/charts/opnode/templates/additional-manifests.yaml index cd0be91..812b161 100644 --- a/charts/opnode/templates/additional-manifests.yaml +++ b/charts/opnode/templates/additional-manifests.yaml @@ -1,6 +1,5 @@ {{ range .Values.additionalManifests }} --- {{ tpl (toYaml .) $ }} -{{ end }} --- -{{ tpl .Values.additionalYamlManifests $ }} +{{ end }} diff --git a/charts/opnode/templates/service-headless.yaml b/charts/opnode/templates/service-headless.yaml new file mode 100644 index 0000000..4d9c09c --- /dev/null +++ b/charts/opnode/templates/service-headless.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "opnode.fullname" . }} + labels: + {{- include "opnode.labels" . | nindent 4 }} +spec: + selector: + {{- include "opnode.selectorLabels" . | nindent 4 }} + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: opgeth-rpc + targetPort: opgeth- + port: 8545 + protocol: TCP + - name: opgeth-ws + targetPort: opgeth-ws + port: 8546 + protocol: TCP + - name: opgeth-p2p + targetPort: http + port: 30303 + protocol: TCP + - name: opnode-metrics + targetPort: http + port: 7300 + protocol: TCP + + - name: opgeth-discovery + targetPort: http + port: 30304 + protocol: UDP + + - name: opnode-rpc + targetPort: opnode-rpc + port: 9545 + protocol: TCP + - name: opnode-p2p + targetPort: http + port: 9222 + protocol: TCP + - name: opnode-metrics + targetPort: http + port: 7301 + protocol: TCP + + - name: opnode-discovery + targetPort: http + port: 9223 + protocol: UDP + diff --git a/charts/opnode/templates/service-p2p.yaml b/charts/opnode/templates/service-p2p.yaml new file mode 100644 index 0000000..ad321a0 --- /dev/null +++ b/charts/opnode/templates/service-p2p.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "opnode.fullname" . }} + labels: + {{- include "opnode.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: 30303 + targetPort: opgeth-p2p + protocol: TCP + name: opgeth-p2p + - port: 30304 + targetPort: opgeth-discovery + protocol: TCP + name: opgeth-discovery + - port: 30303 + targetPort: opnode-p2p + protocol: TCP + name: opnode-p2p + - port: 30304 + targetPort: opnode-discovery + protocol: TCP + name: opnode-discovery + selector: + {{- include "opnode.selectorLabels" . | nindent 4 }} diff --git a/charts/opnode/templates/service.yaml b/charts/opnode/templates/service-rpc.yaml similarity index 53% rename from charts/opnode/templates/service.yaml rename to charts/opnode/templates/service-rpc.yaml index 3afd20b..ae282a5 100644 --- a/charts/opnode/templates/service.yaml +++ b/charts/opnode/templates/service-rpc.yaml @@ -7,9 +7,17 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: http + - port: 8545 + targetPort: opgeth-rpc protocol: TCP - name: http + name: opgeth-rpc + - port: 8546 + targetPort: opgeth-rpc + protocol: TCP + name: opgeth-rpc + - port: 9545 + targetPort: opnode-rpc + protocol: TCP + name: opnode-rpc selector: {{- include "opnode.selectorLabels" . | nindent 4 }} diff --git a/charts/opnode/templates/statefulset.yaml b/charts/opnode/templates/statefulset.yaml index 2e9b708..eb86129 100644 --- a/charts/opnode/templates/statefulset.yaml +++ b/charts/opnode/templates/statefulset.yaml @@ -12,10 +12,7 @@ spec: {{- include "opnode.selectorLabels" . | nindent 6 }} podManagementPolicy: {{ default "Parallel" .Values.podManagementPolicy }} updateStrategy: - type: {{ default "RollingUpdate" .Values.updateStrategy }} - {{- if (eq "Recreate" (default "RollingUpdate" .Values.updateStrategy)) }} - rollingUpdate: null - {{- end }} + type: RollingUpdate template: metadata: {{- with .Values.podAnnotations }} @@ -30,9 +27,11 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "opnode.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ default 30 .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ default 180 .Values.terminationGracePeriodSeconds}} + {{- with .Values.podSecurityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -51,8 +50,8 @@ spec: {{- end }} initContainers: - name: init-op-geth - image: {{.Values.opgeth.repo}}:{{.Values.opgeth.tag}} - imagePullPolicy: Always + image: {{.Values.opGeth.repo}}:{{.Values.opGeth.tag}} + imagePullPolicy: {{.Values.opGeth.imagePullPolicy}} env: - name: CONFIG_FILE value: /data/config.toml @@ -90,16 +89,23 @@ spec: #* cat the config for visibility cat $CONFIG_FILE volumeMounts: - - name: opnode-data + - name: datadir mountPath: /data {{- with .Values.additionalInitContainers }} {{- toYaml . | nindent 6 }} {{- end }} containers: - name: op-geth - image: "{{ .Values.opGeth.repository }}:{{ .Values.opGeth.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - + image: {{.Values.opGeth.repo}}:{{.Values.opGeth.tag}} + imagePullPolicy: {{.Values.opGeth.imagePullPolicy}} + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + mountSecrets: + - name: opgeth-p2p + mountPath: /opgeth-p2p command: # - sleep # - infinity @@ -117,19 +123,16 @@ spec: - --http.corsdomain=* - --http.port=8545 - --http.vhosts=* - - --ws - - --ws.addr=0.0.0.0 - - --ws.api=web3,debug,eth,txpool,net,engine - - --ws.origins=* - - --ws.port=8546 - --metrics - --metrics.addr=0.0.0.0 - --metrics.port=7300 - - --nat=extip:$(EXTERNAL_IP) + - --nat=extip:$(NODE_IP) - --netrestrict={{.Values.netRestrictCIDR}} - --networkid={{.Values.l2NetworkId}} - --nodekey=/opgeth-p2p/key - --nodiscover=true + - --override.fjord=1729598400 + - --override.granite=1729598400 - --port=30303 - --rollup.disabletxpoolgossip=false - --syncmode=full @@ -137,32 +140,35 @@ spec: - --txpool.journalremotes=false - --txpool.nolocals=true - --verbosity=4 + - --ws + - --ws.addr=0.0.0.0 + - --ws.api=web3,debug,eth,txpool,net,engine + - --ws.origins=* + - --ws.port=8546 ports: - - name: metrics - containerPort: 7300 - - name: rpc - containerPort: 8545 - - name: ws - containerPort: 8546 - - name: p2p - containerPort: 30303 - - name: discovery - containerPort: 30304 + - name: opgeth-metrics + port: 7300 + - name: opgeth-rpc + port: 8545 + - name: opgeth-ws + port: 8546 + - name: opgeth-p2p + port: 30303 + - name: opgeth-discovery + port: 30304 protocol: UDP - # livenessProbe: - # httpGet: - # path: / - # port: http - # readinessProbe: - # httpGet: - # path: / - # port: http resources: {{- toYaml .Values.resources | nindent 12 }} + livenessProbe: + tcpSocket: + port: 8545 + readinessProbe: + tcpSocket: + port: 8545 - name: op-node image: {{.Values.opNode.repo}}:{{.Values.opNode.tag}} - imagePullPolicy: {{ .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.opNode.pullPolicy }} env: - name: EXTERNAL_IP valueFrom: @@ -210,8 +216,6 @@ spec: - --p2p.no-discovery=true {{- end }} - - {{- if .Values.sequencer.privateKeySecret }} - --p2p.sequencer.key=$(SEQUENCER_PRIVATE_KEY) {{- end }} @@ -231,13 +235,13 @@ spec: - --verifier.l1-confs=4 {{- end }} ports: - - name: metrics + - name: opnode-metrics containerPort: 7301 - - name: rpc + - name: opnode-rpc containerPort: 9545 - - name: p2p + - name: opnode-p2p containerPort: 9222 - - name: discovery + - name: opnode-discovery containerPort: 9223 protocol: UDP resources: @@ -251,7 +255,27 @@ spec: # httpGet: # path: /healthz # containerPort: rpc + volumeMounts: + - name: datadir + mountPath: /data + + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir + + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: datadir + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} diff --git a/charts/opnode/values.yaml b/charts/opnode/values.yaml index 8cb813e..5f3debd 100644 --- a/charts/opnode/values.yaml +++ b/charts/opnode/values.yaml @@ -1,33 +1,33 @@ # Default values for opnode. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -op-node: - repository: op-node +opNode: + repo: rrrrr/op-node pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "" -op-geth: - repository: op-geth + tag: latest +opGeth: + repo: rrrrr/op-geth pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: latest -l2NetworkId: -l1BeaconUrl: -l1RpcKind: -l1RpcUrl: standard +persistence: + size: 1700Gi + storageClassName: localpv-hostpath -sequencer: {} - # privateKeySecret: - # netRestrictCIDR: +genesisUrl: genesisUrl +l2NetworkId: 9999999 +rollupJson: rollupJson +l1BeaconUrl: l1BeaconUrl +l1RpcKind: l1RpcKind +l1RpcUrl: l1RpcUrl - -opNodeAdvertiseTcpPort: -opNodeStaticPeers: [] -opGethStaticPeers: [] - -replicaCount: 1 +# sequencer: {} +# # privateKeySecret: +# # netRestrictCIDR: +replicas: 1 imagePullSecrets: [] nameOverride: "" @@ -42,12 +42,16 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +additionalInitContainers: [] + +additionalManifests: [] + podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 -# securityContext: {} +securityContext: {} # # capabilities: # # drop: # # - ALL @@ -55,26 +59,6 @@ podSecurityContext: {} # # runAsNonRoot: true # # runAsUser: 1000 -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -87,8 +71,6 @@ resources: {} # cpu: 100m # memory: 128Mi -additionalInitContainers: [] - nodeSelector: {} tolerations: [] @@ -97,4 +79,23 @@ affinity: {} topologySpreadConstraints: [] -additionalManifests: [] \ No newline at end of file + +# service: +# type: ClusterIP +# port: 80 + +# ingress: +# enabled: false +# className: "" +# annotations: {} +# # kubernetes.io/ingress.class: nginx +# # kubernetes.io/tls-acme: "true" +# hosts: +# - host: chart-example.local +# paths: +# - path: / +# pathType: ImplementationSpecific +# tls: [] +# # - secretName: chart-example-tls +# # hosts: +# # - chart-example.local