diff --git a/templates/helm/templates/blockscout.yaml b/templates/helm/templates/blockscout.yaml index 7f10fa4..ece2ab5 100644 --- a/templates/helm/templates/blockscout.yaml +++ b/templates/helm/templates/blockscout.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: blockscout namespace: {{ .Release.Namespace }} @@ -35,7 +35,7 @@ spec: value: base - name: CHAIN_ID - name: CHAIN_SPEC_PATH - value: /genesis.json + value: {{ .Values.genesis.source }}/genesis.json - name: CHECKSUM_ADDRESS_HASHES value: "true" - name: CHECKSUM_FUNCTION @@ -61,9 +61,9 @@ spec: - name: EMISSION_FORMAT value: DEFAULT - name: ETHEREUM_JSONRPC_HTTP_URL - value: http://sequencer:{{ .Values.sequencer.opGeth.port.rpc }}/ + value: http://node:{{ .Values.node.opGeth.port.rpc }}/ - name: ETHEREUM_JSONRPC_TRACE_URL - value: http://sequencer:{{ .Values.sequencer.opGeth.port.rpc }}/ + value: http://node:{{ .Values.node.opGeth.port.rpc }}/ - name: ETHEREUM_JSONRPC_VARIANT value: geth - name: EXTERNAL_APPS @@ -135,15 +135,6 @@ spec: ports: - containerPort: {{ .Values.blockscout.port }} protocol: TCP - volumeMounts: - - mountPath: /genesis.json - name: genesis-pvc - readOnly: true - volumes: - - name: genesis-pvc - persistentVolumeClaim: - claimName: genesis-pvc - readOnly: true --- @@ -164,7 +155,7 @@ spec: --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: blockscout-postgres namespace: {{ .Release.Namespace }} @@ -195,29 +186,24 @@ spec: protocol: TCP volumeMounts: - mountPath: /var/lib/postgresql/data - name: blockscout-postgres-pvc + name: blockscout-postgres-volume volumes: - - name: blockscout-postgres-pvc + - name: blockscout-postgres-volume persistentVolumeClaim: - claimName: blockscout-postgres-pvc - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: blockscout-postgres-pvc - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.blockscout.db.storage }} - {{- if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} - volumeMode: Filesystem + claimName: blockscout-postgres-volume + volumeClaimTemplates: + - metadata: + name: blockscout-postgres-volume + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.blockscout.db.storage }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} + volumeMode: Filesystem --- diff --git a/templates/helm/templates/env.yaml b/templates/helm/templates/env.yaml index acb9d4f..d51ef7f 100644 --- a/templates/helm/templates/env.yaml +++ b/templates/helm/templates/env.yaml @@ -27,10 +27,10 @@ spec: - extract: {{- if .Values.externalSecret.prefix }} key: {{ .Values.externalSecret.prefix }}/private-keys - {{ else }} + {{- else }} key: {{ $.Release.Namespace }}/{{ $.Release.Name }}/private-keys - {{ end }} -{{ else }} + {{- end }} +{{- else }} apiVersion: v1 kind: Secret metadata: @@ -42,7 +42,7 @@ stringData: PROPOSER_KEY: {{ .Values.env.PROPOSER_KEY }} SEQUENCER_KEY: {{ .Values.env.SEQUENCER_KEY }} type: Opaque -{{ end }} +{{- end }} --- @@ -57,4 +57,4 @@ spec: aws: service: SecretsManager region: us-east-2 -{{ end }} +{{- end }} diff --git a/templates/helm/templates/genesis-pvc.yaml b/templates/helm/templates/genesis-pvc.yaml deleted file mode 100644 index 216bd60..0000000 --- a/templates/helm/templates/genesis-pvc.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: genesis-pvc - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.genesis.volume.storage }} - {{- if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} - volumeMode: Filesystem diff --git a/templates/helm/templates/node.yaml b/templates/helm/templates/node.yaml index db94fbb..7f23a44 100644 --- a/templates/helm/templates/node.yaml +++ b/templates/helm/templates/node.yaml @@ -7,15 +7,32 @@ spec: selector: matchLabels: name: node - replicas: {{ .Values.nodes.replicas }} + replicas: {{ .Values.node.replicas }} template: metadata: labels: name: node spec: initContainers: + - name: fetch-genesis + image: curlimages/curl + command: ["sh", "-c"] + args: + - | + curl -L --remote-name-all $GENESIS_SOURCE/{genesis.json,rollup.json} ; \ + hexdump -vn32 -e'4/4 "%08x"' /dev/urandom > /genesis/jwt.txt + workingDir: /genesis + env: + - name: GENESIS_SOURCE + value: "{{ .Values.genesis.source }}" + volumeMounts: + - mountPath: /genesis + name: genesis-volume + securityContext: + runAsUser: 0 + runAsNonRoot: false - name: genesis-init - image: {{ .Values.nodes.opGeth.image }} + image: {{ .Values.node.opGeth.image }} args: - init - --datadir=/data @@ -24,25 +41,24 @@ spec: - mountPath: /data name: op-geth-volume - mountPath: /genesis - name: genesis-pvc - readOnly: true + name: genesis-volume containers: - name: op-geth - image: {{ .Values.nodes.opGeth.image }} + image: {{ .Values.node.opGeth.image }} args: - --datadir=/data - --http - - --http.port={{ .Values.nodes.opGeth.port.rpc }} + - --http.port={{ .Values.node.opGeth.port.rpc }} - --http.addr=0.0.0.0 - --http.vhosts=* - --http.corsdomain=* - --http.api=web3,debug,eth,txpool,net,engine - --ws - - --ws.port={{ .Values.nodes.opGeth.port.wsrpc }} + - --ws.port={{ .Values.node.opGeth.port.wsrpc }} - --ws.addr=0.0.0.0 - --ws.origins=* - --ws.api=debug,eth,txpool,net,engine - - --authrpc.port={{ .Values.nodes.opGeth.port.authrpc }} + - --authrpc.port={{ .Values.node.opGeth.port.authrpc }} - --authrpc.addr=0.0.0.0 - --authrpc.vhosts=* - --authrpc.jwtsecret=/genesis/jwt.txt @@ -52,17 +68,17 @@ spec: - --maxpeers=0 - --rollup.disabletxpoolgossip=true ports: - - containerPort: {{ .Values.nodes.opGeth.port.rpc }} + - containerPort: {{ .Values.node.opGeth.port.rpc }} protocol: TCP - - containerPort: {{ .Values.nodes.opGeth.port.wsrpc }} + - containerPort: {{ .Values.node.opGeth.port.wsrpc }} protocol: TCP - - containerPort: {{ .Values.nodes.opGeth.port.authrpc }} + - containerPort: {{ .Values.node.opGeth.port.authrpc }} protocol: TCP volumeMounts: - mountPath: /data name: op-geth-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume readOnly: true livenessProbe: exec: @@ -70,10 +86,10 @@ spec: - nc - -z - localhost - - "{{ .Values.nodes.opGeth.port.rpc }}" + - "{{ .Values.node.opGeth.port.rpc }}" periodSeconds: 5 - name: op-node - image: {{ .Values.nodes.opNode.image }} + image: {{ .Values.node.opNode.image }} command: - sh - -c @@ -82,15 +98,14 @@ spec: op-node \ --l1=$(L1_RPC) \ --l1.rpckind=any \ - --l2=http://localhost:{{ .Values.nodes.opGeth.port.authrpc }} \ + --l2=http://localhost:{{ .Values.node.opGeth.port.authrpc }} \ --l2.jwt-secret=/genesis/jwt.txt \ --rollup.config=/genesis/rollup.json \ --rpc.addr=0.0.0.0 \ - --rpc.port={{ .Values.nodes.opNode.port.rpc }} \ + --rpc.port={{ .Values.node.opNode.port.rpc }} \ --rpc.enable-admin \ - --p2p.static="$(cat /genesis/sequencer_multiaddr)" \ --p2p.listen.ip=0.0.0.0 \ - --p2p.listen.tcp={{ .Values.nodes.opNode.port.p2p }} \ + --p2p.listen.tcp={{ .Values.node.opNode.port.p2p }} \ --sequencer.enabled=false \ --verifier.l1-confs=3 \ --log.level=debug @@ -101,17 +116,15 @@ spec: name: env-cm key: L1_RPC ports: - - containerPort: {{ .Values.nodes.opNode.port.rpc }} + - containerPort: {{ .Values.node.opNode.port.rpc }} protocol: TCP - - containerPort: {{ .Values.nodes.opNode.port.p2p }} + - containerPort: {{ .Values.node.opNode.port.p2p }} protocol: TCP - - containerPort: {{ .Values.nodes.opNode.port.p2p }} + - containerPort: {{ .Values.node.opNode.port.p2p }} protocol: UDP volumeMounts: - - mountPath: /data - name: op-node-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume readOnly: true livenessProbe: exec: @@ -119,40 +132,36 @@ spec: - nc - -z - localhost - - "{{ .Values.nodes.opNode.port.rpc }}" + - "{{ .Values.node.opNode.port.rpc }}" periodSeconds: 5 volumes: - - name: genesis-pvc + - name: genesis-volume persistentVolumeClaim: - claimName: genesis-pvc - readOnly: true - - name: predeploy-json-cm - configMap: - name: predeploy-json-cm + claimName: genesis-volume volumeClaimTemplates: - metadata: - name: op-geth-volume + name: genesis-volume spec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.nodes.opGeth.volume.storage }} - {{- if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} + storage: {{ .Values.genesis.volume.storage }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} volumeMode: Filesystem - metadata: - name: op-node-volume + name: op-geth-volume spec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.nodes.opNode.volume.storage }} - {{- if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} + storage: {{ .Values.node.opGeth.volume.storage }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} volumeMode: Filesystem --- @@ -169,23 +178,19 @@ spec: ports: - protocol: TCP name: op-geth-rpc - port: {{ .Values.nodes.opGeth.port.rpc }} - targetPort: {{ .Values.nodes.opGeth.port.rpc }} + port: {{ .Values.node.opGeth.port.rpc }} + targetPort: {{ .Values.node.opGeth.port.rpc }} - protocol: TCP name: op-geth-wsrpc - port: {{ .Values.nodes.opGeth.port.wsrpc }} - targetPort: {{ .Values.nodes.opGeth.port.wsrpc }} - - protocol: TCP - name: op-geth-authrpc - port: {{ .Values.nodes.opGeth.port.authrpc }} - targetPort: {{ .Values.nodes.opGeth.port.authrpc }} + port: {{ .Values.node.opGeth.port.wsrpc }} + targetPort: {{ .Values.node.opGeth.port.wsrpc }} - protocol: TCP name: op-node-rpc - port: {{ .Values.nodes.opNode.port.rpc }} - targetPort: {{ .Values.nodes.opNode.port.rpc }} + port: {{ .Values.node.opNode.port.rpc }} + targetPort: {{ .Values.node.opNode.port.rpc }} - protocol: TCP name: op-node-p2p - port: {{ .Values.nodes.opNode.port.p2p }} + port: {{ .Values.node.opNode.port.p2p }} - protocol: UDP name: op-node-p2p-udp - port: {{ .Values.nodes.opNode.port.p2p }} + port: {{ .Values.node.opNode.port.p2p }} diff --git a/templates/helm/templates/op-batcher.yaml b/templates/helm/templates/op-batcher.yaml index 7d63cb2..17a2bd7 100644 --- a/templates/helm/templates/op-batcher.yaml +++ b/templates/helm/templates/op-batcher.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: op-batcher namespace: {{ .Release.Namespace }} @@ -7,7 +7,7 @@ spec: selector: matchLabels: name: op-batcher - replicas: 1 + replicas: {{ .Values.opBatcher.replicas }} template: metadata: labels: @@ -24,8 +24,8 @@ spec: op-batcher \ --private-key=$(BATCHER_KEY) \ --l1-eth-rpc=$(L1_RPC) \ - --l2-eth-rpc=http://sequencer:{{ .Values.sequencer.opGeth.port.rpc }} \ - --rollup-rpc=http://sequencer:{{ .Values.sequencer.opNode.port.rpc }} \ + --l2-eth-rpc=http://node:{{ .Values.node.opGeth.port.rpc }} \ + --rollup-rpc=http://node:{{ .Values.node.opNode.port.rpc }} \ --rpc.port={{ .Values.opBatcher.port.rpc }} \ --rpc.addr=0.0.0.0 \ --rpc.enable-admin \ diff --git a/templates/helm/templates/op-proposer.yaml b/templates/helm/templates/op-proposer.yaml index b607a90..7795bab 100644 --- a/templates/helm/templates/op-proposer.yaml +++ b/templates/helm/templates/op-proposer.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: op-proposer namespace: {{ .Release.Namespace }} @@ -13,6 +13,22 @@ spec: labels: name: op-proposer spec: + initContainers: + - name: fetch-genesis + image: curlimages/curl + command: ["sh", "-c"] + args: + - curl -L --remote-name-all $GENESIS_SOURCE/L2OutputOracleProxyAddress + workingDir: /genesis + env: + - name: GENESIS_SOURCE + value: "{{ .Values.genesis.source }}" + volumeMounts: + - mountPath: /genesis + name: genesis-volume + securityContext: + runAsUser: 0 + runAsNonRoot: false containers: - name: op-proposer image: {{ .Values.opProposer.image }} @@ -24,7 +40,7 @@ spec: op-proposer \ --private-key=$(PROPOSER_KEY) \ --l1-eth-rpc=$(L1_RPC) \ - --rollup-rpc=http://sequencer:{{ .Values.sequencer.opNode.port.rpc }} \ + --rollup-rpc=http://node:{{ .Values.node.opNode.port.rpc }} \ --rpc.port={{ .Values.opProposer.port.rpc }} \ --l2oo-address=$(cat /genesis/L2OutputOracleProxyAddress) \ --poll-interval=12s @@ -44,10 +60,22 @@ spec: protocol: TCP volumeMounts: - mountPath: /genesis - name: genesis-pvc + name: genesis-volume readOnly: true volumes: - - name: genesis-pvc + - name: genesis-volume persistentVolumeClaim: - claimName: genesis-pvc - readOnly: true + claimName: genesis-volume + volumeClaimTemplates: + - metadata: + name: genesis-volume + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.genesis.volume.storage }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} + volumeMode: Filesystem diff --git a/templates/helm/templates/sequencer.yaml b/templates/helm/templates/sequencer.yaml index 255f9cd..ff1153f 100644 --- a/templates/helm/templates/sequencer.yaml +++ b/templates/helm/templates/sequencer.yaml @@ -7,15 +7,31 @@ spec: selector: matchLabels: name: sequencer - replicas: 1 + replicas: {{ .Values.sequencer.replicas }} template: metadata: labels: name: sequencer spec: initContainers: + {{- if .Values.genesis.source }} + - name: fetch-genesis + image: curlimages/curl + command: ["sh", "-c"] + args: + - | + curl -L --remote-name-all $GENESIS_SOURCE/{genesis.json,rollup.json} ; \ + hexdump -vn32 -e'4/4 "%08x"' /dev/urandom > /genesis/jwt.txt + workingDir: /genesis + env: + - name: GENESIS_SOURCE + value: "{{ .Values.genesis.source }}" + volumeMounts: + - mountPath: /genesis + name: genesis-volume + {{- else }} - name: genesis-deployer - image: {{ .Values.sequencer.genesisDeployer.image }} + image: {{ .Values.genesis.genesisDeployer.image }} env: - name: L1_RPC valueFrom: @@ -49,18 +65,19 @@ spec: key: SEQUENCER_KEY volumeMounts: - mountPath: /data - name: genesis-pvc + name: genesis-volume - name: genesis-init-predeploy image: {{ .Values.sequencer.genesisInitPredeploy.image }} volumeMounts: - mountPath: /data name: op-geth-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume - mountPath: /genesis/predeploy.json name: predeploy-json-cm subPath: predeploy.json readOnly: true + {{- end }} - name: op-node-libp2p-multiaddr image: {{ .Values.sequencer.opNode.image }} command: @@ -82,7 +99,7 @@ spec: - mountPath: /data name: op-node-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume containers: - name: op-geth image: {{ .Values.sequencer.opGeth.image }} @@ -119,7 +136,7 @@ spec: - mountPath: /data name: op-geth-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume readOnly: true livenessProbe: exec: @@ -175,7 +192,7 @@ spec: - mountPath: /data name: op-node-volume - mountPath: /genesis - name: genesis-pvc + name: genesis-volume readOnly: true livenessProbe: exec: @@ -186,13 +203,25 @@ spec: - "{{ .Values.sequencer.opNode.port.rpc }}" periodSeconds: 5 volumes: - - name: genesis-pvc + - name: genesis-volume persistentVolumeClaim: - claimName: genesis-pvc + claimName: genesis-volume - name: predeploy-json-cm configMap: name: predeploy-json-cm volumeClaimTemplates: + - metadata: + name: genesis-volume + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.genesis.volume.storage }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} + volumeMode: Filesystem - metadata: name: op-geth-volume spec: @@ -201,9 +230,9 @@ spec: resources: requests: storage: {{ .Values.sequencer.opGeth.volume.storage }} - {{ if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} + {{ if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} volumeMode: Filesystem - metadata: name: op-node-volume @@ -213,9 +242,9 @@ spec: resources: requests: storage: {{ .Values.sequencer.opNode.volume.storage }} - {{- if .Values.global.storageClassName }} - storageClassName: {{ .Values.global.storageClassName }} - {{ end }} + {{- if .Values.storageClassName }} + storageClassName: {{ .Values.storageClassName }} + {{- end }} volumeMode: Filesystem --- diff --git a/templates/helm/values.yaml b/templates/helm/values.yaml index c53c342..f1e9076 100644 --- a/templates/helm/values.yaml +++ b/templates/helm/values.yaml @@ -1,20 +1,18 @@ -global: {} - externalSecret: enabled: false genesis: - volume: + volume: &genesis-volume storage: 100Mi genesisDeployer: image: &genesis-deployer-image ghcr.io/planetarium/mothership-l2launcher-genesis-deployer:latest genesisInitPredeploy: image: &genesis-init-predeploy-image ghcr.io/planetarium/mothership-l2launcher-genesis-init-predeploy:latest -nodes: +node: replicas: 1 opGeth: - image: &op-geth-image us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth:v1.101305.0 + image: &op-geth-image us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth:v1.101308.0 port: &op-geth-port rpc: 8545 wsrpc: 8546 @@ -22,7 +20,7 @@ nodes: volume: &op-geth-volume storage: 100Gi opNode: - image: &op-node-image us-docker.pkg.dev/oplabs-tools-artifacts/images/op-node:v1.4.2 + image: &op-node-image us-docker.pkg.dev/oplabs-tools-artifacts/images/op-node:v1.5.1 port: &op-node-port rpc: 8547 p2p: 9222 @@ -30,6 +28,7 @@ nodes: storage: 100Mi sequencer: + replicas: 0 opGeth: image: *op-geth-image port: @@ -42,18 +41,16 @@ sequencer: <<: *op-node-port volume: <<: *op-node-volume - genesisDeployer: - image: *genesis-deployer-image - genesisInitPredeploy: - image: *genesis-init-predeploy-image opBatcher: - image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-batcher:v1.4.2 + replicas: 0 + image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-batcher:v1.5.1 port: rpc: 8548 opProposer: - image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-proposer:v1.4.2 + replicas: 0 + image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-proposer:v1.5.1 port: rpc: 8560