Setup ten config library to replace our flags approach

[BedrockSquirrel]

Why this change is needed

We are moving away from flags based config to a systematic yaml/environment variable based config that will be used across all our go processes. This will make our config play more nicely with standard orchestration tooling (kubernetes etc.) and reduce duplication and magic in our config.

What changes were made as part of this PR

This first PR adds the config structure, the loading mechanism and sets it up for used by the enclave and host processes.

All other Go processes (including the node and testnet launcher orchestration processes) are still configured with flags. They will be migrated shortly.

Short term while both systems are in place this may seem to be making things worse but when the node and testnet launchers are replaced with the infra tooling that is being worked on then a lot of code and magic will be removed.

PR checks pre-merging

Please indicate below by ticking the checkbox that you have read and performed the required
PR checks

• PR checks reviewed and performed

[tudor-malene]

This is great!
Makes everything much clearer.

I left a few comments.

[tudor-malene]

I don't follow here how the config is read from enclave.json

[BedrockSquirrel]

Enclave config is read the same as the host and other processes: base yaml file(s) + environment variables

In enclave.json the "fromHost" flag allows you to whitelist env variable keys so their values can be passed in from the host machine.

E.g. if this was in the enclave.json then NETWORK_CHAINID=1337 would be set and ENCLAVE_DB_EDGELESSDBHOST value would be passed through if the runner set it as an environment variable.

"env": [
    { "name": "ENCLAVE_DB_EDGELESSDBHOST",  "fromHost": true },

    { "name": "NETWORK_CHAINID", value: 1337 },
]

So for now I'm just letting it pass through all the env variables. For tagged public releases we can hardcode values.

[tudor-malene]

what confuses me is that I don't see anywhere in the code how "fromHost" is resolved.
I don't follow how the right values end up in the enclave.json file that is passed to ego

[StefanIliev545]

A lot of changes that seem like grunt work I glanced over, but this is my first (prolly final) pass

P.S. Ask copilot for any improvements and see if anything is reasonable; obviously as you've written he code you're best placed to know if it's bullshitting or legit suggestion

[StefanIliev545]

Nice

[StefanIliev545]

Is this ok for production? ENV variable overrides should be disabled in enclave IMO? Or at least disabled for anything baked into the image

[StefanIliev545]

Nice

[StefanIliev545]

Do we still rely on genesis override in sim tests? Perhaps a good opportunity to have test/1-sim.yaml that showcases overrides

[StefanIliev545]

Is this identical for local testnet or is it the sepolia time?

[StefanIliev545]

Okay this cfg looks to be a mix of what we have right now (unless I'm wrong, which is quite possible).
Maybe we should have one for each environment (basic matches local testnet, overrides only for environments)

[BedrockSquirrel]

So I started doing one for each environment but I think it's a waste of time because we'll be throwing it away in a couple of weeks. We don't want environmental config in our repo and it will live in Krish's kubernetes config stores.

So for now all these config values are still coming from github in the testnet environments. For sims and local networks we use yaml file overrides (or set the values dynamically in the code where that makes sense).

Happy to be convinced otherwise though, I have gone around in circles on this. Originally I had the environment passed to the main as a flag, like -env=uat and then it would auto-load 1-env-uat.yaml.

But anyway, if we get the core process in we can iterate on how it's used, for now I just want it in without breaking anything so Krish can start testing against it.

[StefanIliev545]

Are we going to leave this as is? Perhaps this field should either be a key or somewhere to load it from ( or off chain signing )
Maybe a todo with a ticket

[tudor-malene]

follow up question

[tudor-malene]

what confuses me is that I don't see anywhere in the code how "fromHost" is resolved.
I don't follow how the right values end up in the enclave.json file that is passed to ego

[BedrockSquirrel]

@tudor-malene The values don't get set into the enclave.json (unless they're hardcoded values which we're not doing at this stage). The fromHost flag is part of the enclave.json spec from ego to whitelist those env var keys: https://docs.edgeless.systems/ego/reference/config#environment-variables

So we pass the values to the enclave process with env variables in docker like normal. So when you start the docker container you set the env variables (that's what @pkrishnath 's kubernetes set up will do, and temporarily that's what the docker_node launcher thing is doing).

[tudor-malene]

LGTM!