github/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-01-09 15:37:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

k8s goerli config (#1517)

Browse Source 
* Added goerli node config

* add validator configuration

* working better with istio

* cleanup

* Update bootnodes and genesis

* prepare goerli

* cleaning up geth stuff

* Working on istio

* Update somethings for istio

* Add back bootnode for internal discovery, add some labels for istio

* support ws

* ssl via lets encrypt

* Remove ingress

* Expose grafana

* allow insecure

* Add consistent loadbalancing

* use pod antiaffinity so that the public nodes are highly available

* Change app name to goerli

* Add unstable graphql

* remove redis

* lint

* gazelle and fix weights

* better affinity
This commit is contained in:
Preston Van Loon
2019-02-08 15:30:38 -05:00
committed by GitHub
parent 252ec0dac2
commit 7078382b82
34 changed files with 1606 additions and 3486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
k8s/BUILD.bazel
View File

@@ -7,7 +7,6 @@ k8s_objects(
":priority_class",
"//k8s/geth:everything",
"//k8s/beacon-chain:everything",
"//k8s/nginx:everything",
],
tags = ["manual"],
)

16
k8s/README.md
View File

@@ -14,6 +14,22 @@ start a local cluster with v1.11.0, run the following:
minikube start --kubernetes-version=v1.11.0 --cpus 4
```
### Istio
Be sure to update the loadBalancerIP and includeIPRanges as needed. Refer to
[this guide](https://github.com/stefanprodan/istio-gke/blob/master/docs/istio/04-istio-setup.md)
if necessary.
First download the release
```
curl -L https://git.io/getLatestIstio | sh -
```
```
helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set grafana.enabled=true --set tracing.enabled=true --set gateways.istio-ingressgateway.loadBalancerIP=35.224.249.2 --set global.proxy.includeIPRanges="10.52.0.0/14\,10.55.240.0/20" --set kiali.enabled=true --set telemetry-gateway.grafanaEnabled=true
```
### Geth's Genesis file
This file is the default provided by geth-genesis secret.

2
k8s/beacon-chain/namespace.yaml
View File

@@ -2,3 +2,5 @@ apiVersion: v1
kind: Namespace
metadata:
name: beacon-chain
labels:
istio-injection: enabled

20
k8s/geth/BUILD.bazel
View File

@@ -3,7 +3,6 @@ package(default_visibility = ["//k8s:__subpackages__"])
load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects")
load("@k8s_configmap//:defaults.bzl", "k8s_configmap")
load("@k8s_deploy//:defaults.bzl", "k8s_deploy")
load("@k8s_ingress//:defaults.bzl", "k8s_ingress")
load("@k8s_namespace//:defaults.bzl", "k8s_namespace")
load("@k8s_secret//:defaults.bzl", "k8s_secret")
load("@k8s_service//:defaults.bzl", "k8s_service")
@@ -13,9 +12,8 @@ k8s_objects(
name = "everything",
objects = [
":namespace", # Must be first
"configs",
":configs",
":deployments",
":ingress",
":secrets",
":services",
],
@@ -25,36 +23,28 @@ k8s_objects(
_NAMESPACE = "pow"
_configs = [
"genesis",
"goerli",
]
_deployments = [
"bootnode",
"ethstats",
"faucet",
"miners",
"nodes",
"public_nodes",
]
_services = [
"bootnode",
"ethstats",
"faucet",
"nodes",
"public_nodes",
]
_secrets = [
"bootnode",
"ethstats",
"faucet",
"goerli_validator",
]
k8s_ingress(
name = "ingress",
template = "ingress.yaml",
namespace = _NAMESPACE,
)
k8s_namespace(
name = "namespace",
template = "namespace.yaml",

8
k8s/geth/bootnode.deploy.yaml
View File

@@ -10,6 +10,8 @@ spec:
labels:
component: bootnode-v4
universe: geth
app: goerli
version: v1
spec:
priorityClassName: production-priority
containers:
@@ -17,7 +19,7 @@ spec:
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8545
name: rpc
name: http-rpc
- containerPort: 30303
name: discovery-tcp
protocol: TCP
@@ -59,6 +61,8 @@ spec:
labels:
component: bootnode-v5
universe: geth
app: goerli
version: v1
spec:
priorityClassName: production-priority
containers:
@@ -66,7 +70,7 @@ spec:
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8545
name: rpc
name: http-rpc
- containerPort: 30303
name: discovery-tcp
protocol: TCP

39
k8s/geth/ethstats.deploy.yaml
View File

@@ -1,39 +0,0 @@
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: geth-ethstats
namespace: pow
spec:
replicas: 1
selector:
matchLabels:
component: ethstats
universe: geth
template:
metadata:
labels:
component: ethstats
universe: geth
spec:
priorityClassName: production-priority
containers:
- name: ethstats
image: ethereumex/eth-netstats:latest
command: ["npm"]
args: ["start"]
ports:
- containerPort: 3000
name: web
env:
- name: WS_SECRET
valueFrom:
secretKeyRef:
name: ethstats-secrets
key: ws
resources:
requests:
memory: "100Mi"
cpu: "50m"
limits:
memory: "250Mi"
cpu: "100m"

4
k8s/geth/ethstats.encrypted_secret.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
data:
ws: IeKGjutDYMvXfhoMrVcdx/WRZxDN6Fp6U9q7JaiQ8tR1HCss1YYAjePsvLRvbY5h.TE5myr1CuGVla/vY.NcylicemGDM+6Lz5NWrw/Q==
ws: Iy1UNcid0F+pcYEpB2j4NXps+eL7n8/45Vso/lHWDJHjsAahoVTTzfVdZeDBuN/6.gTBZPKlWNTEnpupv.dDw07DMAl+ffMHmc/H6APg==
kind: Secret
metadata:
name: ethstats-secrets
@@ -8,4 +8,4 @@ metadata:
type: Opaque
# kubesec:v:3
# kubesec:gcp:projects/prysmaticlabs/locations/global/keyRings/prysmatic-k8s-secrets/cryptoKeys/testkey:CiQAaKPz55imKn09+ay5Fipt8Ejsa0fl9RAiDUwIB8QjWJniNfESSQD23sIsO81pJ6gDAzc7733PGECLQ+ftcvluf41iLs5GUBBHrk6ziqmtDmfiTzc9E2YDuXYwAU4EejVjXoIHMESywm9EvetOEt4=
# kubesec:mac:0YZUa66m5jP5wwuA.M6PWFcmPGuuilDWq2swebA==
# kubesec:mac:tePjKrb+PYYpWS9P.LbpIxp0ErOa95L4FHEqNRQ==

13
k8s/geth/ethstats.service.yaml
View File

@@ -1,13 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: geth-ethstats
namespace: pow
spec:
selector:
component: ethstats
universe: geth
ports:
- port: 3000
targetPort: 3000
type: ClusterIP

6
k8s/geth/faucet.deploy.yaml
View File

@@ -5,17 +5,23 @@ metadata:
namespace: pow
labels:
component: faucet
app: goerli
version: v1
spec:
replicas: 1
selector:
matchLabels:
universe: geth
component: faucet
app: goerli
version: v1
template:
metadata:
labels:
universe: geth
component: faucet
app: goerli
version: v1
spec:
priorityClassName: batch-priority
containers:

1
k8s/geth/faucet.service.yaml
View File

@@ -9,5 +9,6 @@ spec:
universe: geth
ports:
- port: 8080
name: http
targetPort: 8080
type: ClusterIP

827
k8s/geth/goerli.config.yaml Normal file
View File

@@ -0,0 +1,827 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: goerli
namespace: pow
data:
genesis: |
{
"config":{
"chainId":5,
"homesteadBlock":0,
"eip150Block":0,
"eip150Hash": "0xbf7e331f7f7c1dd2e05159666b3bf8bc7a8a3a9eb1d518969eab529dd9b88c1a",
"eip155Block":0,
"eip158Block":0,
"eip160Block":0,
"byzantiumBlock":0,
"constantinopleBlock":0,
"petersburgBlock":0,
"clique":{
"period":15,
"epoch":30000
}
},
"coinbase":"0x0000000000000000000000000000000000000000",
"difficulty":"0x1",
"extraData":"0x22466c6578692069732061207468696e6722202d204166726900000000000000e0a2bd4258d2768837baa26a28fe71dc079f84c70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"gasLimit":"0xa00000",
"mixHash":"0x0000000000000000000000000000000000000000000000000000000000000000",
"nonce":"0x0",
"timestamp":"0x5c51a607",
"alloc":{
"0000000000000000000000000000000000000000":{
"balance":"0x1"
},
"0000000000000000000000000000000000000001":{
"balance":"0x1"
},
"0000000000000000000000000000000000000002":{
"balance":"0x1"
},
"0000000000000000000000000000000000000003":{
"balance":"0x1"
},
"0000000000000000000000000000000000000004":{
"balance":"0x1"
},
"0000000000000000000000000000000000000005":{
"balance":"0x1"
},
"0000000000000000000000000000000000000006":{
"balance":"0x1"
},
"0000000000000000000000000000000000000007":{
"balance":"0x1"
},
"0000000000000000000000000000000000000008":{
"balance":"0x1"
},
"0000000000000000000000000000000000000009":{
"balance":"0x1"
},
"000000000000000000000000000000000000000a":{
"balance":"0x1"
},
"000000000000000000000000000000000000000b":{
"balance":"0x1"
},
"000000000000000000000000000000000000000c":{
"balance":"0x1"
},
"000000000000000000000000000000000000000d":{
"balance":"0x1"
},
"000000000000000000000000000000000000000e":{
"balance":"0x1"
},
"000000000000000000000000000000000000000f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000010":{
"balance":"0x1"
},
"0000000000000000000000000000000000000011":{
"balance":"0x1"
},
"0000000000000000000000000000000000000012":{
"balance":"0x1"
},
"0000000000000000000000000000000000000013":{
"balance":"0x1"
},
"0000000000000000000000000000000000000014":{
"balance":"0x1"
},
"0000000000000000000000000000000000000015":{
"balance":"0x1"
},
"0000000000000000000000000000000000000016":{
"balance":"0x1"
},
"0000000000000000000000000000000000000017":{
"balance":"0x1"
},
"0000000000000000000000000000000000000018":{
"balance":"0x1"
},
"0000000000000000000000000000000000000019":{
"balance":"0x1"
},
"000000000000000000000000000000000000001a":{
"balance":"0x1"
},
"000000000000000000000000000000000000001b":{
"balance":"0x1"
},
"000000000000000000000000000000000000001c":{
"balance":"0x1"
},
"000000000000000000000000000000000000001d":{
"balance":"0x1"
},
"000000000000000000000000000000000000001e":{
"balance":"0x1"
},
"000000000000000000000000000000000000001f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000020":{
"balance":"0x1"
},
"0000000000000000000000000000000000000021":{
"balance":"0x1"
},
"0000000000000000000000000000000000000022":{
"balance":"0x1"
},
"0000000000000000000000000000000000000023":{
"balance":"0x1"
},
"0000000000000000000000000000000000000024":{
"balance":"0x1"
},
"0000000000000000000000000000000000000025":{
"balance":"0x1"
},
"0000000000000000000000000000000000000026":{
"balance":"0x1"
},
"0000000000000000000000000000000000000027":{
"balance":"0x1"
},
"0000000000000000000000000000000000000028":{
"balance":"0x1"
},
"0000000000000000000000000000000000000029":{
"balance":"0x1"
},
"000000000000000000000000000000000000002a":{
"balance":"0x1"
},
"000000000000000000000000000000000000002b":{
"balance":"0x1"
},
"000000000000000000000000000000000000002c":{
"balance":"0x1"
},
"000000000000000000000000000000000000002d":{
"balance":"0x1"
},
"000000000000000000000000000000000000002e":{
"balance":"0x1"
},
"000000000000000000000000000000000000002f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000030":{
"balance":"0x1"
},
"0000000000000000000000000000000000000031":{
"balance":"0x1"
},
"0000000000000000000000000000000000000032":{
"balance":"0x1"
},
"0000000000000000000000000000000000000033":{
"balance":"0x1"
},
"0000000000000000000000000000000000000034":{
"balance":"0x1"
},
"0000000000000000000000000000000000000035":{
"balance":"0x1"
},
"0000000000000000000000000000000000000036":{
"balance":"0x1"
},
"0000000000000000000000000000000000000037":{
"balance":"0x1"
},
"0000000000000000000000000000000000000038":{
"balance":"0x1"
},
"0000000000000000000000000000000000000039":{
"balance":"0x1"
},
"000000000000000000000000000000000000003a":{
"balance":"0x1"
},
"000000000000000000000000000000000000003b":{
"balance":"0x1"
},
"000000000000000000000000000000000000003c":{
"balance":"0x1"
},
"000000000000000000000000000000000000003d":{
"balance":"0x1"
},
"000000000000000000000000000000000000003e":{
"balance":"0x1"
},
"000000000000000000000000000000000000003f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000040":{
"balance":"0x1"
},
"0000000000000000000000000000000000000041":{
"balance":"0x1"
},
"0000000000000000000000000000000000000042":{
"balance":"0x1"
},
"0000000000000000000000000000000000000043":{
"balance":"0x1"
},
"0000000000000000000000000000000000000044":{
"balance":"0x1"
},
"0000000000000000000000000000000000000045":{
"balance":"0x1"
},
"0000000000000000000000000000000000000046":{
"balance":"0x1"
},
"0000000000000000000000000000000000000047":{
"balance":"0x1"
},
"0000000000000000000000000000000000000048":{
"balance":"0x1"
},
"0000000000000000000000000000000000000049":{
"balance":"0x1"
},
"000000000000000000000000000000000000004a":{
"balance":"0x1"
},
"000000000000000000000000000000000000004b":{
"balance":"0x1"
},
"000000000000000000000000000000000000004c":{
"balance":"0x1"
},
"000000000000000000000000000000000000004d":{
"balance":"0x1"
},
"000000000000000000000000000000000000004e":{
"balance":"0x1"
},
"000000000000000000000000000000000000004f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000050":{
"balance":"0x1"
},
"0000000000000000000000000000000000000051":{
"balance":"0x1"
},
"0000000000000000000000000000000000000052":{
"balance":"0x1"
},
"0000000000000000000000000000000000000053":{
"balance":"0x1"
},
"0000000000000000000000000000000000000054":{
"balance":"0x1"
},
"0000000000000000000000000000000000000055":{
"balance":"0x1"
},
"0000000000000000000000000000000000000056":{
"balance":"0x1"
},
"0000000000000000000000000000000000000057":{
"balance":"0x1"
},
"0000000000000000000000000000000000000058":{
"balance":"0x1"
},
"0000000000000000000000000000000000000059":{
"balance":"0x1"
},
"000000000000000000000000000000000000005a":{
"balance":"0x1"
},
"000000000000000000000000000000000000005b":{
"balance":"0x1"
},
"000000000000000000000000000000000000005c":{
"balance":"0x1"
},
"000000000000000000000000000000000000005d":{
"balance":"0x1"
},
"000000000000000000000000000000000000005e":{
"balance":"0x1"
},
"000000000000000000000000000000000000005f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000060":{
"balance":"0x1"
},
"0000000000000000000000000000000000000061":{
"balance":"0x1"
},
"0000000000000000000000000000000000000062":{
"balance":"0x1"
},
"0000000000000000000000000000000000000063":{
"balance":"0x1"
},
"0000000000000000000000000000000000000064":{
"balance":"0x1"
},
"0000000000000000000000000000000000000065":{
"balance":"0x1"
},
"0000000000000000000000000000000000000066":{
"balance":"0x1"
},
"0000000000000000000000000000000000000067":{
"balance":"0x1"
},
"0000000000000000000000000000000000000068":{
"balance":"0x1"
},
"0000000000000000000000000000000000000069":{
"balance":"0x1"
},
"000000000000000000000000000000000000006a":{
"balance":"0x1"
},
"000000000000000000000000000000000000006b":{
"balance":"0x1"
},
"000000000000000000000000000000000000006c":{
"balance":"0x1"
},
"000000000000000000000000000000000000006d":{
"balance":"0x1"
},
"000000000000000000000000000000000000006e":{
"balance":"0x1"
},
"000000000000000000000000000000000000006f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000070":{
"balance":"0x1"
},
"0000000000000000000000000000000000000071":{
"balance":"0x1"
},
"0000000000000000000000000000000000000072":{
"balance":"0x1"
},
"0000000000000000000000000000000000000073":{
"balance":"0x1"
},
"0000000000000000000000000000000000000074":{
"balance":"0x1"
},
"0000000000000000000000000000000000000075":{
"balance":"0x1"
},
"0000000000000000000000000000000000000076":{
"balance":"0x1"
},
"0000000000000000000000000000000000000077":{
"balance":"0x1"
},
"0000000000000000000000000000000000000078":{
"balance":"0x1"
},
"0000000000000000000000000000000000000079":{
"balance":"0x1"
},
"000000000000000000000000000000000000007a":{
"balance":"0x1"
},
"000000000000000000000000000000000000007b":{
"balance":"0x1"
},
"000000000000000000000000000000000000007c":{
"balance":"0x1"
},
"000000000000000000000000000000000000007d":{
"balance":"0x1"
},
"000000000000000000000000000000000000007e":{
"balance":"0x1"
},
"000000000000000000000000000000000000007f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000080":{
"balance":"0x1"
},
"0000000000000000000000000000000000000081":{
"balance":"0x1"
},
"0000000000000000000000000000000000000082":{
"balance":"0x1"
},
"0000000000000000000000000000000000000083":{
"balance":"0x1"
},
"0000000000000000000000000000000000000084":{
"balance":"0x1"
},
"0000000000000000000000000000000000000085":{
"balance":"0x1"
},
"0000000000000000000000000000000000000086":{
"balance":"0x1"
},
"0000000000000000000000000000000000000087":{
"balance":"0x1"
},
"0000000000000000000000000000000000000088":{
"balance":"0x1"
},
"0000000000000000000000000000000000000089":{
"balance":"0x1"
},
"000000000000000000000000000000000000008a":{
"balance":"0x1"
},
"000000000000000000000000000000000000008b":{
"balance":"0x1"
},
"000000000000000000000000000000000000008c":{
"balance":"0x1"
},
"000000000000000000000000000000000000008d":{
"balance":"0x1"
},
"000000000000000000000000000000000000008e":{
"balance":"0x1"
},
"000000000000000000000000000000000000008f":{
"balance":"0x1"
},
"0000000000000000000000000000000000000090":{
"balance":"0x1"
},
"0000000000000000000000000000000000000091":{
"balance":"0x1"
},
"0000000000000000000000000000000000000092":{
"balance":"0x1"
},
"0000000000000000000000000000000000000093":{
"balance":"0x1"
},
"0000000000000000000000000000000000000094":{
"balance":"0x1"
},
"0000000000000000000000000000000000000095":{
"balance":"0x1"
},
"0000000000000000000000000000000000000096":{
"balance":"0x1"
},
"0000000000000000000000000000000000000097":{
"balance":"0x1"
},
"0000000000000000000000000000000000000098":{
"balance":"0x1"
},
"0000000000000000000000000000000000000099":{
"balance":"0x1"
},
"000000000000000000000000000000000000009a":{
"balance":"0x1"
},
"000000000000000000000000000000000000009b":{
"balance":"0x1"
},
"000000000000000000000000000000000000009c":{
"balance":"0x1"
},
"000000000000000000000000000000000000009d":{
"balance":"0x1"
},
"000000000000000000000000000000000000009e":{
"balance":"0x1"
},
"000000000000000000000000000000000000009f":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000a9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000aa":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ab":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ac":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ad":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ae":{
"balance":"0x1"
},
"00000000000000000000000000000000000000af":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000b9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ba":{
"balance":"0x1"
},
"00000000000000000000000000000000000000bb":{
"balance":"0x1"
},
"00000000000000000000000000000000000000bc":{
"balance":"0x1"
},
"00000000000000000000000000000000000000bd":{
"balance":"0x1"
},
"00000000000000000000000000000000000000be":{
"balance":"0x1"
},
"00000000000000000000000000000000000000bf":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000c9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ca":{
"balance":"0x1"
},
"00000000000000000000000000000000000000cb":{
"balance":"0x1"
},
"00000000000000000000000000000000000000cc":{
"balance":"0x1"
},
"00000000000000000000000000000000000000cd":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ce":{
"balance":"0x1"
},
"00000000000000000000000000000000000000cf":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000d9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000da":{
"balance":"0x1"
},
"00000000000000000000000000000000000000db":{
"balance":"0x1"
},
"00000000000000000000000000000000000000dc":{
"balance":"0x1"
},
"00000000000000000000000000000000000000dd":{
"balance":"0x1"
},
"00000000000000000000000000000000000000de":{
"balance":"0x1"
},
"00000000000000000000000000000000000000df":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000e9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ea":{
"balance":"0x1"
},
"00000000000000000000000000000000000000eb":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ec":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ed":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ee":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ef":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f0":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f1":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f2":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f3":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f4":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f5":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f6":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f7":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f8":{
"balance":"0x1"
},
"00000000000000000000000000000000000000f9":{
"balance":"0x1"
},
"00000000000000000000000000000000000000fa":{
"balance":"0x1"
},
"00000000000000000000000000000000000000fb":{
"balance":"0x1"
},
"00000000000000000000000000000000000000fc":{
"balance":"0x1"
},
"00000000000000000000000000000000000000fd":{
"balance":"0x1"
},
"00000000000000000000000000000000000000fe":{
"balance":"0x1"
},
"00000000000000000000000000000000000000ff":{
"balance":"0x1"
},
"4c2ae482593505f0163cdefc073e81c63cda4107": {
"balance": "0x152d02c7e14af6800000"
},
"a8e8f14732658e4b51e8711931053a8a69baf2b1": {
"balance": "0x152d02c7e14af6800000"
},
"d9a5179f091d85051d3c982785efd1455cec8699": {
"balance": "0x84595161401484a000000"
},
"e0a2bd4258d2768837baa26a28fe71dc079f84c7": {
"balance": "0x4a47e3c12448f4ad000000"
}
},
"number":"0x0",
"gasUsed":"0x0",
"parentHash":"0x0000000000000000000000000000000000000000000000000000000000000000"
}
staticnodes: |
[
"enode://011f758e6552d105183b1761c5e2dea0111bc20fd5f6422bc7f91e0fabbec9a6595caf6239b37feb773dddd3f87240d99d859431891e4a642cf2a0a9e6cbb98a@51.141.78.53:30303",
"enode://176b9417f511d05b6b2cf3e34b756cf0a7096b3094572a8f6ef4cdcb9d1f9d00683bf0f83347eebdf3b81c3521c2332086d9592802230bf528eaf606a1d9677b@13.93.54.137:30303",
"enode://011f758e6552d105183b1761c5e2dea0111bc20fd5f6422bc7f91e0fabbec9a6595caf6239b37feb773dddd3f87240d99d859431891e4a642cf2a0a9e6cbb98a@51.141.78.53:30303",
"enode://176b9417f511d05b6b2cf3e34b756cf0a7096b3094572a8f6ef4cdcb9d1f9d00683bf0f83347eebdf3b81c3521c2332086d9592802230bf528eaf606a1d9677b@13.93.54.137:30303",
"enode://46add44b9f13965f7b9875ac6b85f016f341012d84f975377573800a863526f4da19ae2c620ec73d11591fa9510e992ecc03ad0751f53cc02f7c7ed6d55c7291@94.237.54.114:30313",
"enode://c1f8b7c2ac4453271fa07d8e9ecf9a2e8285aa0bd0c07df0131f47153306b0736fd3db8924e7a9bf0bed6b1d8d4f87362a71b033dc7c64547728d953e43e59b2@52.64.155.147:30303",
"enode://f4a9c6ee28586009fb5a96c8af13a58ed6d8315a9eee4772212c1d4d9cebe5a8b8a78ea4434f318726317d04a3f531a1ef0420cf9752605a562cfe858c46e263@213.186.16.82:30303"
]

12
k8s/geth/goerli_validator.encrypted_secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
data:
password: VSmSstRRzHLgAkda.IplzAIgSTvUjtNMH0kG1Wg==
privatekey: AIKt58OaQrGR2kIgddR4Lnu42++YYXGBXCbTnY1dMFaDh83qMC1s/wvkaAXGxcLi/bSRSSZ9ynsa3LJZ/vfrn5HsgT2PG8frVin9kD5UoIgb9fEmZjd57bZQG6ht+WfS.8wlvF0N2zfQCyW0J.D/3Am1nW98HbgAb8q3ROeQ==
kind: Secret
metadata:
name: goerli-validator-pk
namespace: pow
type: Opaque
# kubesec:v:3
# kubesec:gcp:projects/prysmaticlabs/locations/global/keyRings/prysmatic-k8s-secrets/cryptoKeys/testkey:CiQAaKPz5+6N9EC53IjSMXUoxSv/u1/ZSo1BW7bMfyky/eAXPaQSSQD23sIs8C8Pzo/4qjR6fYd6pKSHvDRYDTTgt5Cxrzu+XCYCwm0jLUI1KL2VMohoXswZrEMP2r0JZzxzWTmDQUHCcsGY06uzpYI=
# kubesec:mac:CLsZMMdH7K6r6hDu.iksOFXODgztylNafAwPnTA==

37
k8s/geth/ingress.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: pow
annotations:
nginx.org/websocket-services: "geth-ethstats,geth-faucet"
spec:
rules:
- host: ethstats.prylabs.network
http:
paths:
- path: /
backend:
serviceName: geth-ethstats
servicePort: 3000
- host: powexplorer.prylabs.network
http:
paths:
- path: /
backend:
serviceName: blockscout
servicePort: 4000
- host: powfaucet.prylabs.network
http:
paths:
- path: /
backend:
serviceName: geth-faucet
servicePort: 8080
- host: powchain.prylabs.network
http:
paths:
- paths:
backend:
serviceName: geth-nodes
servicePort: 8545

116
k8s/geth/miners.deploy.yaml
View File

@@ -1,116 +0,0 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: miner
namespace: pow
labels:
universe: geth
component: miner
spec:
replicas: 1
serviceName: "miners"
selector:
matchLabels:
universe: geth
component: miner
template:
metadata:
labels:
universe: geth
component: miner
spec:
priorityClassName: production-priority
containers:
- name: miner
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8545
name: rpc
- containerPort: 8546
name: ws
- containerPort: 30303
name: discovery-tcp
protocol: TCP
- containerPort: 30303
name: discovery-udp
protocol: UDP
# Use /bin/sh -c to execute geth so that we have access to HOSTNAME in
# the command arguments.
# https://github.com/kubernetes/kubernetes/issues/57726
command:
- "/bin/sh"
- "-c"
- >
geth
--networkid=1337
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--ethstats=$HOSTNAME:$(ETHSTATS_WS_SECRET)@$(GETH_ETHSTATS_SERVICE_HOST):$(GETH_ETHSTATS_SERVICE_PORT)
--rpc
--rpcaddr=0.0.0.0
--rpccorsdomain="*"
--ws
--datadir=/ethereum
--debug
--verbosity=4
--mine
--minerthreads=1
--etherbase=0x00c4ac4d2a14be6a9b55652f9aabdb70fdeb07bc
--extradata=$HOSTNAME
--ethash.dagsinmem=1
--ethash.dagsondisk=2
--ethash.dagdir="/dag"
--nousb
--cache=1024
--gasprice=0
volumeMounts:
- name: chaindata
mountPath: "/ethereum"
- name: dag
mountPath: "/dag"
env:
- name: ETHSTATS_WS_SECRET
valueFrom:
secretKeyRef:
name: ethstats-secrets
key: ws
- name: BOOTNODE_PUBKEY
valueFrom:
secretKeyRef:
name: geth-bootnode-secret
key: public_key
resources:
requests:
memory: "2Gi"
cpu: "500m"
limits:
memory: "4Gi"
cpu: "500m"
initContainers:
- name: genesis
image: ethereum/client-go:alltools-stable
command: ["geth"]
args: ["--datadir=/ethereum", "init", "/data/genesis.json"]
volumeMounts:
- name: genesis
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
volumes:
- name: chaindata
emptyDir: {}
- name: genesis
configMap:
name: genesis
items:
- key: json
path: genesis.json
volumeClaimTemplates:
- metadata:
name: dag
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi

2
k8s/geth/namespace.yaml
View File

@@ -2,3 +2,5 @@ apiVersion: v1
kind: Namespace
metadata:
name: pow
labels:
istio-injection: enabled

121
k8s/geth/nodes.deploy.yaml
View File

@@ -1,32 +1,42 @@
kind: Deployment
apiVersion: apps/v1beta1
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: node
namespace: pow
labels:
universe: geth
component: node
app: goerli
version: v1
spec:
replicas: 3
replicas: 1
serviceName: "node"
selector:
matchLabels:
universe: geth
component: node
app: goerli
version: v1
template:
metadata:
labels:
universe: geth
component: node
app: goerli
version: v1
spec:
priorityClassName: batch-priority
priorityClassName: production-priority
containers:
- name: prober
image: gcr.io/prysmaticlabs/prysm/geth-prober
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
- name: node
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8545
name: rpc
- containerPort: 8546
name: ws
- containerPort: 30303
name: discovery-tcp
protocol: TCP
@@ -41,25 +51,32 @@ spec:
- "-c"
- >
geth
--networkid=1337
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--networkid=5
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--ethstats=$HOSTNAME:$(ETHSTATS_WS_SECRET)@$(GETH_ETHSTATS_SERVICE_HOST):$(GETH_ETHSTATS_SERVICE_PORT)
--ethstats=💎prylabs-$HOSTNAME:$(ETHSTATS_WS_SECRET)@wss://stats.goerli.net
--rpc
--rpcaddr=0.0.0.0
--rpccorsdomain="*"
--rpcvhosts="*"
--ws
--wsaddr=0.0.0.0
--wsorigins="*"
--rpcapi=eth
--datadir=/ethereum
--debug
--verbosity=4
--keystore=/keystore
--verbosity=3
--nousb
--lightserv=50
--metrics
--mine
--unlock=0xd9a5179f091d85051d3c982785efd1455cec8699
--password=/secret/password
--etherbase=0xd9a5179f091d85051d3c982785efd1455cec8699
--extradata="💎 @prylabs $HOSTNAME 💎"
volumeMounts:
- name: chaindata
mountPath: "/ethereum"
mountPath: /ethereum
- name: keystore
mountPath: /keystore
readOnly: true
- name: validator-pk
mountPath: /secret
readOnly: true
env:
- name: ETHSTATS_WS_SECRET
valueFrom:
@@ -73,28 +90,70 @@ spec:
key: public_key
resources:
requests:
memory: "500Mi"
cpu: "100m"
memory: "250Mi"
cpu: "200m"
limits:
memory: "500Mi"
cpu: "100m"
memory: "1000Mi"
cpu: "200m"
initContainers:
- name: genesis
- name: copy-staticnodes
image: busybox
command: ["cp", "/data/static-nodes.json", "/ethereum/static-nodes.json"]
volumeMounts:
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
- name: import-validator-account
image: ethereum/client-go:alltools-stable
command: ["geth"]
args:
- account
- import
- /secret/privatekey
- --datadir=/ethereum
- --keystore=/keystore
- --password=/secret/password
volumeMounts:
- name: chaindata
mountPath: /ethereum
- name: validator-pk
mountPath: /secret
readOnly: true
- name: keystore
mountPath: /keystore
- name: init-genesis
image: ethereum/client-go:alltools-stable
command: ["geth"]
args: ["--datadir=/ethereum", "init", "/data/genesis.json"]
volumeMounts:
- name: genesis
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
volumes:
- name: chaindata
emptyDir: {}
- name: genesis
- name: networkdata
configMap:
name: genesis
name: goerli
items:
- key: json
- key: genesis
path: genesis.json
- key: staticnodes
path: static-nodes.json
- name: validator-pk
secret:
secretName: goerli-validator-pk
- name: keystore
emptyDir: {}
- name: chaindata
emptyDir: {} # Caching the chain seems to have issues with impossible reorg
# volumeClaimTemplates:
# - metadata:
# name: chaindata
# spec:
# accessModes: [ "ReadWriteOnce" ]
# resources:
# requests:
# storage: 50Gi

19
k8s/geth/nodes.service.yaml
View File

@@ -1,19 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: geth-nodes
namespace: pow
spec:
selector:
component: node
universe: geth
ports:
- port: 8545
targetPort: 8545
name: rpc
protocol: TCP
- port: 8546
targetPort: 8546
name: ws
protocol: TCP
type: ClusterIP

39
k8s/geth/prober/BUILD.bazel Normal file
View File

@@ -0,0 +1,39 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@io_bazel_rules_docker//go:image.bzl", "go_image")
load("@io_bazel_rules_docker//container:container.bzl", "container_push")
go_library(
name = "go_default_library",
srcs = ["main.go"],
importpath = "github.com/prysmaticlabs/prysm/k8s/geth/prober",
visibility = ["//visibility:private"],
)
go_binary(
name = "prober",
embed = [":go_default_library"],
visibility = ["//visibility:public"],
)
go_image(
name = "image",
srcs = ["main.go"],
goarch = "amd64",
goos = "linux",
importpath = "github.com/prysmaticlabs/prysm/k8s/geth/prober",
static = "on",
visibility = ["//visibility:private"],
pure = "on",
tags = ["manual"],
)
container_push(
name = "push_image",
format = "Docker",
image = ":image",
registry = "gcr.io",
repository = "prysmaticlabs/prysm/geth-prober",
tag = "latest",
tags = ["manual"],
visibility = ["//visibility:private"],
)

67
k8s/geth/prober/main.go Normal file
View File

@@ -0,0 +1,67 @@
package main
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
)
var url = "http://localhost:8545"
// This prober serves a /healthz method which acts as a proxy to a locally
// running ethereum node. If the node is still syncing, /healthz will return a
// non-200 error.
func main() {
http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
var jsonStr = []byte(`{"jsonrpc":"2.0","method":"eth_syncing","params":[],"id":1}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonStr))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
w.WriteHeader(500)
_, err := fmt.Fprintf(w, "Error probing node: %v", err)
if err != nil {
panic(err)
}
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
w.WriteHeader(500)
_, err := fmt.Fprintf(w, "Error reading response: %v", err)
if err != nil {
panic(err)
}
return
}
jsonMap := make(map[string]interface{})
err = json.Unmarshal(body, &jsonMap)
if err != nil {
w.WriteHeader(500)
fmt.Fprintf(w, "Failed to unmarshal json: %v", err)
return
}
ok := jsonMap["result"] == false
if !ok {
w.WriteHeader(500)
fmt.Fprintf(w, "Not synced: %v", jsonMap)
return
}
fmt.Fprint(w, "ok")
return
})
fmt.Println("Serving requests on port 8080")
log.Fatal(http.ListenAndServe(":8080", nil))
}

334
k8s/geth/public_nodes.deploy.yaml Normal file
View File

@@ -0,0 +1,334 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: public-node
namespace: pow
labels:
universe: geth
component: public-rpc-node
app: goerli
version: v1
spec:
replicas: 3
serviceName: "public-rpc-node"
selector:
matchLabels:
universe: geth
component: public-rpc-node
app: goerli
version: v1
template:
metadata:
labels:
universe: geth
component: public-rpc-node
app: goerli
version: v1
spec:
priorityClassName: production-priority
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
component: public-rpc-node
version: v1
topologyKey: kubernetes.io/hostname
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
component: public-rpc-node
version: v1
topologyKey: failure-domain.beta.kubernetes.io/zone
containers:
- name: prober
image: gcr.io/prysmaticlabs/prysm/geth-prober
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
resources:
requests:
memory: "10Mi"
cpu: "20m"
limits:
memory: "10Mi"
cpu: "20m"
- name: node
image: ethereum/client-go:latest
ports:
- containerPort: 8545
name: http-rpc
- containerPort: 8546
name: http-ws
- containerPort: 8547
name: http-graphql
- containerPort: 30303
name: discovery-tcp
protocol: TCP
- containerPort: 30303
name: discovery-udp
protocol: UDP
# Use /bin/sh -c to execute geth so that we have access to HOSTNAME in
# the command arguments.
# https://github.com/kubernetes/kubernetes/issues/57726
command:
- "/bin/sh"
- "-c"
- >
geth
--networkid=5
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--ethstats=💎prylabs-$HOSTNAME:$(ETHSTATS_WS_SECRET)@wss://stats.goerli.net
--v5disc
--rpc
--rpcaddr=0.0.0.0
--rpccorsdomain="*"
--rpcvhosts="*"
--ws
--wsaddr=0.0.0.0
--wsorigins="*"
--graphql
--graphql.rpccorsdomain="*"
--graphql.rpcvhosts="*"
--graphql.port=8547
--datadir=/ethereum
--keystore=/keystore
--debug
--verbosity=3
--nousb
--lightserv=50
--metrics
volumeMounts:
- name: chaindata
mountPath: /ethereum
env:
- name: ETHSTATS_WS_SECRET
valueFrom:
secretKeyRef:
name: ethstats-secrets
key: ws
- name: BOOTNODE_PUBKEY
valueFrom:
secretKeyRef:
name: geth-bootnode-secret
key: public_key
resources:
requests:
memory: "500Mi"
cpu: "50m"
limits:
memory: "1000Mi"
cpu: "200m"
initContainers:
- name: copy-staticnodes
image: busybox
command: ["cp", "/data/static-nodes.json", "/ethereum/static-nodes.json"]
volumeMounts:
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
- name: init-genesis
image: ethereum/client-go:alltools-stable
command: ["geth"]
args: ["--datadir=/ethereum", "init", "/data/genesis.json"]
volumeMounts:
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
volumes:
- name: networkdata
configMap:
name: goerli
items:
- key: genesis
path: genesis.json
- key: staticnodes
path: static-nodes.json
- name: chaindata
emptyDir: {} # Caching the chain seems to have issues with impossible reorg
# volumeClaimTemplates:
# - metadata:
# name: chaindata
# spec:
# accessModes: [ "ReadWriteOnce" ]
# resources:
# requests:
# storage: 10Gi
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: public-node
namespace: pow
labels:
universe: geth
component: public-rpc-node
app: goerli
version: v1-stable
spec:
replicas: 1
selector:
matchLabels:
universe: geth
component: public-rpc-node
app: goerli
version: v1-stable
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: "25%"
minReadySeconds: 15
template:
metadata:
labels:
universe: geth
component: public-rpc-node
app: goerli
version: v1-stable
spec:
priorityClassName: production-priority
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
component: public-rpc-node
version: v1-stable
topologyKey: kubernetes.io/hostname
containers:
- name: prober
image: gcr.io/prysmaticlabs/prysm/geth-prober
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
resources:
requests:
memory: "10Mi"
cpu: "20m"
limits:
memory: "10Mi"
cpu: "20m"
- name: node
image: ethereum/client-go:stable
ports:
- containerPort: 8545
name: http-rpc
- containerPort: 8546
name: http-ws
- containerPort: 8547
name: http-graphql
- containerPort: 30303
name: discovery-tcp
protocol: TCP
- containerPort: 30303
name: discovery-udp
protocol: UDP
# Use /bin/sh -c to execute geth so that we have access to HOSTNAME in
# the command arguments.
# https://github.com/kubernetes/kubernetes/issues/57726
command:
- "/bin/sh"
- "-c"
- >
geth
--networkid=5
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--v5disc
--rpc
--rpcaddr=0.0.0.0
--rpccorsdomain="*"
--rpcvhosts="*"
--ws
--wsaddr=0.0.0.0
--wsorigins="*"
--datadir=/ethereum
--keystore=/keystore
--debug
--verbosity=3
--nousb
--lightserv=50
--metrics
volumeMounts:
- name: chaindata
mountPath: /ethereum
env:
- name: ETHSTATS_WS_SECRET
valueFrom:
secretKeyRef:
name: ethstats-secrets
key: ws
- name: BOOTNODE_PUBKEY
valueFrom:
secretKeyRef:
name: geth-bootnode-secret
key: public_key
resources:
requests:
memory: "500Mi"
cpu: "50m"
limits:
memory: "1000Mi"
cpu: "200m"
initContainers:
- name: copy-staticnodes
image: busybox
command: ["cp", "/data/static-nodes.json", "/ethereum/static-nodes.json"]
volumeMounts:
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
- name: init-genesis
image: ethereum/client-go:alltools-stable
command: ["geth"]
args: ["--datadir=/ethereum", "init", "/data/genesis.json"]
volumeMounts:
- name: networkdata
mountPath: "/data"
readOnly: true
- name: chaindata
mountPath: "/ethereum"
volumes:
- name: networkdata
configMap:
name: goerli
items:
- key: genesis
path: genesis.json
- key: staticnodes
path: static-nodes.json
- name: chaindata
emptyDir: {}
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: public-node
namespace: pow
spec:
scaleTargetRef:
apiVersion: extensions/v1beta1
kind: Deployment
name: public-node
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 80

114
k8s/geth/public_nodes.service.yaml Normal file
View File

@@ -0,0 +1,114 @@
kind: Service
apiVersion: v1
metadata:
name: public-rpc-nodes
namespace: pow
spec:
selector:
component: public-rpc-node
universe: geth
ports:
- port: 8545
targetPort: 8545
name: http-rpc
protocol: TCP
- port: 8546
targetPort: 8546
name: http-ws
protocol: TCP
- port: 8547
targetPort: 8547
name: http-graphql
type: ClusterIP
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: public-rpc-nodes-gateway
namespace: pow
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- goerli.prylabs.net
tls:
httpsRedirect: false
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- goerli.prylabs.net
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: public-rpc-nodes
namespace: pow
spec:
hosts:
- goerli.prylabs.net
gateways:
- public-rpc-nodes-gateway
http:
- match:
- uri:
prefix: /websocket
route:
- destination:
port:
number: 8546
host: public-rpc-nodes.pow.svc.cluster.local
websocketUpgrade: true
- match:
- uri:
prefix: /graphql
route:
- destination:
port:
number: 8547
host: public-rpc-nodes.pow.svc.cluster.local
- match: # Must be last
- uri:
prefix: /
route:
- destination:
port:
number: 8545
host: public-rpc-nodes.pow.svc.cluster.local
subset: v1
weight: 50
- destination:
port:
number: 8545
host: public-rpc-nodes.pow.svc.cluster.local
subset: v1-stable
weight: 50
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: public-rpc-nodes
namespace: pow
spec:
host: public-rpc-nodes.pow.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
- name: v1-stable
labels:
version: v1-stable
trafficPolicy:
loadBalancer:
consistentHash:
useSourceIp: true

38
k8s/letsencrypt-issuer.yaml Normal file
View File

@@ -0,0 +1,38 @@
# See: https://github.com/stefanprodan/istio-gke/blob/master/docs/istio/05-letsencrypt-setup.md
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: istio-system
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: contact@prysmaticlabs.com
privateKeySecretRef:
name: letsencrypt-prod
dns01:
providers:
- name: cloud-dns
clouddns:
serviceAccountSecretRef:
name: cert-manager-credentials
key: gcp-dns-admin.json
project: prysmaticlabs
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: istio-gateway
namespace: istio-system
spec:
secretname: istio-ingressgateway-certs
issuerRef:
name: letsencrypt-prod
commonName: "*.prylabs.net"
acme:
config:
- dns01:
provider: cloud-dns
domains:
- "*.prylabs.net"
- "prylabs.net"

12
k8s/monitoring/grafana.encrypted_secret.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
data:
admin-password: RxC7QFwhjSaacx2KdmWncuBw6/UlIsS9Ee6b6hEbhG+Ama4dI/+MsOjNra7BxfnU.+ImkgvsSymbqZBjl.ifSkqkDA40lRZLTxN39vFw==
admin-username: CsZ0DoxGjfmVvOFWpMaEMtCe8hiB5dKZGvLt3w2jCDp8rELcGoQW3FBhiQJ3FSm5.hygL38xmTfAZd4RP.Ptd5byovuqjl5nbvCxbuHw==
kind: Secret
metadata:
name: grafana
namespace: monitoring
type: Opaque
# kubesec:v:3
# kubesec:gcp:projects/prysmaticlabs/locations/global/keyRings/prysmatic-k8s-secrets/cryptoKeys/testkey:CiQAaKPz57/7hO9EMYRC8NtU0ZMo+MYntECXExf1vQYyiEthcdESSQD23sIsin7lmGpMJ69eA7L2/WdSMT1CYOxVvwBrrR6Apu3tLuSQUT+h1faBSExVKaVpkWNf/kJzZfGVMzGX8QYbW9XFFN5D/zs=
# kubesec:mac:rALXGgLZcGquXIU5.UKyzxpm22ir5EfK8eHTt/Q==

45
k8s/monitoring/grafana.service.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15031
name: http2-grafana
protocol: HTTP2
hosts:
- "grafana.prylabs.net"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: grafana
namespace: istio-system
spec:
host: grafana.istio-system.svc.cluster.local
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-virtual-service
namespace: istio-system
spec:
hosts:
- "grafana.prylabs.net"
gateways:
- grafana-gateway
http:
- match:
- port: 15031
route:
- destination:
host: grafana.istio-system.svc.cluster.local
port:
number: 3000

29
k8s/monitoring/ingress.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: monitoring
spec:
rules:
- host: alertmanager.prylabs.network
http:
paths:
- path: /
backend:
serviceName: alertmanager
servicePort: 9093
- host: grafana.prylabs.network
http:
paths:
- path: /
backend:
serviceName: grafana
servicePort: 3000
- host: prometheus.prylabs.network
http:
paths:
- path: /
backend:
serviceName: prometheus
servicePort: 9090

2889
k8s/monitoring/manifests-all.yaml
View File

File diff suppressed because it is too large Load Diff

79
k8s/nginx/BUILD.bazel
View File

@@ -1,79 +0,0 @@
package(default_visibility = ["//k8s:__subpackages__"])
load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects")
load("@k8s_cluster_role//:defaults.bzl", "k8s_cluster_role")
load("@k8s_configmap//:defaults.bzl", "k8s_configmap")
load("@k8s_deploy//:defaults.bzl", "k8s_deploy")
load("@k8s_namespace//:defaults.bzl", "k8s_namespace")
load("@k8s_secret//:defaults.bzl", "k8s_secret")
load("@k8s_service//:defaults.bzl", "k8s_service")
load("@k8s_service_account//:defaults.bzl", "k8s_service_account")
load("//tools:kubesec.bzl", "k8s_encrypted_secret")
k8s_objects(
name = "everything",
objects = [
":namespace", # Must be first
":config",
":default_server_secret",
":deployment",
":rbac",
":service",
":service_account",
],
tags = ["manual"],
)
_NAMESPACE = "nginx-ingress"
k8s_secret(
name = "default_server_secret",
template = ":default-server-secret.yaml",
namespace = _NAMESPACE,
tags = ["manual"],
)
k8s_encrypted_secret(
name = "default_server_secret_encrypted",
template = "default-server-secret-encrypted.yaml",
out = "default-server-secret.yaml",
tags = [
"local",
"manual",
],
)
k8s_deploy(
name = "deployment",
template = ":deployment.yaml",
namespace = _NAMESPACE,
)
k8s_service(
name = "service",
template = ":loadbalancer.yaml",
namespace = _NAMESPACE,
)
k8s_namespace(
name = "namespace",
template = ":namespace.yaml",
)
k8s_configmap(
name = "config",
template = ":nginx-config.yaml",
namespace = _NAMESPACE,
)
k8s_cluster_role(
name = "rbac",
template = ":rbac.yaml",
namespace = _NAMESPACE,
)
k8s_service_account(
name = "service_account",
template = ":service-account.yaml",
namespace = _NAMESPACE,
)

11
k8s/nginx/default-server-secret-encrypted.yaml
View File

File diff suppressed because one or more lines are too long

58
k8s/nginx/deployment.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
replicas: 3
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9113"
spec:
serviceAccountName: nginx-ingress
priorityClassName: production-priority
containers:
- image: nginx/nginx-ingress:edge
name: nginx-ingress
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: beacon-relay
containerPort: 20000
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
#- -v=3 # Enables extensive logging. Useful for troubleshooting.
- -nginx-status
- -nginx-status-port=8080
- -report-ingress-status
- -external-service=nginx-ingress
- -enable-leader-election
- image: nginx/nginx-prometheus-exporter:0.1.0
name: nginx-prometheus-exporter
ports:
- name: prometheus
containerPort: 9113
args:
- -web.listen-address
- :9113
- nginx.scrape-uri
- http://127.0.0.1:8080/stub_status

28
k8s/nginx/loadbalancer.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
externalTrafficPolicy: Local
type: LoadBalancer
loadBalancerIP: 35.221.47.224
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
- port: 20000
targetPort: 20000
protocol: TCP
name: beacon-relay
- port: 20001
targetPort: 20001
protocol: TCP
name: beacon-bootnode
selector:
app: nginx-ingress

4
k8s/nginx/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: nginx-ingress

24
k8s/nginx/nginx-config.yaml
View File

@@ -1,24 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: nginx-ingress
data:
stream-snippets: |
upstream beacon-chain-relay-tcp {
server relay.beacon-chain.svc.cluster.local:4000;
}
server {
listen 20000;
proxy_pass beacon-chain-relay-tcp;
}
upstream beacon-chain-bootnode-tcp {
server bootnode.beacon-chain.svc.cluster.local:4000;
}
server {
listen 20001;
proxy_pass beacon-chain-bootnode-tcp;
}

72
k8s/nginx/rbac.yaml
View File

@@ -1,72 +0,0 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
subjects:
- kind: ServiceAccount
name: nginx-ingress
namespace: nginx-ingress
roleRef:
kind: ClusterRole
name: nginx-ingress
apiGroup: rbac.authorization.k8s.io

5
k8s/nginx/service-account.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress
namespace: nginx-ingress