github/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-01-09 07:28:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Kubernetes - Part 3 of ?? (#981)

Browse Source 
* Add nginx ingress for proof-of-work namespace

* connect beacon-chain to pow namespace geth-nodes for websocket connections

* Added relay to beacon-chain

* Route inbound TCP traffic on port 20000 to beacon-relay

* Add bootnode

* Add a basic pk

* checkpoint

* Added flag for p2p port

* Register flag with main

* Set P2P port specifically

* Add beacon chain config

* add deployvrc job

* Add deployvrc service account

* review

* gazelle

* a cluster is needed, i guess
This commit is contained in:
Preston Van Loon
2018-11-28 00:27:21 -05:00
committed by GitHub
parent 5195dd0c44
commit 740a9b76a7
41 changed files with 3745 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
WORKSPACE
View File

@@ -59,22 +59,22 @@ load("@io_bazel_rules_k8s//k8s:k8s.bzl", "k8s_repositories", "k8s_defaults")
k8s_repositories()
_CLUSTER = "minikube"
_NAMESPACE = "default"
[k8s_defaults(
name = "k8s_" + kind,
cluster = _CLUSTER,
#context = _CONTEXT,
cluster = "minikube",
kind = kind,
namespace = _NAMESPACE,
) for kind in [
"cluster_role",
"configmap",
"deploy",
"service",
"secret",
"priority_class",
"ingress",
"job",
"namespace",
"pod",
"priority_class",
"secret",
"service",
"service_account",
]]
load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains")

5
k8s/BUILD.bazel
View File

@@ -4,12 +4,15 @@ load("@k8s_priority_class//:defaults.bzl", "k8s_priority_class")
k8s_objects(
name = "everything",
objects = [
"//k8s/geth:everything",
":priority_class",
"//k8s/geth:everything",
"//k8s/beacon-chain:everything",
"//k8s/nginx:everything",
],
)
k8s_priority_class(
name = "priority_class",
template = "priority.yaml",
namespace = "default",
)

65
k8s/beacon-chain/BUILD.bazel
View File

@@ -1,25 +1,61 @@
package(default_visibility = ["//k8s:__subpackages__"])
load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects")
load("@k8s_configmap//:defaults.bzl", "k8s_configmap")
load("@k8s_deploy//:defaults.bzl", "k8s_deploy")
load("@k8s_job//:defaults.bzl", "k8s_job")
load("@k8s_namespace//:defaults.bzl", "k8s_namespace")
load("@k8s_service//:defaults.bzl", "k8s_service")
load("@k8s_service_account//:defaults.bzl", "k8s_service_account")
k8s_objects(
name = "everything",
objects = [
":namespace", # Must be first
":configs",
":deployments",
":services",
":jobs",
],
)
_NAMESPACE = "beacon-chain"
_configs = [
"beacon-config",
]
_deployments = [
"beacon-chain",
"bootnode",
"relay",
]
_jobs = [
"deployvrc",
]
_services = [
"beacon-chain",
"bootnode",
"relay",
]
_service_accounts = [
"deployvrc",
]
k8s_objects(
name = "configs",
objects = [":" + name + ".config" for name in _configs],
)
[k8s_configmap(
name = name + ".config",
template = name + ".config.yaml",
namespace = _NAMESPACE,
) for name in _configs]
k8s_objects(
name = "deployments",
objects = [":" + name + ".deploy" for name in _deployments],
@@ -28,8 +64,20 @@ k8s_objects(
[k8s_deploy(
name = name + ".deploy",
template = name + ".deploy.yaml",
namespace = _NAMESPACE,
) for name in _deployments]
k8s_objects(
name = "jobs",
objects = [":" + name + ".job" for name in _jobs],
)
[k8s_job(
name = name + ".job",
template = name + ".job.yaml",
namespace = _NAMESPACE,
) for name in _jobs]
k8s_objects(
name = "services",
objects = [":" + name + ".service" for name in _services],
@@ -38,4 +86,21 @@ k8s_objects(
[k8s_service(
name = name + ".service",
template = name + ".service.yaml",
namespace = _NAMESPACE,
) for name in _services]
k8s_objects(
name = "service_accounts",
objects = [":" + name + ".service_account" for name in _service_accounts],
)
[k8s_service_account(
name = name + ".service_account",
template = name + ".serviceaccount.yaml",
namespace = _NAMESPACE,
) for name in _service_accounts]
k8s_namespace(
name = "namespace",
template = "namespace.yaml",
)

22
k8s/beacon-chain/beacon-chain.deploy.yaml
View File

@@ -2,6 +2,7 @@ kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: beacon-chain
namespace: beacon-chain
spec:
replicas: 3
selector:
@@ -13,17 +14,24 @@ spec:
labels:
component: beacon-chain
universe: beacon-chain
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
spec:
priorityClassName: production-priority
containers:
- name: beacon-chain
image: gcr.io/prysmaticlabs/prysm/beacon-chain:latest
args:
- "--web3provider=ws://$(GETH_NODES_SERVICE_HOST):$(GETH_NODES_SERVICE_PORT_WS)"
- "--web3provider=ws://geth-nodes.pow.svc.cluster.local:8546"
- "--verbosity=debug"
- "--vrcaddr=0x541AfaC5266c534de039B4A1a53519e76ea82846"
- "--vrcaddr=$(VALIDATOR_REGISTRATION_CONTRACT_ADDRESS)"
- "--rpc-port=4000"
- "--simulator=false"
- "--monitoring-port=9090"
- "--bootstrap-node=/ip4/$(BOOTNODE_SERVICE_HOST)/tcp/$(BOOTNODE_SERVICE_PORT)/p2p/QmUWTsZwoJ51tey4fEE9EAqzQeHFHm4FE9aSfgTv8xyuG5"
- "--relay-node=/ip4/35.221.47.224/tcp/20000/p2p/QmXNZeGdHYshgwyYyJnYG7u5iQ1Hej5R9QshgEZ5NACc1x"
- "--p2p-port=5000"
resources:
requests:
memory: "100Mi"
@@ -34,3 +42,13 @@ spec:
ports:
- containerPort: 4000
name: grpc
- containerPort: 5000
name: p2p
- containerPort: 9090
name: prometheus
env:
- name: VALIDATOR_REGISTRATION_CONTRACT_ADDRESS
valueFrom:
configMapKeyRef:
name: beacon-config
key: VALIDATOR_REGISTRATION_CONTRACT_ADDRESS

3
k8s/beacon-chain/beacon-chain.service.yaml
View File

@@ -2,6 +2,7 @@ kind: Service
apiVersion: v1
metadata:
name: beacon-chain
namespace: beacon-chain
spec:
selector:
component: beacon-chain
@@ -10,4 +11,4 @@ spec:
- port: 4000
targetPort: 4000
name: grpc
type: LoadBalancer
type: ClusterIP

7
k8s/beacon-chain/beacon-config.config.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: beacon-config
namespace: beacon-chain
data:
VALIDATOR_REGISTRATION_CONTRACT_ADDRESS: "0x0"

32
k8s/beacon-chain/bootnode.deploy.yaml Normal file
View File

@@ -0,0 +1,32 @@
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: bootnode
namespace: beacon-chain
annotations:
prometheus.io/scrape: 'true'
spec:
replicas: 1
selector:
matchLabels:
component: bootnode
template:
metadata:
labels:
component: bootnode
spec:
priorityClassName: production-priority
containers:
- name: relay
image: gcr.io/prysmaticlabs/prysm/bootnode:latest
args:
- "-debug"
- "-port=4000"
- "-private=CAASpwkwggSjAgEAAoIBAQDLd5Sfv/8+ybSSeEj3980Bk1JOd8SXQ8e22ntKqtCWOoQ27jwUn6FH03poMvikJlHzkgnEXCZugeAbc/8rP1q/JRlOqhO/Zw7aQm6e+VjyKdzbTMv/YPkctsvStJw66U2EKkah02t7KTLO82qOQW3rgQFtRqKcN/jT0K2M4l6ED6DFhAYzjnBZpxEX3rCbqmKJQMYBFxlXa7T1kfpUQ7MdRtGtxW/GxJvo5CPf7e8T2SrKok437TN4aoD03W+czaJd48EFb/kgQNKbBoGX7+2c/liatm7QqvYbNkuU+N0sPZ7tkoxyxVQN2ie6WsZDVH3F1LOyI638w6WhYu2TmY9pAgMBAAECggEAYyCSRzYqK7PnhoiVvEF9Hmxg6BvPqoZ6MWrGMH2B+/7sVTrCCKYw1CaC92sF2itVN96JZaIjkykxPw7HXZGTK5buenXAAzs5cDp3XHpMzEZ69Fi49mWPWF7ydGhLySPLAT37hXHUZn+O4maTHlVgMSF7yXplVMisML31H7NVqu53N8U697Me+GIdB6dNn8in3n7O4Kkzo0V/h1YhPWwvds9Vzbh3CHnskeoY/J1UVIpwrELKS9OgcgXP+Kdx4jV4sPT4HAXvRj4dcCE2uAdbdKVVnrIhYBaIdNWzpXxj9cNcV/3P5XjrDsuVghKSrB86C/iM7YncvtVadwswc0oEEQKBgQD2IdGXHU9Hzqdus6Dj16ndCuVcKWqeHZcLR/tkk/HnsRuGmj4o5FdPrZ0yR1HBsSkLuJbw6trJtO7xzkvYmR9abXrKIqKAHRclwXopF6IdroOSjQj9j7GJp9YT/EQ3fqH0yw3h2ELyRRmxlQmKDQQDTM7CTUgYZ2WOK4hLsMcpPQKBgQDTn95yGBkd2eizPSLPTG41JWb89xQsS4RRcZHdqpiNce993lgiXzdWco/8kRhI+9h7MHPAaXrFP9gyX4H5ln3e0ovlulo/JYQSABGHycU1krOeHdfnbyxtrrbYdLan9DfZq2N/at58cAeiC8GGwYk8KCrC7h+9w1c76gCkB+ypnQKBgQDELbhshgQG7AQwDCSU9fSCJokhqDE+zb7yUvFg/Tq2vUd/Rbl9xmKBM5Qz2vyjMZ3RpdNJOygf1YMOYKu7fHCtFs3kBy8WhhlJEqlXz2p71fkw+hDMaZfMbGYJj+yffuN/xcjO1hymFcWg8XWk/zLPnoy9+fMY4HDlnHUKP2C+0QKBgHudpQisfu9q/HzGt3CzyqSMxo35nfUJ367bUkNThW0KIsU5fe4GBIMgxG7aKn9nbVr4QIUimC5kTtuN4pRyje/8uO9mXZUJSw5gr9zLxcC3guhXsmhkDmW7at8hvhh5la42aRZizLePkUXc7BzVLF7Rb7kR88SbOHetBtbKMjoZAoGAXJvdjLmx5rYOZvTgwEbZ0vIrAmexLU8uJ5B+VC4ScQ7MvXwGq4S3GRN3OD4mBfscJ/XCsMrg+9famUOxE+5uWWnQOPBjLu53q8/uQYLWlaxCijo7aGTTX2XgiuNMTvwbRoxpiUwyBi0zv5C7u/bjBvwYX37aYKIr7xnvEPk9pYQ="
resources:
requests:
memory: "100Mi"
cpu: "100m"
ports:
- containerPort: 4000
name: bootnodeport

13
k8s/beacon-chain/bootnode.service.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: bootnode
namespace: beacon-chain
spec:
selector:
component: bootnode
ports:
- port: 4000
targetPort: 4000
name: bootnodeport
type: ClusterIP

21
k8s/beacon-chain/deployvrc.job.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: batch/v1
kind: Job
metadata:
name: deploy-vrc
namespace: beacon-chain
spec:
#ttlSecondsAfterFinished: 7200
activeDeadlineSeconds: 600
backoffLimit: 3
template:
spec:
priorityClassName: batch-priority
serviceAccountName: deployvrc
containers:
- name: deployvcr
image: gcr.io/prysmaticlabs/prysm/deployvrc:latest
args:
- "--httpPath=http://geth-nodes.pow.svc.cluster.local:8545"
- "--privKey=783da8ef5343c3019748506305d400bca8c324a5819f3a7f7fbf0c0a0d799b09"
- "--k8s-config=beacon-config"
restartPolicy: OnFailure

32
k8s/beacon-chain/deployvrc.serviceaccount.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: deployvrc
namespace: beacon-chain
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployvrc
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployvrc
subjects:
- kind: ServiceAccount
name: deployvrc
namespace: beacon-chain
roleRef:
kind: ClusterRole
name: deployvrc
apiGroup: rbac.authorization.k8s.io

4
k8s/beacon-chain/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: beacon-chain

31
k8s/beacon-chain/relay.deploy.yaml Normal file
View File

@@ -0,0 +1,31 @@
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: relay
namespace: beacon-chain
annotations:
prometheus.io/scrape: 'true'
spec:
replicas: 1
selector:
matchLabels:
component: relay
template:
metadata:
labels:
component: relay
spec:
priorityClassName: production-priority
containers:
- name: relay
image: gcr.io/prysmaticlabs/prysm/relaynode:latest
args:
- "-debug"
- "-port=4000"
resources:
requests:
memory: "100Mi"
cpu: "100m"
ports:
- containerPort: 4000
name: relayport

13
k8s/beacon-chain/relay.service.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: relay
namespace: beacon-chain
spec:
selector:
component: relay
ports:
- port: 4000
targetPort: 4000
name: relayport
type: ClusterIP

27
k8s/geth/BUILD.bazel
View File

@@ -2,21 +2,28 @@ package(default_visibility = ["//k8s:__subpackages__"])
load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects")
load("@k8s_deploy//:defaults.bzl", "k8s_deploy")
load("@k8s_service//:defaults.bzl", "k8s_service")
load("@k8s_ingress//:defaults.bzl", "k8s_ingress")
load("@k8s_namespace//:defaults.bzl", "k8s_namespace")
load("@k8s_secret//:defaults.bzl", "k8s_secret")
load("@k8s_service//:defaults.bzl", "k8s_service")
k8s_objects(
name = "everything",
objects = [
":namespace", # Must be first
":deployments",
":ingress",
":secrets",
":services",
":deployments",
],
)
_NAMESPACE = "pow"
_deployments = [
"bootnode",
"ethstats",
"faucet",
"miners",
"nodes",
]
@@ -24,15 +31,28 @@ _deployments = [
_services = [
"bootnode",
"ethstats",
"faucet",
"nodes",
]
_secrets = [
"bootnode",
"ethstats",
"faucet",
"genesis",
]
k8s_ingress(
name = "ingress",
template = "ingress.yaml",
namespace = _NAMESPACE,
)
k8s_namespace(
name = "namespace",
template = "namespace.yaml",
)
k8s_objects(
name = "deployments",
objects = [":" + name + ".deploy" for name in _deployments],
@@ -41,6 +61,7 @@ k8s_objects(
[k8s_deploy(
name = name + ".deploy",
template = name + ".deploy.yaml",
namespace = _NAMESPACE,
) for name in _deployments]
k8s_objects(
@@ -51,6 +72,7 @@ k8s_objects(
[k8s_secret(
name = name + ".secret",
template = name + ".secret.yaml",
namespace = _NAMESPACE,
) for name in _secrets]
k8s_objects(
@@ -61,4 +83,5 @@ k8s_objects(
[k8s_service(
name = name + ".service",
template = name + ".service.yaml",
namespace = _NAMESPACE,
) for name in _services]

57
k8s/geth/bootnode.deploy.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: geth-bootnode
name: geth-bootnode-v4
namespace: pow
spec:
replicas: 1
template:
metadata:
labels:
component: bootnode
component: bootnode-v4
universe: geth
spec:
priorityClassName: production-priority
@@ -44,4 +45,54 @@ spec:
volumes:
- name: secrets
secret:
secretName: geth-bootnode-secret
secretName: geth-bootnode-secret
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: geth-bootnode-v5
namespace: pow
spec:
replicas: 1
template:
metadata:
labels:
component: bootnode-v5
universe: geth
spec:
priorityClassName: production-priority
containers:
- name: bootnode
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8545
name: rpc
- containerPort: 30303
name: discovery-tcp
protocol: TCP
- containerPort: 30303
name: discovery-udp
protocol: UDP
- containerPort: 30301
name: bootnode-udp
protocol: UDP
command: ["bootnode"]
args:
- "--nodekey=/data/private_key"
- "--verbosity=4"
- "--v5"
volumeMounts:
- name: secrets
mountPath: "/data/"
readOnly: true
resources:
requests:
memory: "25Mi"
cpu: "25m"
limits:
memory: "100Mi"
cpu: "150m"
volumes:
- name: secrets
secret:
secretName: geth-bootnode-secret

3
k8s/geth/bootnode.secret.yaml
View File

@@ -2,7 +2,8 @@ apiVersion: v1
kind: Secret
metadata:
name: geth-bootnode-secret
namespace: pow
data:
public_key: MDZmMmI0OGFhODY1OTQ2OTdiZjZjMmI0NjRhMjFhMmYwMWVhNzYyM2MxNGQxOWU5MTE3OGMzZTRkNDNhZDg2M2FjMzdjZmQwODA0OWY3OWIxOTgxN2VmNGZlZjk5NDUxNTYzNjM3N2M1ZjhjN2UyY2MwYWJlY2VmZjkyZTc0MWY=
private_key: OGUxMDg1YmQwZThmOGI2MTY0OWRjMWNlYjA2Y2Q1ZTQyNTllY2YwOWRmYTFmZWRlNGNmNDVhMmZiZDE0ODVmNg==
type: Opaque
type: Opaque

36
k8s/geth/bootnode.service.yaml
View File

@@ -1,10 +1,11 @@
kind: Service
apiVersion: v1
metadata:
name: geth-bootnode
name: geth-bootnode-v4
namespace: pow
spec:
selector:
component: bootnode
component: bootnode-v4
universe: geth
ports:
- port: 8545
@@ -22,4 +23,33 @@ spec:
- port: 30301
targetPort: 30301
name: bootnode-udp
protocol: UDP
protocol: UDP
type: ClusterIP
---
kind: Service
apiVersion: v1
metadata:
name: geth-bootnode-v5
namespace: pow
spec:
selector:
component: bootnode-v5
universe: geth
ports:
- port: 8545
targetPort: 8545
name: rpc
protocol: TCP
- port: 30303
targetPort: 30303
name: discovery-tcp
protocol: TCP
- port: 30303
targetPort: 30303
name: discovery-udp
protocol: UDP
- port: 30301
targetPort: 30301
name: bootnode-udp
protocol: UDP
type: ClusterIP

1
k8s/geth/ethstats.deploy.yaml
View File

@@ -2,6 +2,7 @@ kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: geth-ethstats
namespace: pow
spec:
replicas: 1
selector:

1
k8s/geth/ethstats.secret.yaml
View File

@@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: ethstats-secrets
namespace: pow
type: Opaque
data:
# Secret for websocket connections

3
k8s/geth/ethstats.service.yaml
View File

@@ -2,6 +2,7 @@ kind: Service
apiVersion: v1
metadata:
name: geth-ethstats
namespace: pow
spec:
selector:
component: ethstats
@@ -9,4 +10,4 @@ spec:
ports:
- port: 3000
targetPort: 3000
type: LoadBalancer
type: ClusterIP

99
k8s/geth/faucet.deploy.yaml Normal file
View File

@@ -0,0 +1,99 @@
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: faucet
namespace: pow
labels:
component: faucet
spec:
replicas: 1
selector:
matchLabels:
universe: geth
component: faucet
template:
metadata:
labels:
universe: geth
component: faucet
spec:
priorityClassName: batch-priority
containers:
- name: faucet
image: ethereum/client-go:alltools-stable
ports:
- containerPort: 8080
name: api
- containerPort: 30303
name: discovery-tcp
protocol: TCP
- containerPort: 30303
name: discovery-udp
protocol: UDP
# Use /bin/sh -c to execute geth so that we have access to HOSTNAME in
# the command arguments.
# https://github.com/kubernetes/kubernetes/issues/57726
command:
- "/bin/sh"
- "-c"
- >
touch /tmp/pwd;
faucet
-account.json=/data/accounts/account.json
-account.pass=/tmp/pwd
-apiport=8080
-bootnodes=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
-ethport=30303
-ethstats=$HOSTNAME:$(ETHSTATS_WS_SECRET)@$(GETH_ETHSTATS_SERVICE_HOST):$(GETH_ETHSTATS_SERVICE_PORT)
-faucet.amount=35
-faucet.minutes=1440
-faucet.name=validator-faucet
-faucet.tiers=3
-genesis=/data/genesis.json
-loglevel=3
-network=1337
-noauth
env:
- name: ETHSTATS_WS_SECRET
valueFrom:
secretKeyRef:
name: ethstats-secrets
key: ws
- name: BOOTNODE_PUBKEY
valueFrom:
secretKeyRef:
name: geth-bootnode-secret
key: public_key
volumeMounts:
- name: genesis
mountPath: "/data"
readOnly: true
- name: accounts
mountPath: "/data/accounts"
readOnly: true
- name: faucet-data
mountPath: "/root/.faucet/keys"
resources:
requests:
memory: "500Mi"
cpu: "50m"
limits:
memory: "750Mi"
cpu: "100m"
volumes:
- name: genesis
secret:
secretName: geth-genesis
items:
- key: json
path: genesis.json
- name: accounts
secret:
secretName: geth-faucet-accounts-secret
items:
- key: json
path: account.json
- key: password
path: password
- name: faucet-data
emptyDir: {}

10
k8s/geth/faucet.secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: geth-faucet-accounts-secret
namespace: pow
data:
json: eyJhZGRyZXNzIjoiODg4MjA0MmI4ZTkzYzg1MzEyZjYyM2YwNThlZjI1MmM4MDI1YTdhZSIsImNyeXB0byI6eyJjaXBoZXIiOiJhZXMtMTI4LWN0ciIsImNpcGhlcnRleHQiOiJjZDYxMDM4N2ExZDU1MDgyMDRhNzExZTNkMGExZTkwMzMzMzE0NTI3MzllNzlkZGQzMmNhZTRmNjZhMzVkODI2IiwiY2lwaGVycGFyYW1zIjp7Iml2IjoiNGFkMzUyOTExMjNjNDEzYzg3YzBhODFjZDBkNjZhN2YifSwia2RmIjoic2NyeXB0Iiwia2RmcGFyYW1zIjp7ImRrbGVuIjozMiwibiI6MjYyMTQ0LCJwIjoxLCJyIjo4LCJzYWx0IjoiMGRiNmFiZDZiNDhmZGYxZjcxM2YzMjkyYjVmMjkwMTY0ZDYzYjQ1NGY0OWIzOTEzYjYyNTE3NGRmNDNmYTQ4NyJ9LCJtYWMiOiJkYWUzODFlZTAwM2JlNWFhZTMxZGVmYzg2YmMyNWMyYzlmNDJiZDlmYzgxNzc1OGU2MDhhMGI1YTFiYmIyMWYwIn0sImlkIjoiYjFmYmNiNTctNjJlYy00YTE4LTllN2YtOGQ4MjE2OTQ4N2M5IiwidmVyc2lvbiI6M30=
password: Cgo=
type: Opaque

13
k8s/geth/faucet.service.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: geth-faucet
namespace: pow
spec:
selector:
component: faucet
universe: geth
ports:
- port: 8080
targetPort: 8080
type: ClusterIP

3
k8s/geth/genesis.secret.yaml
View File

@@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: geth-genesis
namespace: pow
data:
json: eyJjb25maWciOnsiY2hhaW5JZCI6MTMzNywiaG9tZXN0ZWFkQmxvY2siOjAsImVpcDE1NUJsb2NrIjowLCJlaXAxNThCbG9jayI6MH0sImRpZmZpY3VsdHkiOiIweDAiLCJnYXNMaW1pdCI6IjB4MjEwMDAwMCIsImFsbG9jIjp7IjcxN2MzYTZlNGNiZDQ3NmMyMzEyNjEyMTU1ZWIyMzNiZjQ5OGRkNWIiOnsiYmFsYW5jZSI6IjB4MTMzNzAwMDAwMDAwMDAwMDAwMDAwMCJ9fX0K
type: Opaque
type: Opaque

37
k8s/geth/ingress.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: pow
annotations:
nginx.org/websocket-services: "geth-ethstats,geth-faucet"
spec:
rules:
- host: ethstats.prylabs.network
http:
paths:
- path: /
backend:
serviceName: geth-ethstats
servicePort: 3000
- host: powexplorer.prylabs.network
http:
paths:
- path: /
backend:
serviceName: blockscout
servicePort: 4000
- host: powfaucet.prylabs.network
http:
paths:
- path: /
backend:
serviceName: geth-faucet
servicePort: 8080
- host: powchain.prylabs.network
http:
paths:
- paths:
backend:
serviceName: geth-nodes
servicePort: 8545

10
k8s/geth/miners.deploy.yaml
View File

@@ -2,6 +2,7 @@ kind: StatefulSet
apiVersion: apps/v1
metadata:
name: miner
namespace: pow
labels:
universe: geth
component: miner
@@ -42,7 +43,8 @@ spec:
- >
geth
--networkid=1337
--bootnodes=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_SERVICE_HOST):$(GETH_BOOTNODE_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--ethstats=$HOSTNAME:$(ETHSTATS_WS_SECRET)@$(GETH_ETHSTATS_SERVICE_HOST):$(GETH_ETHSTATS_SERVICE_PORT)
--rpc
--rpcaddr=0.0.0.0
@@ -53,7 +55,7 @@ spec:
--verbosity=4
--mine
--minerthreads=1
--etherbase=0x717c3a6e4cbd476c2312612155eb233bf498dd5b
--etherbase=0x8882042b8e93c85312f623f058ef252c8025a7ae
--extradata=$HOSTNAME
--ethash.dagsinmem=1
--ethash.dagsondisk=2
@@ -82,7 +84,7 @@ spec:
memory: "2Gi"
cpu: "500m"
limits:
memory: "2.5Gi"
memory: "4Gi"
cpu: "500m"
initContainers:
- name: genesis
@@ -111,4 +113,4 @@ spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 2Gi
storage: 5Gi

4
k8s/geth/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: pow

6
k8s/geth/nodes.deploy.yaml
View File

@@ -2,6 +2,7 @@ kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: node
namespace: pow
labels:
universe: geth
component: node
@@ -41,11 +42,13 @@ spec:
- >
geth
--networkid=1337
--bootnodes=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_SERVICE_HOST):$(GETH_BOOTNODE_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv4=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V4_SERVICE_HOST):$(GETH_BOOTNODE_V4_SERVICE_PORT_BOOTNODE_UDP)
--bootnodesv5=enode://$(BOOTNODE_PUBKEY)@$(GETH_BOOTNODE_V5_SERVICE_HOST):$(GETH_BOOTNODE_V5_SERVICE_PORT_BOOTNODE_UDP)
--ethstats=$HOSTNAME:$(ETHSTATS_WS_SECRET)@$(GETH_ETHSTATS_SERVICE_HOST):$(GETH_ETHSTATS_SERVICE_PORT)
--rpc
--rpcaddr=0.0.0.0
--rpccorsdomain="*"
--rpcvhosts="*"
--ws
--wsaddr=0.0.0.0
--wsorigins="*"
@@ -53,6 +56,7 @@ spec:
--debug
--verbosity=4
--nousb
--lightserv=50
volumeMounts:
- name: chaindata
mountPath: "/ethereum"

3
k8s/geth/nodes.service.yaml
View File

@@ -2,6 +2,7 @@ kind: Service
apiVersion: v1
metadata:
name: geth-nodes
namespace: pow
spec:
selector:
component: node
@@ -15,4 +16,4 @@ spec:
targetPort: 8546
name: ws
protocol: TCP
type: LoadBalancer
type: ClusterIP

0
k8s/monitoring/BUILD.bazel Normal file
View File

29
k8s/monitoring/ingress.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: monitoring
spec:
rules:
- host: alertmanager.prylabs.network
http:
paths:
- path: /
backend:
serviceName: alertmanager
servicePort: 9093
- host: grafana.prylabs.network
http:
paths:
- path: /
backend:
serviceName: grafana
servicePort: 3000
- host: prometheus.prylabs.network
http:
paths:
- path: /
backend:
serviceName: prometheus
servicePort: 9090

2899
k8s/monitoring/manifests-all.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

66
k8s/nginx/BUILD.bazel Normal file
View File

@@ -0,0 +1,66 @@
package(default_visibility = ["//k8s:__subpackages__"])
load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects")
load("@k8s_cluster_role//:defaults.bzl", "k8s_cluster_role")
load("@k8s_configmap//:defaults.bzl", "k8s_configmap")
load("@k8s_deploy//:defaults.bzl", "k8s_deploy")
load("@k8s_namespace//:defaults.bzl", "k8s_namespace")
load("@k8s_secret//:defaults.bzl", "k8s_secret")
load("@k8s_service//:defaults.bzl", "k8s_service")
load("@k8s_service_account//:defaults.bzl", "k8s_service_account")
k8s_objects(
name = "everything",
objects = [
":namespace", # Must be first
":config",
":default_server_secret",
":deployment",
":rbac",
":service",
":service_account",
],
)
_NAMESPACE = "nginx-ingress"
k8s_secret(
name = "default_server_secret",
template = ":default-server-secret.yaml",
namespace = _NAMESPACE,
)
k8s_deploy(
name = "deployment",
template = ":deployment.yaml",
namespace = _NAMESPACE,
)
k8s_service(
name = "service",
template = ":loadbalancer.yaml",
namespace = _NAMESPACE,
)
k8s_namespace(
name = "namespace",
template = ":namespace.yaml",
)
k8s_configmap(
name = "config",
template = ":nginx-config.yaml",
namespace = _NAMESPACE,
)
k8s_cluster_role(
name = "rbac",
template = ":rbac.yaml",
namespace = _NAMESPACE,
)
k8s_service_account(
name = "service_account",
template = ":service-account.yaml",
namespace = _NAMESPACE,
)

9
k8s/nginx/default-server-secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: default-server-secret
namespace: nginx-ingress
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

58
k8s/nginx/deployment.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
replicas: 3
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9113"
spec:
serviceAccountName: nginx-ingress
priorityClassName: production-priority
containers:
- image: nginx/nginx-ingress:edge
name: nginx-ingress
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: beacon-relay
containerPort: 20000
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
#- -v=3 # Enables extensive logging. Useful for troubleshooting.
- -nginx-status
- -nginx-status-port=8080
- -report-ingress-status
- -external-service=nginx-ingress
- -enable-leader-election
- image: nginx/nginx-prometheus-exporter:0.1.0
name: nginx-prometheus-exporter
ports:
- name: prometheus
containerPort: 9113
args:
- -web.listen-address
- :9113
- nginx.scrape-uri
- http://127.0.0.1:8080/stub_status

28
k8s/nginx/loadbalancer.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
externalTrafficPolicy: Local
type: LoadBalancer
loadBalancerIP: 35.221.47.224
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
- port: 20000
targetPort: 20000
protocol: TCP
name: beacon-relay
- port: 20001
targetPort: 20001
protocol: TCP
name: beacon-bootnode
selector:
app: nginx-ingress

4
k8s/nginx/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: nginx-ingress

24
k8s/nginx/nginx-config.yaml Normal file
View File

@@ -0,0 +1,24 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: nginx-ingress
data:
stream-snippets: |
upstream beacon-chain-relay-tcp {
server relay.beacon-chain.svc.cluster.local:4000;
}
server {
listen 20000;
proxy_pass beacon-chain-relay-tcp;
}
upstream beacon-chain-bootnode-tcp {
server bootnode.beacon-chain.svc.cluster.local:4000;
}
server {
listen 20001;
proxy_pass beacon-chain-bootnode-tcp;
}

72
k8s/nginx/rbac.yaml Normal file
View File

@@ -0,0 +1,72 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
subjects:
- kind: ServiceAccount
name: nginx-ingress
namespace: nginx-ingress
roleRef:
kind: ClusterRole
name: nginx-ingress
apiGroup: rbac.authorization.k8s.io

5
k8s/nginx/service-account.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress
namespace: nginx-ingress

1
k8s/tools/BUILD.bazel
View File

@@ -5,4 +5,5 @@ load("@k8s_pod//:defaults.bzl", "k8s_pod")
k8s_pod(
name = "busybox.pod",
template = "busybox.yaml",
namespace = "default",
)