forked from aptos-labs/aptos-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[helm] add validator deployment helm chart
Closes: aptos-labs#9973
- Loading branch information
1 parent
15d61d0
commit 6445d39
Showing
91 changed files
with
72,019 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| *~ | ||
| *.swp | ||
| values/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| apiVersion: v2 | ||
| name: diem-validator | ||
| version: 1.5.0-rc.1 | ||
| appVersion: 1.5.0-rc.1 | ||
| description: Diem blockchain validator | ||
| home: https://diem.com/ | ||
| sources: | ||
| - https://github.com/diem/diem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # Severeties: info, warning, [error, critical] | ||
| # Last 2 items are high urgency | ||
|
|
||
| global: | ||
|
|
||
| #templates: | ||
| #- '/etc/alertmanager/template/*.tmpl' | ||
|
|
||
| route: | ||
| group_by: [...] # TBD | ||
|
|
||
| # When a new group of alerts is created by an incoming alert, wait at | ||
| # least 'group_wait' to send the initial notification. | ||
| # This way ensures that you get multiple alerts for the same group that start | ||
| # firing shortly after another are batched together on the first | ||
| # notification. | ||
| group_wait: 30s | ||
|
|
||
| # When the first notification was sent, wait 'group_interval' to send a batch | ||
| # of new alerts that started firing for that group. | ||
| group_interval: 5m | ||
|
|
||
| # If an alert has successfully been sent, wait 'repeat_interval' to | ||
| # resend them. | ||
| repeat_interval: 10m | ||
|
|
||
| # A default receiver | ||
| receiver: 'default' | ||
|
|
||
| # The child route trees. | ||
| # https://prometheus.io/docs/alerting/latest/configuration/#route | ||
| routes: {{ .Values.monitoring.alertmanager.alertRouteTrees | toJson }} | ||
|
|
||
| # A list of notification receivers | ||
| # https://prometheus.io/docs/alerting/latest/configuration/#receiver | ||
| receivers: {{ .Values.monitoring.alertmanager.alertReceivers | toJson }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- # close stdout | ||
| gzip -c | azcopy cp --from-to PipeBlob "https://$ACCOUNT.blob.core.windows.net/$CONTAINER/$SUB_DIR/$FILE_HANDLE$SAS" > /dev/null | ||
| ''' | ||
| open_for_read = 'azcopy cp --from-to BlobPipe "https://$ACCOUNT.blob.core.windows.net/$CONTAINER/$SUB_DIR/$FILE_HANDLE$SAS" < /dev/null | gzip -cd' | ||
| save_metadata_line= 'gzip -c | azcopy cp --from-to PipeBlob "https://$ACCOUNT.blob.core.windows.net/$CONTAINER/$SUB_DIR/metadata/$FILE_NAME$SAS"' | ||
| list_metadata_files = ''' | ||
| (azcopy ls "https://$ACCOUNT.blob.core.windows.net/$CONTAINER/$SUB_DIR/metadata/$SAS" ||:) \ | ||
| | sed -ne "s#; .*##;s#INFO: \(.*\.meta\)#metadata/\1#p" | ||
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- # close stdout | ||
| gzip -c | gsutil -q cp - "gs://$BUCKET/$SUB_DIR/$FILE_HANDLE" > /dev/null | ||
| ''' | ||
| open_for_read = 'gsutil -q cp "gs://$BUCKET/$SUB_DIR/$FILE_HANDLE" - | gzip -cd' | ||
| save_metadata_line= 'gzip -c | gsutil -q cp - "gs://$BUCKET/$SUB_DIR/metadata/$FILE_NAME"' | ||
| list_metadata_files = ''' | ||
| (gsutil -q ls gs://$BUCKET/$SUB_DIR/metadata/ ||:) \ | ||
| | sed -ne "s#gs://.*/metadata/#metadata/#p" | ||
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- # close stdout | ||
| gzip -c | curl -s -X PUT --data-binary "@-" "$ENDPOINT$ACCESS_URI/$SUB_DIR/$FILE_HANDLE" | ||
| ''' | ||
| open_for_read = 'curl -s "$ENDPOINT$ACCESS_URI/$SUB_DIR/$FILE_HANDLE" | gzip -cd' | ||
| save_metadata_line = 'gzip -c | curl -s -X PUT --data-binary "@-" "$ENDPOINT$ACCESS_URI/$SUB_DIR/metadata/$FILE_NAME"' | ||
| list_metadata_files = ''' | ||
| curl -s "$ENDPOINT$ACCESS_URI?prefix=/$SUB_DIR/metadata/" \ | ||
| | python -c 'import json, sys; print("\n".join("/".join(o["name"].split("/")[2:]) for o in json.loads(sys.stdin.read()).get("objects", [])), end="")' | ||
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- | ||
| gzip -c | aws s3 cp - "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" | ||
| ''' | ||
| open_for_read = 'aws s3 cp "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" - --no-sign-request | gzip -cd' | ||
| save_metadata_line= 'gzip -c | aws s3 cp - "s3://$BUCKET/$SUB_DIR/metadata/$FILE_NAME" --no-sign-request' | ||
| list_metadata_files = '(aws s3 ls s3://$BUCKET/$SUB_DIR/metadata/ --no-sign-request ||:) | sed -ne "s#.* \(.*\)#metadata/\1#p"' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- | ||
| gzip -c | aws s3 cp - "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" | ||
| ''' | ||
| open_for_read = 'aws s3 cp "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" - | gzip -cd' | ||
| save_metadata_line= 'gzip -c | aws s3 cp - "s3://$BUCKET/$SUB_DIR/metadata/$FILE_NAME"' | ||
| list_metadata_files = '(aws s3 ls s3://$BUCKET/$SUB_DIR/metadata/ ||:) | sed -ne "s#.* \(.*\)#metadata/\1#p"' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| env_vars = [] | ||
|
|
||
| [commands] | ||
| create_backup = 'echo "$BACKUP_NAME"' | ||
| create_for_write = ''' | ||
| FILE_HANDLE="$BACKUP_HANDLE/$FILE_NAME" | ||
| echo "$FILE_HANDLE" | ||
| exec 1>&- | ||
| gzip -c | aws --endpoint-url="$ENDPOINT_URL" s3 cp - "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" | ||
| ''' | ||
| open_for_read = 'aws --endpoint-url="$ENDPOINT_URL" s3 cp "s3://$BUCKET/$SUB_DIR/$FILE_HANDLE" - | gzip -cd' | ||
| save_metadata_line= 'gzip -c | aws --endpoint-url="$ENDPOINT_URL" s3 cp - "s3://$BUCKET/$SUB_DIR/metadata/$FILE_NAME"' | ||
| list_metadata_files = '(aws --endpoint-url="$ENDPOINT_URL" s3 ls s3://$BUCKET/$SUB_DIR/metadata/ ||:) | sed -ne "s#.* \(.*\)#metadata/\1#p"' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| base: | ||
| role: "full_node" | ||
| waypoint: | ||
| from_storage: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
|
|
||
| execution: | ||
| {{- if eq .Values.validator.config.provide_genesis true }} | ||
| genesis_file_location: "../genesis/genesis.blob" | ||
| {{- else }} | ||
| genesis_file_location: "" | ||
| {{- end}} | ||
|
|
||
|
|
||
| storage: | ||
| backup_service_address: "0.0.0.0:6186" | ||
|
|
||
| full_node_networks: | ||
| - network_id: | ||
| private: "vfn" | ||
| listen_address: "/ip4/0.0.0.0/tcp/6181" | ||
| seeds: | ||
| d58bc7bb154b38039bc9096ce04e1237: | ||
| addresses: | ||
| - "/dns4/{{ include "diem-validator.fullname" . }}-validator/tcp/6181/ln-noise-ik/f0274c2774519281a8332d0bb9d8101bd58bc7bb154b38039bc9096ce04e1237/ln-handshake/0" | ||
| role: "Validator" | ||
|
|
||
| - network_id: "public" | ||
| discovery_method: "onchain" | ||
| listen_address: "/ip4/0.0.0.0/tcp/6182" | ||
| {{- if .Values.haproxy.config.send_proxy_protocol }} | ||
| enable_proxy_protocol: true | ||
| {{- end }} | ||
| max_inbound_connections: {{ .Values.fullnode.config.max_inbound_connections }} | ||
| inbound_rate_limit_config: | ||
| ip_byte_bucket_rate: 1048576 | ||
| ip_byte_bucket_size: 1048576 | ||
| initial_bucket_fill_percentage: 25 | ||
| enabled: true | ||
| outbound_rate_limit_config: | ||
| ip_byte_bucket_rate: 1048576 | ||
| ip_byte_bucket_size: 1048576 | ||
| initial_bucket_fill_percentage: 25 | ||
| enabled: true | ||
| identity: | ||
| type: "from_storage" | ||
| key_name: "fullnode_network" | ||
| peer_id_name: "owner_account" | ||
| backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
| seeds: | ||
| {{- .Values.fullnode.config.seeds | default dict | toYaml | nindent 6 }} | ||
|
|
||
| json_rpc: | ||
| address: "0.0.0.0:8080" | ||
|
|
||
| api: | ||
| # REST API will be enabled locally, | ||
| # to expose the endpoint through HAProxy, set the option in helm values. | ||
| enabled: true | ||
| address: "0.0.0.0:8081" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| json_rpc_endpoint: "http://{{ include "diem-validator.fullname" . }}-fullnode:8080" | ||
| chain_id: {{ required "chain.chain_id must be set" .Values.chain.chain_id }} | ||
| sleep_period_secs: 600 | ||
| rotation_period_secs: 172800 | ||
| txn_expiration_secs: 10800 | ||
|
|
||
| secure_backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| service: | ||
| type: "process" | ||
| server_address: "/ip4/0.0.0.0/tcp/6185" | ||
| backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| base: | ||
| waypoint: | ||
| from_storage: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
|
|
||
| consensus: | ||
| safety_rules: | ||
| service: | ||
| type: "process" | ||
| server_address: "/dns4/{{ include "diem-validator.fullname" . }}-safety-rules/tcp/6185" | ||
| sync_only: {{ .Values.validator.config.sync_only | default false}} | ||
| {{- if .Values.validator.config.mempool_poll_count }} | ||
| mempool_poll_count: {{ .Values.validator.config.mempool_poll_count }} | ||
| {{- end }} | ||
| {{- if .Values.validator.config.round_initial_timeout_ms }} | ||
| round_initial_timeout_ms: {{ .Values.validator.config.round_initial_timeout_ms }} | ||
| {{- end }} | ||
|
|
||
| execution: | ||
| {{- if eq .Values.validator.config.provide_genesis true }} | ||
| genesis_file_location: "../genesis/genesis.blob" | ||
| {{- else }} | ||
| genesis_file_location: "" | ||
| {{- end }} | ||
| backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
|
|
||
| validator_network: | ||
| discovery_method: "onchain" | ||
| mutual_authentication: true | ||
| {{- if .Values.haproxy.config.send_proxy_protocol }} | ||
| enable_proxy_protocol: true | ||
| {{- end }} | ||
| identity: | ||
| type: "from_storage" | ||
| key_name: "validator_network" | ||
| peer_id_name: "owner_account" | ||
| backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
| network_address_key_backend: | ||
| type: "vault" | ||
| server: "{{ .Values.vault.server.address }}" | ||
| {{- if .Values.vault.server.ca_cert }} | ||
| ca_certificate: "{{ .Values.vault.server.ca_cert }}" | ||
| {{- end }} | ||
| namespace: "{{ .Values.vault.namespace }}" | ||
| token: | ||
| from_disk: "/opt/vault/token" | ||
|
|
||
| full_node_networks: | ||
| - network_id: | ||
| private: "vfn" | ||
| listen_address: "/ip4/0.0.0.0/tcp/6181" | ||
| identity: | ||
| type: "from_config" | ||
| key: "b0f405a3e75516763c43a2ae1d70423699f34cd68fa9f8c6bb2d67aa87d0af69" | ||
| peer_id: "d58bc7bb154b38039bc9096ce04e1237" | ||
|
|
||
| {{- if .Values.exposeValidatorJsonRpc }} | ||
| json_rpc: | ||
| address: "0.0.0.0:8080" | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Diem Dashboard Templates | ||
|
|
||
| The dashboard templates are loaded as ConfigMap in compressed binary format because of the ConfigMap size limit. | ||
|
|
||
| To update the dashboard template, you should update the content of the `.json` file and then gzip them into the binary file: `gzip -fkn *.json` |
Oops, something went wrong.