diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e43b0f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..d6a3a25 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: zcash-stack +description: Zcash node (Zebra, Zcashd) with lightwalletd +type: application +version: 0.0.1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..334f02f --- /dev/null +++ b/README.md @@ -0,0 +1,73 @@ +# Zcash Stack Helm Chart + +This chart is a work in progress and has only been tested on Vultr Kubernetes Engine as of writing. + +All of the "zec.rocks" Lightwalletd servers are provisioned using this. + +## Prerequisites + +1. A running Kubernetes cluster (this is currently tested on Vultr Kubernetes Engine) +2. The KUBECONFIG env variable set to your cluster's Kubernetes credentials file +3. Helm installed in your local environment + +## Usage + +1. Traefik is required to auto-provision LetsEncrypt SSL certificates. + +1a. Edit ```install-traefik.sh``` to specify your real email address. + +2b. Install Traefik on your cluster: + +``` +sh ./install-traefik.sh +``` + +2. Edit an example values file from the ```./examples``` folder. Specify the domain name that you intend to host a lightwalletd instance on. View the ```values.yaml``` file to see all of the configuration options possible. + +3. Install the chart on your cluster: (execute from this project's directory, specify your own yaml file if you did not modify an example in-place) + +``` +helm install zcash . -f examples/zebra-mainnet.yaml +``` + +### Upgrading + +We highly recommend installing the "helm-diff" plugin. + +Verify changes before you upgrade: +``` +KUBECONFIG=~/.kube/config-eu1 helm diff upgrade zec-eu1 ~/dev/zcash-stack -f ./values-eu1.yaml +``` + +Then apply the upgrade: +``` +KUBECONFIG=~/.kube/config-eu1 helm upgrade zec-eu1 ~/dev/zcash-stack -f ./values-eu1.yaml +``` + +### Kubernetes Cheat Sheet + +If you're new to Kubernetes, here is a list of commands that you might find useful for operating this chart: + +``` +# See what is running in your cluster's default namespace +kubectl get all + +# Watch logs +kubectl logs -f statefulset/lightwalletd +kubectl logs -f statefulset/zebra +kubectl logs -f statefulset/zcashd + +# Open a shell in a running container +kubectl exec statefulset/zebra -ti -- bash + +# Restart a part of the stack +kubectl rollout restart statefulset/lightwalletd +kubectl rollout restart statefulset/zebra +kubectl rollout restart statefulset/zcashd +``` + +## Works in progress + +- Updated documentation to launch on AWS, GCP, and self-hosted (k3s) +- Support for hosting a block explorer +- Contribute to the P2P network by allowing inbound connections via a Kubernetes Service, only possible on Zcashd at the moment. diff --git a/examples/zcashd-mainnet.yaml b/examples/zcashd-mainnet.yaml new file mode 100644 index 0000000..76dc4c8 --- /dev/null +++ b/examples/zcashd-mainnet.yaml @@ -0,0 +1,21 @@ +ingress: + domains: + - mainnet-example.your.domain + +zcashd: + enabled: true + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + +zebra: + enabled: false + +lightwalletd: + rpcService: zcashd + +# RPC is only accessible from within the cluster, not exposed to the internet +rpc: + credentials: + rpcUser: changeThisPossibly + rpcPassword: toYourLiking123 diff --git a/examples/zcashd-testnet.yaml b/examples/zcashd-testnet.yaml new file mode 100644 index 0000000..fe162bf --- /dev/null +++ b/examples/zcashd-testnet.yaml @@ -0,0 +1,27 @@ +ingress: + domains: + - testnet-example.your.domain + # Respond to all inbound requests regardless of the domain specified in SNI + sniCatchallEnabled: true + +zcashd: + enabled: true + testnet: true + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + +zebra: + enabled: false + +lightwalletd: + rpcService: zcashd + # Optionally enable gRPC logging for troubleshooting. User IPs will not be visible, internal k8s IPs will be shown. + # additionalArgs: + # - --grpc-logging-insecure + +# RPC is only accessible from within the cluster, not exposed to the internet +rpc: + credentials: + rpcUser: changeThisPossibly + rpcPassword: toYourLiking123 diff --git a/examples/zebra-and-zcashd.yaml b/examples/zebra-and-zcashd.yaml new file mode 100644 index 0000000..915678e --- /dev/null +++ b/examples/zebra-and-zcashd.yaml @@ -0,0 +1,42 @@ +ingress: + domains: + - mainnet-example.your.domain + # Respond to all inbound requests regardless of the domain specified in SNI + sniCatchallEnabled: true + +zebra: + enabled: true + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + # image: + # repository: zfnd/zebra + # tag: v1.6.1 + # hash: 639154fe2584633821cc434f96dceab2b9047969478c651ca96ab981ca025007 + +zcashd: + enabled: true + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + # image: + # repository: electriccoinco/zcashd + # tag: v5.9.0 + # hash: 859be28b91592c4765783ccfea947145b3cc08902ee71ae52ef9205eaabe0194 + +lightwalletd: + # Change the rpcService to "zebrad" and run "helm update" in the event that Zebra has a major issue + rpcService: zebra + volumes: + data: + size: 10Gi + # image: + # repository: electriccoinco/lightwalletd + # tag: v0.4.17 + # hash: 906942c30d84a017e76ce72c4d59787aa5208b87a4af1b724e700f8524ab4fd1 + +# RPC is only accessible from within the cluster, not exposed to the internet +rpc: + credentials: + rpcUser: changeThisPossibly + rpcPassword: toYourLiking123 diff --git a/examples/zebra-mainnet.yaml b/examples/zebra-mainnet.yaml new file mode 100644 index 0000000..5172381 --- /dev/null +++ b/examples/zebra-mainnet.yaml @@ -0,0 +1,23 @@ +ingress: + domains: + - mainnet-example.your.domain + # Respond to all inbound requests regardless of the domain specified in SNI + sniCatchallEnabled: true + +zebra: + enabled: true + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + +lightwalletd: + rpcService: zebra + volumes: + data: + size: 10Gi + +# RPC is only accessible from within the cluster, not exposed to the internet +rpc: + credentials: + rpcUser: changeThisPossibly + rpcPassword: toYourLiking123 diff --git a/examples/zebra-testnet.yaml b/examples/zebra-testnet.yaml new file mode 100644 index 0000000..695ee0c --- /dev/null +++ b/examples/zebra-testnet.yaml @@ -0,0 +1,35 @@ +ingress: + domains: + - testnet-example.your.domain + # Respond to all inbound requests regardless of the domain specified in SNI + sniCatchallEnabled: true + +zebra: + enabled: true + testnet: true + volumes: + data: + size: 50Gi + # Optionally enable this to bootstrap the blockchain from a known state faster than a full P2P sync + initSnapshot: + enabled: false + url: https://link.storjshare.io/s/jvbcllf2rpohtqhwiget5pkcvyca/nodedumps/zec/zebra-testnet-2024-04-22.tar?download=1 + +lightwalletd: + rpcService: zebra + volumes: + data: + # Vultr's minimum magnetic storage size is 40Gi, adjust this to 10Gi if you are not using Vultr + size: 40Gi + # Optionally enable gRPC logging for troubleshooting. User IPs will not be visible, internal k8s IPs will be shown. + # additionalArgs: + # - --grpc-logging-insecure + +zcashd: + enabled: false + +# RPC is only accessible from within the cluster, not exposed to the internet +rpc: + credentials: + rpcUser: changeThisPossibly + rpcPassword: toYourLiking123 diff --git a/install-traefik.sh b/install-traefik.sh new file mode 100755 index 0000000..0a08a74 --- /dev/null +++ b/install-traefik.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Note: Vultr's minimum volume size on magnetic storage is 40Gi. +# Adjust below if you are not using Vultr, a very small volume is fine for storing the SSL certs. + +helm upgrade --install traefik traefik/traefik --namespace=traefik --create-namespace -f <(echo ' +certResolvers: + letsencrypt: + email: CHANGE_TO_YOUR_EMAIL@email.domain + tlsChallenge: true + httpChallenge: + entryPoint: "web" + storage: /data/acme.json +persistence: + enabled: true + storageClassName: "standard" + accessMode: "ReadWriteOnce" + size: "40Gi" + path: "/data" +deployment: + initContainers: + - name: volume-permissions + image: busybox:1.36 + command: + ["sh", "-c", "touch /data/acme.json; chown -v 65532 /data/acme.json; chmod -v 600 /data/acme.json"] + securityContext: + runAsNonRoot: false + runAsGroup: 0 + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /data +') diff --git a/templates/lightwalletd-configmap.yaml b/templates/lightwalletd-configmap.yaml new file mode 100644 index 0000000..b32e883 --- /dev/null +++ b/templates/lightwalletd-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.lightwalletd.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.lightwalletd.name }}-config +data: + zcash.conf: | + rpcbind={{ .Values.lightwalletd.rpcService }} + rpcuser={{ .Values.rpc.credentials.rpcUser }} + rpcpassword={{ .Values.rpc.credentials.rpcPassword }} +{{- end }} \ No newline at end of file diff --git a/templates/lightwalletd-service.yaml b/templates/lightwalletd-service.yaml new file mode 100644 index 0000000..c990a8d --- /dev/null +++ b/templates/lightwalletd-service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.lightwalletd.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.lightwalletd.name }} +spec: + type: {{ .Values.lightwalletd.service.type }} + selector: + app: {{ .Values.lightwalletd.name }} + ports: + - protocol: TCP + port: 9067 + targetPort: 9067 +{{- end }} \ No newline at end of file diff --git a/templates/lightwalletd-statefulset.yaml b/templates/lightwalletd-statefulset.yaml new file mode 100644 index 0000000..f169be1 --- /dev/null +++ b/templates/lightwalletd-statefulset.yaml @@ -0,0 +1,107 @@ +{{- if .Values.lightwalletd.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Values.lightwalletd.name }} +spec: + serviceName: {{ .Values.lightwalletd.name }}-service + replicas: {{ .Values.lightwalletd.replicas }} + selector: + matchLabels: + app: {{ .Values.lightwalletd.name }} + template: + metadata: + labels: + app: {{ .Values.lightwalletd.name }} + spec: + initContainers: + - name: init-perms + image: busybox:{{ .Values.global.images.busybox.tag }}@sha256:{{ .Values.global.images.busybox.hash }} + command: ["/bin/sh", "-c"] + args: + - chown 2002 /srv/lightwalletd/db_volume + volumeMounts: + - name: litewalletd-data + mountPath: /srv/lightwalletd/db_volume + {{- if .Values.lightwalletd.initSnapshot.enabled }} + - name: restore-snapshot + image: alpine:{{ .Values.global.images.alpine.tag }}@sha256:{{ .Values.global.images.alpine.hash }} + command: ["/bin/sh", "-c"] + args: + - | + if [ -z "$(ls -A /data | grep -v '^lost+found$')" ]; then + echo "Volume is empty. Downloading and extracting snapshot..."; + wget -qO- "{{ .Values.lightwalletd.initSnapshot.url }}" | tar --strip-components=1 -xf - -C /data + echo "Download and extraction complete."; + else + echo "Volume is not empty. Skipping download and extraction."; + fi + chown -R 2002 /data + volumeMounts: + - name: litewalletd-data + mountPath: /data + {{- end }} + - name: init-rpc + image: busybox:{{ .Values.global.images.busybox.tag }}@sha256:{{ .Values.global.images.busybox.hash }} + command: ['sh', '-c', "until nc -zv {{ .Values.lightwalletd.rpcService }}:8232; do echo waiting for rpc; sleep 2; done"] + containers: + - name: lightwalletd + image: {{ .Values.lightwalletd.image.repository }}:{{ .Values.lightwalletd.image.tag }}@sha256:{{ .Values.lightwalletd.image.hash }} + imagePullPolicy: {{ .Values.lightwalletd.image.pullPolicy }} + command: ["lightwalletd"] + args: + - --grpc-bind-addr + - 0.0.0.0:9067 + # TLS is terminated by Traefik, unencrypted traffic stays within the cluster + - --no-tls-very-insecure + - --zcash-conf-path + - /srv/lightwalletd/conf/zcash.conf + - --data-dir + - /srv/lightwalletd/db_volume + - --log-file + - /dev/stdout + {{- with .Values.lightwalletd.additionalArgs }} + {{- toYaml . | nindent 10 }} + {{- end}} + ports: + - containerPort: 9067 + name: grpc + volumeMounts: + - name: litewalletd-data + mountPath: /srv/lightwalletd/db_volume + - name: litewalletd-conf + mountPath: /srv/lightwalletd/conf + readinessProbe: + tcpSocket: + port: 9067 + # TODO: lightwalletd does not yet support grpc's health check feature + # grpc: + # port: 9067 + # initialDelaySeconds: 10 + resources: + requests: + cpu: {{ .Values.lightwalletd.requests.cpu }} + memory: {{ .Values.lightwalletd.requests.memory }} + {{- if .Values.lightwalletd.limits.memory }} + limits: + memory: {{ .Values.lightwalletd.limits.memory }} + {{- end }} + volumes: + - name: litewalletd-data + persistentVolumeClaim: + claimName: {{ .Values.lightwalletd.volumes.data.claimName | default (printf "%s-data" (.Values.lightwalletd.name)) }} + - name: litewalletd-conf + configMap: + name: {{ .Values.lightwalletd.name }}-config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.lightwalletd.volumes.data.claimName | default (printf "%s-data" (.Values.lightwalletd.name)) }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.lightwalletd.volumes.data.size }} +{{- end }} \ No newline at end of file diff --git a/templates/traefik-ingress-all.yaml b/templates/traefik-ingress-all.yaml new file mode 100644 index 0000000..6320610 --- /dev/null +++ b/templates/traefik-ingress-all.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.sniCatchallEnabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: tcp-ingress-route-all +spec: + entryPoints: + - websecure + routes: + - match: HostSNI(`*`) + services: + - name: {{ .Values.lightwalletd.name }} + port: 9067 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/traefik-ingress.yml b/templates/traefik-ingress.yml new file mode 100644 index 0000000..dbd808b --- /dev/null +++ b/templates/traefik-ingress.yml @@ -0,0 +1,22 @@ +{{- if .Values.ingress.enabled }} +{{ $lightwalletdService := .Values.lightwalletd.name }} +{{- range $index, $domain := .Values.ingress.domains }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: tcp-ingress-route-{{ $domain }} +spec: + entryPoints: + - websecure + routes: + - match: HostSNI(`{{ $domain }}`) + services: + - name: {{ $lightwalletdService }} + port: 9067 + tls: + certResolver: letsencrypt + domains: + - main: {{ $domain }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/zcashd-configmap.yaml b/templates/zcashd-configmap.yaml new file mode 100644 index 0000000..ebcfa2d --- /dev/null +++ b/templates/zcashd-configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.zcashd.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.zcashd.name }}-config +data: + zcashd.conf: | + txindex=1 + lightwalletd=1 + experimentalfeatures=1 + rpcuser={{ .Values.rpc.credentials.rpcUser }} + rpcpassword={{ .Values.rpc.credentials.rpcPassword }} + rpcbind=0.0.0.0 + rpcallowip=0.0.0.0/0 + {{- if .Values.zcashd.testnet }} + testnet=1 + {{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/zcashd-rpc-service.yaml b/templates/zcashd-rpc-service.yaml new file mode 100644 index 0000000..7c513bd --- /dev/null +++ b/templates/zcashd-rpc-service.yaml @@ -0,0 +1,15 @@ +{{- if .Values.zcashd.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.zcashd.name }} +spec: + type: {{ .Values.zcashd.service.type }} + selector: + app: {{ .Values.zcashd.name }} + ports: + - port: 8232 + targetPort: 8232 + protocol: TCP + name: rpc +{{- end }} \ No newline at end of file diff --git a/templates/zcashd-statefulset.yaml b/templates/zcashd-statefulset.yaml new file mode 100644 index 0000000..161d853 --- /dev/null +++ b/templates/zcashd-statefulset.yaml @@ -0,0 +1,100 @@ +{{- if .Values.zcashd.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Values.zcashd.name }} +spec: + serviceName: {{ .Values.zcashd.name }}-service + replicas: {{ .Values.zcashd.replicas }} + selector: + matchLabels: + app: {{ .Values.zcashd.name }} + template: + metadata: + labels: + app: {{ .Values.zcashd.name }} + spec: + initContainers: + {{- if .Values.zcashd.initSnapshot.enabled }} + - name: restore-snapshot + image: alpine:{{ .Values.global.images.alpine.tag }}@sha256:{{ .Values.global.images.alpine.hash }} + command: ["/bin/sh", "-c"] + args: + - | + if [ -z "$(ls -A /data | grep -v '^lost+found$')" ]; then + echo "Volume is empty. Downloading and extracting snapshot..."; + wget -qO- "{{ .Values.zcashd.initSnapshot.url }}" | tar --strip-components=1 -xvf - -C /data + echo "Download and extraction complete."; + else + echo "Volume is not empty. Skipping download and extraction."; + fi + chown -R 2001 /data + volumeMounts: + - name: zcash-data + mountPath: /data + {{- else }} + - name: set-permissions + image: busybox:{{ .Values.global.images.busybox.tag }}@sha256:{{ .Values.global.images.busybox.hash }} + command: ["/bin/sh", "-c"] + args: + - chown -R 2001 /data + volumeMounts: + - name: zcash-data + mountPath: /data + {{- end }} + containers: + - name: zcashd + image: {{ .Values.zcashd.image.repository }}:{{ .Values.zcashd.image.tag }}@sha256:{{ .Values.zcashd.image.hash }} + imagePullPolicy: {{ .Values.zcashd.image.pullPolicy }} + command: ["zcashd"] + args: + - -conf=/srv/zcashd/conf/zcashd.conf + - -printtoconsole + {{- range $index, $value := .Values.zcashd.nodes }} + - -addnode={{ $value }} + {{- end }} + {{- if .Values.zcashd.reindex }} + - -reindex + {{- end }} + {{- with .Values.zcashd.additionalArgs }} + {{- toYaml . | nindent 10 }} + {{- end}} + ports: + - containerPort: 8232 + name: zcashd-rpc + - containerPort: 8233 + name: zcashd-p2p + volumeMounts: + - name: zcash-data + mountPath: /srv/zcashd/.zcash + - name: zcash-config + mountPath: /srv/zcashd/conf + resources: + requests: + cpu: {{ .Values.zcashd.requests.cpu }} + memory: {{ .Values.zcashd.requests.memory }} + {{- if .Values.zcashd.limits }} + limits: + {{- if .Values.zcashd.limits.memory }} + memory: {{ .Values.zcashd.limits.memory }} + {{- end }} + {{- end }} + volumes: + - name: zcash-data + persistentVolumeClaim: + claimName: {{ .Values.zcashd.volumes.data.claimName | default (printf "%s-data" (.Values.zcashd.name)) }} + - name: zcash-config + configMap: + name: {{ .Values.zcashd.name }}-config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.zcashd.volumes.data.claimName | default (printf "%s-data" (.Values.zcashd.name)) }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.zcashd.volumes.data.size }} +{{- end }} \ No newline at end of file diff --git a/templates/zebra-service.yaml b/templates/zebra-service.yaml new file mode 100644 index 0000000..812e346 --- /dev/null +++ b/templates/zebra-service.yaml @@ -0,0 +1,15 @@ +{{- if .Values.zebra.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.zebra.name }} +spec: + type: {{ .Values.zebra.service.type }} + selector: + app: {{ .Values.zebra.name }} + ports: + - port: 8232 + targetPort: 8232 + protocol: TCP + name: rpc +{{- end }} \ No newline at end of file diff --git a/templates/zebra-statefulset.yaml b/templates/zebra-statefulset.yaml new file mode 100644 index 0000000..d159cc4 --- /dev/null +++ b/templates/zebra-statefulset.yaml @@ -0,0 +1,112 @@ +{{- if .Values.zebra.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Values.zebra.name }} +spec: + serviceName: {{ .Values.zebra.name }}-service + replicas: {{ .Values.zebra.replicas }} + selector: + matchLabels: + app: {{ .Values.zebra.name }} + template: + metadata: + labels: + app: {{ .Values.zebra.name }} + spec: + initContainers: + {{- if .Values.zebra.initSnapshot.enabled }} + - name: restore-snapshot + image: alpine:{{ .Values.global.images.alpine.tag }}@sha256:{{ .Values.global.images.alpine.hash }} + command: ["/bin/sh", "-c"] + args: + - | + if [ -z "$(ls -A /data | grep -v '^lost+found$')" ]; then + echo "Volume is empty. Downloading and extracting snapshot..."; + wget -qO- "{{ .Values.zebra.initSnapshot.url }}" | tar --strip-components=1 -xvf - -C /data + echo "Download and extraction complete."; + else + echo "Volume is not empty. Skipping download and extraction."; + fi + chown -R 2001 /data + volumeMounts: + - name: zebra-data + mountPath: /data + {{- else }} + - name: set-permissions + image: busybox:{{ .Values.global.images.busybox.tag }}@sha256:{{ .Values.global.images.busybox.hash }} + command: ["/bin/sh", "-c"] + args: + - chown -R 2001 /data + volumeMounts: + - name: zebra-data + mountPath: /data + {{- end }} + containers: + - name: zebra + image: {{ .Values.zebra.image.repository }}:{{ .Values.zebra.image.tag }}@sha256:{{ .Values.zebra.image.hash }} + imagePullPolicy: {{ .Values.zebra.image.pullPolicy }} + env: + - name: NETWORK + {{- if .Values.zebra.testnet }} + value: "Testnet" + {{- else }} + value: "Mainnet" + {{- end }} + - name: ZEBRA_CONF_PATH + value: "/etc/zebrad/zebrad.toml" + - name: ZEBRA_CACHED_STATE_DIR + value: "/var/cache/zebrad-cache" + - name: RUST_LOG + value: "info" + - name: LOG_COLOR + value: "false" + - name: ZEBRA_LISTEN_ADDR + value: "0.0.0.0" + - name: ZEBRA_CHECKPOINT_SYNC + value: "true" + - name: METRICS_ENDPOINT_ADDR + value: "0.0.0.0" + - name: METRICS_ENDPOINT_PORT + value: "9999" + - name: TRACING_ENDPOINT_ADDR + value: "0.0.0.0" + - name: TRACING_ENDPOINT_PORT + value: "3000" + - name: RPC_LISTEN_ADDR + value: "0.0.0.0" + - name: RPC_PORT + value: "8232" + {{- with .Values.zebra.additionalEnv }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8232 + name: zebra-rpc + - containerPort: 8233 + name: zebra-p2p + volumeMounts: + - name: {{ .Values.zebra.name }}-data + mountPath: /var/cache/zebrad-cache + resources: + requests: + cpu: {{ .Values.zebra.requests.cpu }} + memory: {{ .Values.zebra.requests.memory }} + {{- if .Values.zebra.limits }} + limits: + {{- if .Values.zebra.limits.memory }} + memory: {{ .Values.zebra.limits.memory }} + {{- end }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: {{ .Values.zebra.name }}-data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.zebra.volumes.data.size }} + {{- if .Values.zebra.storageClassName }} + storageClassName: {{ .Values.zebra.storageClassName }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..dc185ba --- /dev/null +++ b/values.yaml @@ -0,0 +1,100 @@ +ingress: + enabled: true + domains: [] + sniCatchallEnabled: false + +zebra: + enabled: false + name: zebra + testnet: false + image: + repository: zfnd/zebra + tag: v1.6.1 + hash: 639154fe2584633821cc434f96dceab2b9047969478c651ca96ab981ca025007 + pullPolicy: IfNotPresent + replicas: 1 + initSnapshot: + enabled: false + url: https://link.storjshare.io/s/jv62jmwhs3n6c7usknlv4ux4lbza/nodedumps/zec/zebra-2024-03-25.tar?download=1 + additionalEnv: {} + volumes: + data: + size: 400Gi + service: + type: ClusterIP + requests: {} + # requests: + # cpu: 2 + # memory: 4Gi + # limits: + # memory: 16Gi + +zcashd: + enabled: false + name: zcashd + testnet: false + image: + repository: electriccoinco/zcashd + tag: v5.9.0 + hash: 859be28b91592c4765783ccfea947145b3cc08902ee71ae52ef9205eaabe0194 + pullPolicy: IfNotPresent + replicas: 1 + initSnapshot: + enabled: false + url: https://link.storjshare.io/s/jx5wylg5q6hyg2myyah5eldbjs7q/nodedumps/zec/zcashd-2024-03-31.tar?download=1 + reindex: false + nodes: + - mainnet.z.cash + additionalArgs: [] + volumes: + data: + size: 400Gi + service: + type: ClusterIP + requests: {} + # requests: + # cpu: 1 + # memory: 1.5Gi + limits: + memory: 6Gi + +rpc: + credentials: + rpcUser: 100ZECS + rpcPassword: h3hqw3eRHcoqwirhOCQWHEr2OC + +lightwalletd: + enabled: true + name: lightwalletd + rpcService: zcashd + image: + repository: electriccoinco/lightwalletd + tag: v0.4.17 + hash: 906942c30d84a017e76ce72c4d59787aa5208b87a4af1b724e700f8524ab4fd1 + pullPolicy: IfNotPresent + replicas: 1 + initSnapshot: + enabled: false + url: https://link.storjshare.io/s/jvfegr7l7gwgcsvdml5lazlnypdq/nodedumps/zec/lwd/2024-03-26.tar?download=1 + additionalArgs: [] + volumes: + data: + size: 40Gi + service: + type: ClusterIP + requests: {} + # requests: + # cpu: 0.5 + # memory: 512Mi + limits: + memory: 3Gi + +global: + # TODO: minimum volume size (Vultr is 40Gi for HDD, 10Gi for SSD), backport this to Thorchain and Maya + images: + busybox: + tag: latest + hash: 4be429a5fbb2e71ae7958bfa558bc637cf3a61baf40a708cb8fff532b39e52d0 + alpine: + tag: latest + hash: c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b