diff --git a/dysnix/heimdall/Chart.yaml b/dysnix/heimdall/Chart.yaml new file mode 100644 index 00000000..99ff1650 --- /dev/null +++ b/dysnix/heimdall/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: heimdall +description: Polygon Heimdall consensus layer node Helm chart + +version: 0.0.1 +appVersion: "1.0.1" + +keywords: + - heimdall + - polygon + - matic + - cryptocurrency + - blockchain + - consensus + +sources: + - https://github.com/dysnix/charts + +maintainers: + - name: VladStarr + email: vlad.derigin@dysnix.com diff --git a/dysnix/heimdall/templates/_helpers.tpl b/dysnix/heimdall/templates/_helpers.tpl new file mode 100644 index 00000000..dd8e8387 --- /dev/null +++ b/dysnix/heimdall/templates/_helpers.tpl @@ -0,0 +1,152 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "heimdall.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "heimdall.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "heimdall.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "heimdall.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "heimdall.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "heimdall.labels" -}} +helm.sh/chart: {{ include "heimdall.chart" . }} +app.kubernetes.io/name: {{ include "heimdall.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "heimdall.selectorLabels" -}} +app.kubernetes.io/name: {{ include "heimdall.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 0 }} +{{- end }} +{{- end }} + +{{/* +Convert Golang slice to Toml array +*/}} +{{- define "toml.list" -}} +{{- print "[" }} +{{- range $idx, $element := . }} + {{- if $idx }}, {{ end }} + {{- $element | quote }} +{{- end -}} +{{ print "]" -}} +{{- end }} + +{{/* +Render Toml properties +*/}} +{{- define "toml.properties" -}} +{{- $root := index . 0 }} +{{- $context := index . 1 }} +{{- range $k, $v := $root }} + {{- if not (kindIs "map" $v) }} + {{- if kindIs "string" $v }} + {{- if contains "{{" $v }} {{- /* render templated values */}} + {{- $v = tpl $v $context }} + {{- if not (or (regexMatch "^[0-9]+$" $v) (regexMatch "^(true|false)$" $v)) }} + {{- $v = quote $v }} + {{- end }} + {{- else }} + {{- $v = quote $v }} + {{- end }} + {{- else if or (kindIs "int" $v) (kindIs "float64" $v) }} + {{- $v = int $v }} + {{- else if kindIs "slice" $v }} + {{- $v = include "toml.list" $v }} + {{- end }} + {{- if contains "." $k }} + {{- $k = quote $k }} + {{- end }} +{{ $k }} = {{ $v }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Render full Toml config including tables +*/}} +{{- define "toml.config" -}} +{{- $context := index . 0 }} +{{- $root := index . 1 }} +{{- include "toml.properties" (list $root $context) }} {{- /* top-level table */}} +{{- range $k, $v := $root }} + {{- if kindIs "map" $v }} + {{- if contains "." $k }} + {{- $k = quote $k }} + {{- end }} + +[{{ $k }}] + {{- include "toml.properties" (list $v $context) }} {{- /* 1st-level table */}} + {{- range $i, $j := $v }} + {{- if kindIs "map" $j }} + {{- if contains "." $i }} + {{- $i = quote $i }} + {{- end }} + {{- $i = print $k "." $i }} + +[{{ $i }}] + {{- include "toml.properties" (list $j $context) }} {{- /* 2nd-level table */}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "heimdall.healthcheck" -}} +{{- $context := index . 0 }} +{{- $root := index . 1 }} +{{- if and $root.exec (kindIs "string" $root.exec.command) }} +{{- omit $root "enabled" "exec" | toYaml }} +exec: + command: + {{- tpl $root.exec.command $context | nindent 4 }} +{{- else }} +{{- omit $root "enabled" | toYaml }} +{{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/configmap-scripts.yaml b/dysnix/heimdall/templates/configmap-scripts.yaml new file mode 100644 index 00000000..dd8d14c4 --- /dev/null +++ b/dysnix/heimdall/templates/configmap-scripts.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "heimdall.fullname" . }}-scripts + labels: + {{- include "heimdall.labels" . | nindent 4 }} +data: + init-genesis.sh: |- + {{- include (print $.Template.BasePath "/scripts/_init-genesis.tpl") . | nindent 4 }} + download-snapshot.sh: |- + {{- include (print $.Template.BasePath "/scripts/_download-snapshot.tpl") . | nindent 4 }} diff --git a/dysnix/heimdall/templates/configmap.yaml b/dysnix/heimdall/templates/configmap.yaml new file mode 100644 index 00000000..0995b1ac --- /dev/null +++ b/dysnix/heimdall/templates/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "heimdall.fullname" . }}-config + labels: + {{- include "heimdall.labels" . | nindent 4 }} +data: + config.toml: |- + {{- include "toml.config" (list $ .Values.tendermintConfig) | indent 4 }} + heimdall-config.toml: |- + {{- include "toml.config" (list $ .Values.heimdallConfig) | indent 4 }} + app.toml: |- + {{- include "toml.config" (list $ .Values.appConfig) | indent 4 }} diff --git a/dysnix/heimdall/templates/ingress-rest.yaml b/dysnix/heimdall/templates/ingress-rest.yaml new file mode 100644 index 00000000..95516315 --- /dev/null +++ b/dysnix/heimdall/templates/ingress-rest.yaml @@ -0,0 +1,61 @@ +{{- if and .Values.services.rest.enabled .Values.ingress.rest.enabled -}} +{{- $fullName := include "heimdall.fullname" . -}} +{{- $svcPort := .Values.services.rest.port -}} +{{- if and .Values.ingress.rest.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.rest.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.rest.annotations "kubernetes.io/ingress.class" .Values.ingress.rest.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-rest + labels: + {{- include "heimdall.labels" . | nindent 4 }} + {{- with .Values.ingress.rest.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.rest.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.rest.className }} + {{- end }} + {{- if .Values.ingress.rest.tls }} + tls: + {{- range .Values.ingress.rest.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.rest.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rest + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rest + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/ingress-rpc.yaml b/dysnix/heimdall/templates/ingress-rpc.yaml new file mode 100644 index 00000000..3b65e1db --- /dev/null +++ b/dysnix/heimdall/templates/ingress-rpc.yaml @@ -0,0 +1,61 @@ +{{- if and .Values.services.rpc.enabled .Values.ingress.rpc.enabled -}} +{{- $fullName := include "heimdall.fullname" . -}} +{{- $svcPort := .Values.services.rpc.port -}} +{{- if and .Values.ingress.rpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.rpc.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.rpc.annotations "kubernetes.io/ingress.class" .Values.ingress.rpc.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-rpc + labels: + {{- include "heimdall.labels" . | nindent 4 }} + {{- with .Values.ingress.rpc.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.rpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.rpc.className }} + {{- end }} + {{- if .Values.ingress.rpc.tls }} + tls: + {{- range .Values.ingress.rpc.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.rpc.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-rpc + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }}-rpc + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/scripts/_download-snapshot.tpl b/dysnix/heimdall/templates/scripts/_download-snapshot.tpl new file mode 100644 index 00000000..e9c408cf --- /dev/null +++ b/dysnix/heimdall/templates/scripts/_download-snapshot.tpl @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +if [ ! -f /data/.downloaded ]; then + apt-get -y update && apt-get -y install wget + wget -qO download.sh https://snapshot-download.polygon.technology/snapdown.sh + sed -i 's/sudo//g' download.sh + chmod +x download.sh + + ./download.sh --network {{ .Values.network }} --client heimdall --extract-dir /data/data --validate-checksum true + touch /data/.downloaded +else + echo "Initial snapshot already downloaded, skipping." +fi diff --git a/dysnix/heimdall/templates/scripts/_init-genesis.tpl b/dysnix/heimdall/templates/scripts/_init-genesis.tpl new file mode 100644 index 00000000..c672e1ca --- /dev/null +++ b/dysnix/heimdall/templates/scripts/_init-genesis.tpl @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +if [ ! -f /data/.initialized ]; then + /usr/bin/heimdalld init --home /data + wget -O /data/config/genesis.json {{ .Values.init.genesis.url }} + touch /data/.initialized +else + echo "Heimdall is already initialized, skipping init." +fi diff --git a/dysnix/heimdall/templates/service-metrics.yaml b/dysnix/heimdall/templates/service-metrics.yaml new file mode 100644 index 00000000..7b72d3f2 --- /dev/null +++ b/dysnix/heimdall/templates/service-metrics.yaml @@ -0,0 +1,41 @@ +{{- with .Values.services.metrics }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "heimdall.fullname" $ }}-metrics + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: metrics + {{- include "heimdall.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: metrics + port: {{ .port }} + targetPort: metrics + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "heimdall.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/service-p2p.yaml b/dysnix/heimdall/templates/service-p2p.yaml new file mode 100644 index 00000000..9341f3be --- /dev/null +++ b/dysnix/heimdall/templates/service-p2p.yaml @@ -0,0 +1,41 @@ +{{- with .Values.services.p2p }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "heimdall.fullname" $ }}-p2p + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: p2p + {{- include "heimdall.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: p2p + port: {{ .port }} + targetPort: p2p + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "heimdall.selectorLabels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/service-rest.yaml b/dysnix/heimdall/templates/service-rest.yaml new file mode 100644 index 00000000..e37856eb --- /dev/null +++ b/dysnix/heimdall/templates/service-rest.yaml @@ -0,0 +1,44 @@ +{{- with .Values.services.rest }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "heimdall.fullname" $ }}-rest + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: rest + {{- include "heimdall.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: rest + port: {{ .port }} + targetPort: rest + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "heimdall.selectorLabels" $ | nindent 4 }} + {{- with $.Values.podStatusLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/service-rpc.yaml b/dysnix/heimdall/templates/service-rpc.yaml new file mode 100644 index 00000000..3c440773 --- /dev/null +++ b/dysnix/heimdall/templates/service-rpc.yaml @@ -0,0 +1,44 @@ +{{- with .Values.services.rpc }} +{{- if .enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "heimdall.fullname" $ }}-rpc + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + service-type: rpc + {{- include "heimdall.labels" $ | nindent 4 }} +spec: + type: {{ .type }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .publishNotReadyAddresses }} + publishNotReadyAddresses: {{ . }} + {{- end }} + ports: + - name: rpc + port: {{ .port }} + targetPort: rpc + {{- with .nodePort }} + nodePort: {{ . }} + {{- end }} + selector: + {{- include "heimdall.selectorLabels" $ | nindent 4 }} + {{- with $.Values.podStatusLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/dysnix/heimdall/templates/serviceaccount.yaml b/dysnix/heimdall/templates/serviceaccount.yaml new file mode 100644 index 00000000..f7ab5feb --- /dev/null +++ b/dysnix/heimdall/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "heimdall.serviceAccountName" . }} + labels: + {{- include "heimdall.labels" . | nindent 4 }} +{{- end }} diff --git a/dysnix/heimdall/templates/servicemonitor.yaml b/dysnix/heimdall/templates/servicemonitor.yaml new file mode 100644 index 00000000..5f7576d5 --- /dev/null +++ b/dysnix/heimdall/templates/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.services.metrics.enabled .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "heimdall.fullname" . }} + labels: + {{- include "heimdall.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + service-type: metrics + {{- include "heimdall.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + path: /metrics + {{- with (omit .Values.serviceMonitor "enabled") }} + {{- toYaml . | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/dysnix/heimdall/templates/statefulset.yaml b/dysnix/heimdall/templates/statefulset.yaml new file mode 100644 index 00000000..c384d4f7 --- /dev/null +++ b/dysnix/heimdall/templates/statefulset.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "heimdall.fullname" . }} + labels: + {{- include "heimdall.labels" . | nindent 4 }} +spec: + serviceName: {{ template "heimdall.name" . }} + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + selector: + matchLabels: + {{- include "heimdall.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }} + labels: + {{- include "heimdall.selectorLabels" . | nindent 8 }} + {{- with .Values.podStatusLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "heimdall.serviceAccountName" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- if .Values.init.genesis.enabled }} + - name: init-genesis + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + command: ["sh", "/scripts/init-genesis.sh"] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: data + mountPath: /data + {{- end }} + {{- with .Values.init.downloadSnapshot }} + {{- if .enabled }} + - name: download-snapshot + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.pullPolicy | quote }} + command: ["sh", "/scripts/download-snapshot.sh"] + volumeMounts: + - name: scripts + mountPath: /scripts + - name: data + mountPath: /data + {{- end }} + {{- end }} + {{- with .Values.extraInitContainers }} + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + containers: + {{- with .Values.sidecarContainers }} + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + - name: {{ template "heimdall.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.command }} + command: + {{- toYaml . | nindent 10 }} + {{- end }} + args: + - start + - --home + - /data + - --rest-server + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + {{- range $k, $v := .Values.containerPorts }} + {{- if $v.enabled }} + - name: {{ $k }} + containerPort: {{ $v.port }} + {{- with $v.protocol }} + protocol: {{ . }} + {{- end }} + {{- with $v.hostPort }} + hostPort: {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + {{- include "heimdall.healthcheck" (list $ .Values.livenessProbe) | nindent 10 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + {{- include "heimdall.healthcheck" (list $ .Values.readinessProbe) | nindent 10 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /data/config/config.toml + subPath: config.toml + - name: config + mountPath: /data/config/heimdall-config.toml + subPath: heimdall-config.toml + - name: config + mountPath: /data/config/app.toml + subPath: app.toml + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.sidecarContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "heimdall.fullname" . }}-config + - name: scripts + configMap: + name: {{ include "heimdall.fullname" . }}-scripts + {{- if eq .Values.persistence.type "hostPath" }} + - name: data + hostPath: + path: {{ .Values.persistence.hostPath.path }} + type: {{ .Values.persistence.hostPath.type }} + {{- end }} + {{- if eq .Values.persistence.type "pvc" }} + volumeClaimTemplates: + - metadata: + name: data + labels: + {{- include "heimdall.selectorLabels" . | nindent 8 }} + {{- with .Values.persistence.pvc.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.pvc.accessMode }} + {{- if .Values.persistence.pvc.storageClass }} + {{- if eq .Values.persistence.pvc.storageClass "-" }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.pvc.storageClass | quote }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.pvc.size | quote }} + {{- end }} \ No newline at end of file diff --git a/dysnix/heimdall/values.yaml b/dysnix/heimdall/values.yaml new file mode 100644 index 00000000..b6378401 --- /dev/null +++ b/dysnix/heimdall/values.yaml @@ -0,0 +1,620 @@ +image: + repository: 0xpolygon/heimdall + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +updateStrategy: + type: RollingUpdate + +## Ensure we shut down gracefully +terminationGracePeriodSeconds: 600 + +## Extra pod labels +podLabels: {} + # environment: production + +## This labels mark heimdall node as ready to serve the traffic. +## Used as selector for RPC service together with `.Values.podLabels` and default labels. +podStatusLabels: {} + # manualstatus: in-service + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # runAsGroup: 1000 + +## Override heimdall container command (can be templated) +command: [] + +## Extra container arguments (can be templated) +extraArgs: [] + +## Extra init containers, can be templated +extraInitContainers: [] + # - name: dumpconfig + # image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + # imagePullPolicy: "{{ .Values.image.pullPolicy }}" + # args: ["dumpconfig"] + # volumeMounts: + # - name: config + # mountPath: /config + +## Sidecar containers, can be templated +sidecarContainers: [] + # - name: exporter + # image: ethpandaops/ethereum-metrics-exporter:latest + # imagePullPolicy: Always + # args: + # - --execution-url=http://localhost:{{ .Values.containerPorts.rpc.port }} + # ports: + # - name: exporter + # containerPort: 9090 + +containerPorts: + rpc: + enabled: true + port: 26657 + rest: + enabled: true + port: 1317 + metrics: + enabled: false + port: 9090 + p2p: + enabled: true + port: 30656 + protocol: TCP + # hostPort: 30656 + +## Services config +services: + rpc: + enabled: true + type: ClusterIP + port: 26657 + annotations: {} + rest: + enabled: true + type: ClusterIP + port: 1317 + annotations: {} + p2p: + enabled: true + type: NodePort + loadBalancerIP: "" + port: 30656 + # it's better to set nodePort equal to .Values.containerPorts.p2p.port when the svc type is "NodePort" + nodePort: 30656 + annotations: {} + publishNotReadyAddresses: true + metrics: + enabled: false + type: ClusterIP + port: 9090 + annotations: {} + publishNotReadyAddresses: true + +ingress: + rpc: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: [] + # - host: heimdall.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: heimdall-tls + # hosts: + # - heimdall.local + rest: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: [] + # - host: heimdall-rest.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: heimdall-rest-tls + # hosts: + # - heimdall-rest.local + +persistence: + type: pvc + # type: hostPath + pvc: + size: 700Gi # downloading and extracting snapshot must be >= (2 * snapshot size) + accessMode: ReadWriteOnce + storageClass: "" # set to "-" if you want to manually create persistent volume + annotations: {} + hostPath: + path: /data/heimdall + type: Directory # by default you need to create directory yourself + +affinity: {} + +nodeSelector: {} + +tolerations: [] + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# Create Prometheus Operator serviceMonitor +serviceMonitor: + enabled: false + # interval: 10s + # scrapeTimeout: 2s + # honorLabels: true + # relabelings: [] + # metricRelabelings: [] + +# .livenessProbe.exec.command can be either YAML or a templated string +livenessProbe: + enabled: false + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 15 + httpGet: + port: rpc + path: /status + +# .readinessProbe.exec.command can be either YAML or a templated string +readinessProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + timeoutSeconds: 10 + exec: + command: |- + - sh + - -c + - wget -qO- localhost:{{ .Values.containerPorts.rpc.port }}/status | grep "catching_up" | grep -q false + +####### +### Init options +####### + +init: + genesis: + enabled: true + url: https://raw.githubusercontent.com/maticnetwork/heimdall/master/builder/files/genesis-mainnet-v1.json + downloadSnapshot: + enabled: false + image: + repository: docker.io/debian + tag: stable-slim + pullPolicy: Always + +####### +### Polygon network +####### + +network: mainnet + +####### +### Tendermint config +####### + +tendermintConfig: + + # TCP or UNIX socket address of the ABCI application, + # or the name of an ABCI application compiled in with the Tendermint binary + proxy_app: "tcp://127.0.0.1:26658" + + # A custom human readable name for this node + moniker: '{{ include "heimdall.fullname" . }}' + + # If this node is many blocks behind the tip of the chain, FastSync + # allows them to catchup quickly by downloading blocks in parallel + # and verifying their commits + fast_sync: true + + # Database backend: goleveldb | cleveldb | boltdb + # * goleveldb (github.com/syndtr/goleveldb - most popular implementation) + # - pure go + # - stable + # * cleveldb (uses levigo wrapper) + # - fast + # - requires gcc + # - use cleveldb build tag (go build -tags cleveldb) + # * boltdb (uses etcd's fork of bolt - github.com/etcd-io/bbolt) + # - EXPERIMENTAL + # - may be faster is some use-cases (random reads - indexer) + # - use boltdb build tag (go build -tags boltdb) + db_backend: "goleveldb" + + # Database directory + db_dir: "data" + + # Output level for logging, including package level options + log_level: "main:info,state:info,*:error" + + # Output format: 'plain' (colored text) or 'json' + log_format: "plain" + + ##### additional base config options ##### + + # Path to the JSON file containing the initial validator set and other meta data + genesis_file: "config/genesis.json" + + # Path to the JSON file containing the private key to use as a validator in the consensus protocol + priv_validator_key_file: "config/priv_validator_key.json" + + # Path to the JSON file containing the last sign state of a validator + priv_validator_state_file: "data/priv_validator_state.json" + + # TCP or UNIX socket address for Tendermint to listen on for + # connections from an external PrivValidator process + priv_validator_laddr: "" + + # Path to the JSON file containing the private key to use for node authentication in the p2p protocol + node_key_file: "config/node_key.json" + + # Mechanism to connect to the ABCI application: socket | grpc + abci: "socket" + + # TCP or UNIX socket address for the profiling server to listen on + prof_laddr: "localhost:6060" + + # If true, query the ABCI app on connecting to a new peer + # so the app can decide if we should keep the connection or not + filter_peers: false + + ##### advanced configuration options ##### + + ##### rpc server configuration options ##### + rpc: + # TCP or UNIX socket address for the RPC server to listen on + laddr: "tcp://0.0.0.0:{{ .Values.containerPorts.rpc.port }}" + + # A list of origins a cross-domain request can be executed from + # Default value '[]' disables cors support + # Use '["*"]' to allow any origin + cors_allowed_origins: [] + + # A list of methods the client is allowed to use with cross-domain requests + cors_allowed_methods: ["HEAD", "GET", "POST"] + + # A list of non simple headers the client is allowed to use with cross-domain requests + cors_allowed_headers: ["Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"] + + # TCP or UNIX socket address for the gRPC server to listen on + # NOTE: This server only supports /broadcast_tx_commit + grpc_laddr: "" + + # Maximum number of simultaneous connections. + # Does not include RPC (HTTP&WebSocket) connections. See max_open_connections + # If you want to accept a larger number than the default, make sure + # you increase your OS limits. + # 0 - unlimited. + # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files} + # 1024 - 40 - 10 - 50: 924: ~900 + grpc_max_open_connections: 900 + + # Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool + unsafe: false + + # Maximum number of simultaneous connections (including WebSocket). + # Does not include gRPC connections. See grpc_max_open_connections + # If you want to accept a larger number than the default, make sure + # you increase your OS limits. + # 0 - unlimited. + # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files} + # 1024 - 40 - 10 - 50: 924: ~900 + max_open_connections: 900 + + # Maximum number of unique clientIDs that can /subscribe + # If you're using /broadcast_tx_commit, set to the estimated maximum number + # of broadcast_tx_commit calls per block. + max_subscription_clients: 100 + + # Maximum number of unique queries a given client can /subscribe to + # If you're using GRPC (or Local RPC client) and /broadcast_tx_commit, set to + # the estimated # maximum number of broadcast_tx_commit calls per block. + max_subscriptions_per_client: 5 + + # How long to wait for a tx to be committed during /broadcast_tx_commit. + # WARNING: Using a value larger than 10s will result in increasing the + # global HTTP write timeout, which applies to all connections and endpoints. + # See https://github.com/tendermint/tendermint/issues/3435 + timeout_broadcast_tx_commit: "10s" + + # Maximum size of request body, in bytes + max_body_bytes: 1000000 + + # Maximum size of request header, in bytes + max_header_bytes: 1048576 + + # The path to a file containing certificate that is used to create the HTTPS server. + # Migth be either absolute path or path related to tendermint's config directory. + # If the certificate is signed by a certificate authority, + # the certFile should be the concatenation of the server's certificate, any intermediates, + # and the CA's certificate. + # NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run. + tls_cert_file: "" + + # The path to a file containing matching private key that is used to create the HTTPS server. + # Migth be either absolute path or path related to tendermint's config directory. + # NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run. + tls_key_file: "" + + ##### peer to peer configuration options ##### + p2p: + # Address to listen for incoming connections + laddr: "tcp://0.0.0.0:{{ .Values.containerPorts.p2p.port }}" + + # Address to advertise to peers for them to dial + # If empty, will use the same port as the laddr, + # and will introspect on the listener or use UPnP + # to figure out the address. + external_address: "" + + # Comma separated list of seed nodes to connect to + seeds: "" + + # Comma separated list of nodes to keep persistent connections to + persistent_peers: "" + + # UPNP port forwarding + upnp: false + + # Path to address book + addr_book_file: "config/addrbook.json" + + # Set true for strict address routability rules + # Set false for private or local networks + addr_book_strict: true + + # Maximum number of inbound peers + max_num_inbound_peers: 40 + + # Maximum number of outbound peers to connect to, excluding persistent peers + max_num_outbound_peers: 10 + + # Time to wait before flushing messages out on the connection + flush_throttle_timeout: "100ms" + + # Maximum size of a message packet payload, in bytes + max_packet_msg_payload_size: 1024 + + # Rate at which packets can be sent, in bytes/second + send_rate: 5120000 + + # Rate at which packets can be received, in bytes/second + recv_rate: 5120000 + + # Set true to enable the peer-exchange reactor + pex: true + + # Seed mode, in which node constantly crawls the network and looks for + # peers. If another node asks it for addresses, it responds and disconnects. + # + # Does not work if the peer-exchange reactor is disabled. + seed_mode: false + + # Comma separated list of peer IDs to keep private (will not be gossiped to other peers) + private_peer_ids: "" + + # Toggle to disable guard against peers connecting from the same ip. + allow_duplicate_ip: false + + # Peer connection configuration. + handshake_timeout: "20s" + dial_timeout: "3s" + + ##### mempool configuration options ##### + mempool: + recheck: true + broadcast: true + wal_dir: "" + + # Maximum number of transactions in the mempool + size: 5000 + + # Limit the total size of all txs in the mempool. + # This only accounts for raw transactions (e.g. given 1MB transactions and + # max_txs_bytes=5MB, mempool will only accept 5 transactions). + max_txs_bytes: 1073741824 + + # Size of the cache (used to filter transactions we saw earlier) in transactions + cache_size: 10000 + + # Maximum size of a single transaction. + # NOTE: the max size of a tx transmitted over the network is {max_tx_bytes} + {amino overhead}. + max_tx_bytes: 1048576 + + ##### fast sync configuration options ##### + fastsync: + # Fast Sync version to use: + # 1) "v0" (default) - the legacy fast sync implementation + # 2) "v1" - refactor of v0 version for better testability + version: "v0" + + ##### consensus configuration options ##### + consensus: + wal_file: "data/cs.wal/wal" + + timeout_propose: "3s" + timeout_propose_delta: "500ms" + timeout_prevote: "1s" + timeout_prevote_delta: "500ms" + timeout_precommit: "1s" + timeout_precommit_delta: "500ms" + timeout_commit: "5s" + + # Make progress as soon as we have all the precommits (as if TimeoutCommit: 0) + skip_timeout_commit: false + + # EmptyBlocks mode and possible interval between empty blocks + create_empty_blocks: true + create_empty_blocks_interval: "0s" + + # Reactor sleep duration parameters + peer_gossip_sleep_duration: "100ms" + peer_query_maj23_sleep_duration: "2s" + + ##### transactions indexer configuration options ##### + tx_index: + + # What indexer to use for transactions + # + # Options: + # 1) "null" + # 2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend). + indexer: "kv" + + # Comma-separated list of tags to index (by default the only tag is "tx.hash") + # + # You can also index transactions by height by adding "tx.height" tag here. + # + # It's recommended to index only a subset of tags due to possible memory + # bloat. This is, of course, depends on the indexer's DB and the volume of + # transactions. + index_tags: "" + + # When set to true, tells indexer to index all tags (predefined tags: + # "tx.hash", "tx.height" and all tags from DeliverTx responses). + # + # Note this may be not desirable (see the comment above). IndexTags has a + # precedence over IndexAllTags (i.e. when given both, IndexTags will be + # indexed). + index_all_tags: true + + ##### instrumentation configuration options ##### + instrumentation: + # When true, Prometheus metrics are served under /metrics on + # PrometheusListenAddr. + # Check out the documentation for the list of available metrics. + prometheus: false + + # Address to listen for Prometheus collector(s) connections + prometheus_listen_addr: "0.0.0.0:{{ .Values.containerPorts.metrics.port }}" + + # Maximum number of simultaneous connections. + # If you want to accept a larger number than the default, make sure + # you increase your OS limits. + # 0 - unlimited. + max_open_connections: 3 + + # Instrumentation namespace + namespace: "tendermint" + +####### +### Heimdall config +####### + +heimdallConfig: + + # RPC endpoint for ethereum chain + eth_rpc_url: "http://localhost:9545" + + # RPC endpoint for bor chain + bor_rpc_url: "http://localhost:8545" + + # RPC endpoint for tendermint + tendermint_rpc_url: "http://localhost:{{ .Values.containerPorts.rpc.port }}" + + # Polygon Sub Graph URL for self-heal mechanism (optional) + sub_graph_url: "" + + #### Bridge configs #### + + # Heimdall REST server endpoint, which is used by bridge + heimdall_rest_server: "http://0.0.0.0:{{ .Values.containerPorts.rest.port }}" + + # AMQP endpoint + amqp_url: "amqp://guest:guest@localhost:5672/" + + ## Poll intervals + checkpoint_poll_interval: "5m0s" + syncer_poll_interval: "1m0s" + noack_poll_interval: "16m50s" + clerk_poll_interval: "10s" + span_poll_interval: "1m0s" + milestone_poll_interval: "30s" + enable_self_heal: "false" + sh_state_synced_interval: "15m0s" + sh_stake_update_interval: "3h0m0s" + sh_max_depth_duration: "1h0m0s" + + + #### gas limits #### + main_chain_gas_limit: "5000000" + + #### gas price #### + main_chain_max_gas_price: "400000000000" + + ##### Timeout Config ##### + no_ack_wait_time: "30m0s" + + ##### chain - newSelectionAlgoHeight depends on this ##### + chain: "{{ .Values.network }}" + +####### +### App config +####### + +appConfig: + + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices: "" + + # HaltHeight contains a non-zero block height at which a node will gracefully + # halt and shutdown that can be used to assist upgrades and testing. + # + # Note: State will not be committed on the corresponding height and any logs + # indicating such can be safely ignored. + halt-height: 0 + + # HaltTime contains a non-zero minimum block time (in Unix seconds) at which + # a node will gracefully halt and shutdown that can be used to assist upgrades + # and testing. + # + # Note: State will not be committed on the corresponding height and any logs + # indicating such can be safely ignored. + halt-time: 0