From 6d25f2c7e1f869a9a0a9174eb0c94229b2cc0f93 Mon Sep 17 00:00:00 2001 From: Jordan Oroshiba Date: Thu, 18 Apr 2024 14:29:21 -0700 Subject: [PATCH] feat(charts): hermes chart (#950) ## Summary Adds a hermes relayer chart which can be utilized to connect two IBC compatible chains for relaying. Note: I have not been able to get the local connection working yet but have confirmed against celestia mocha. --- charts/celestia-local/Chart.yaml | 6 +- .../files/scripts/init-celestia-appd.sh | 15 +- .../files/scripts/start-bridge.sh | 2 +- .../files/scripts/start-celestia-appd.sh | 3 +- .../celestia-local/templates/configmap.yaml | 1 + charts/celestia-local/values.yaml | 7 +- charts/hermes/.helmignore | 0 charts/hermes/Chart.yaml | 30 +++ charts/hermes/files/config.toml | 146 +++++++++++++ charts/hermes/templates/_helpers.tpl | 56 +++++ charts/hermes/templates/configmaps.yaml | 32 +++ charts/hermes/templates/deployment.yaml | 73 +++++++ charts/hermes/templates/ingress.yaml | 70 +++++++ .../hermes/templates/secretproviderclass.yaml | 21 ++ charts/hermes/templates/service.yaml | 27 +++ charts/hermes/values.yaml | 195 ++++++++++++++++++ charts/sequencer/Chart.yaml | 2 +- charts/sequencer/values.yaml | 2 +- dev/values/hermes/local.yml | 120 +++++++++++ justfile | 8 + taplo.toml | 1 + 21 files changed, 803 insertions(+), 14 deletions(-) create mode 100644 charts/hermes/.helmignore create mode 100644 charts/hermes/Chart.yaml create mode 100644 charts/hermes/files/config.toml create mode 100644 charts/hermes/templates/_helpers.tpl create mode 100644 charts/hermes/templates/configmaps.yaml create mode 100644 charts/hermes/templates/deployment.yaml create mode 100644 charts/hermes/templates/ingress.yaml create mode 100644 charts/hermes/templates/secretproviderclass.yaml create mode 100644 charts/hermes/templates/service.yaml create mode 100644 charts/hermes/values.yaml create mode 100644 dev/values/hermes/local.yml diff --git a/charts/celestia-local/Chart.yaml b/charts/celestia-local/Chart.yaml index 1098f54b07..52b734b2fe 100644 --- a/charts/celestia-local/Chart.yaml +++ b/charts/celestia-local/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: celestia-local -description: A Helm chart for Kubernetes +description: Helm chart to deploy a local celestia network, for testing purposes # A chart can be either an 'application' or a 'library' chart. # @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.6 +version: 0.3.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.3.0" +appVersion: "1.6.0" maintainers: - name: wafflesvonmaple diff --git a/charts/celestia-local/files/scripts/init-celestia-appd.sh b/charts/celestia-local/files/scripts/init-celestia-appd.sh index 9af211668a..7b9402651f 100755 --- a/charts/celestia-local/files/scripts/init-celestia-appd.sh +++ b/charts/celestia-local/files/scripts/init-celestia-appd.sh @@ -2,7 +2,6 @@ set -o errexit -o nounset -# if app config already exists then we have already ran initialization. if [ -f "$home_dir/config/config.toml" ]; then exit 0 fi @@ -11,10 +10,11 @@ celestia-appd init "$chainid" \ --chain-id "$chainid" \ --home "$home_dir" -celestia-appd keys add \ +echo "$validator_mnemonic" | celestia-appd keys add \ "$validator_key_name" \ + --home "$home_dir" \ --keyring-backend="$keyring_backend" \ - --home "$home_dir" + --recover validator_key=$(celestia-appd keys show "$validator_key_name" -a --keyring-backend="$keyring_backend" --home "$home_dir") celestia-appd add-genesis-account \ @@ -27,6 +27,13 @@ celestia-appd gentx \ "$validator_stake" \ --keyring-backend="$keyring_backend" \ --chain-id "$chainid" \ - --home "$home_dir" \ + --home "$home_dir" celestia-appd collect-gentxs --home "$home_dir" + +# Enable transaction indexing +sed -i'.bak' 's#"null"#"kv"#g' "${home_dir}"/config/config.toml +# Persist ABCI responses +sed -i'.bak' 's#discard_abci_responses = true#discard_abci_responses = false#g' "${home_dir}"/config/config.toml +# Override the VotingPeriod from 1 week to 1 minute +sed -i'.bak' 's#"604800s"#"60s"#g' "${home_dir}"/config/genesis.json diff --git a/charts/celestia-local/files/scripts/start-bridge.sh b/charts/celestia-local/files/scripts/start-bridge.sh index 879cecded9..cac9771ee9 100755 --- a/charts/celestia-local/files/scripts/start-bridge.sh +++ b/charts/celestia-local/files/scripts/start-bridge.sh @@ -40,7 +40,7 @@ echo "waiting for genesis hash from celestia..." genesis_hash=$(wait_for_genesis) echo "genesis hash received: $genesis_hash" -export CELESTIA_CUSTOM="test:$genesis_hash" +export CELESTIA_CUSTOM="$chainid:$genesis_hash" export GOLOG_LOG_LEVEL="debug" # fixes: keystore: permissions of key 'p2p-key' are too relaxed: required: 0600, got: 0660 diff --git a/charts/celestia-local/files/scripts/start-celestia-appd.sh b/charts/celestia-local/files/scripts/start-celestia-appd.sh index 2b1fc2e761..e3d8a82c3b 100755 --- a/charts/celestia-local/files/scripts/start-celestia-appd.sh +++ b/charts/celestia-local/files/scripts/start-celestia-appd.sh @@ -23,7 +23,8 @@ set -o errexit -o nounset } & exec celestia-appd start --home "${home_dir}" \ - --grpc.address "127.0.0.1:$celestia_app_grpc_port" \ + --grpc.address "0.0.0.0:$celestia_app_grpc_port" \ + --rpc.laddr "tcp://0.0.0.0:$celestia_app_host_port" \ --api.enable \ --grpc.enable \ --grpc-web.enable diff --git a/charts/celestia-local/templates/configmap.yaml b/charts/celestia-local/templates/configmap.yaml index 75b04634d3..174f92ee3e 100644 --- a/charts/celestia-local/templates/configmap.yaml +++ b/charts/celestia-local/templates/configmap.yaml @@ -7,6 +7,7 @@ data: home_dir: "/home/celestia" coins: "{{ .Values.coins }}" validator_stake: "{{ .Values.validatorStake }}" + validator_mnemonic: "{{ .Values.validatorMnemonic }}" chainid: "{{ .Values.chainId }}" keyring_backend: "{{ .Values.keyringBackend }}" validator_key_name: "{{ .Values.validatorKeyName }}" diff --git a/charts/celestia-local/values.yaml b/charts/celestia-local/values.yaml index d1390889c2..bcf9a72089 100644 --- a/charts/celestia-local/values.yaml +++ b/charts/celestia-local/values.yaml @@ -15,7 +15,7 @@ storage: persistentVolumeName: "celestia-shared-storage" path: "/data/celestia-data" -celestiaAppImage: "ghcr.io/celestiaorg/celestia-app:v1.3.0" +celestiaAppImage: "ghcr.io/celestiaorg/celestia-app:v1.8.0" celestiaNodeImage: "ghcr.io/celestiaorg/celestia-node:v0.12.4" tokenServerImage: "busybox:1.35.0-musl" @@ -29,12 +29,13 @@ evmAddress: "0x966e6f22781EF6a6A82BBB4DB3df8E225DfD9488" # Default private key, must correspond with above address privateKey: "da6ed55cb2894ac2c9c10209c09de8e8b9d109b910338d5bf3d747a7e1fc9eb9" # Default chain id -chainId: "test" +chainId: "celestia-local-0" # Signer info keyringBackend: "test" validatorKeyName: "validator" +validatorMnemonic: connect soon random stable toddler tired glove drastic comfort donor struggle island cactus pole shell alpha taste able story business cross dismiss book brass # Genesis amount -coins: "1000000000000000utia" +coins: "10000000000000000000000000utia" # Staking amount validatorStake: "5000000000utia" diff --git a/charts/hermes/.helmignore b/charts/hermes/.helmignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/charts/hermes/Chart.yaml b/charts/hermes/Chart.yaml new file mode 100644 index 0000000000..23951e5ce3 --- /dev/null +++ b/charts/hermes/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: hermes +description: A Helm chart for deploying a k8s node of hermes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.8.2" + +maintainers: + - name: wafflesvonmaple + url: astria.org + - name: joroshiba + url: astria.org diff --git a/charts/hermes/files/config.toml b/charts/hermes/files/config.toml new file mode 100644 index 0000000000..84bac59ace --- /dev/null +++ b/charts/hermes/files/config.toml @@ -0,0 +1,146 @@ +[global] +log_level = '{{ .Values.global.logLevel }}' + +[rest] + +# Whether or not to enable the REST service. Default: false +enabled = {{ .Values.rest.enabled }} + +# Specify the IPv4/6 host over which the built-in HTTP server will serve the RESTful +# API requests. Default: 127.0.0.1 +host = '127.0.0.1' + +# Specify the port over which the built-in HTTP server will serve the restful API +# requests. Default: 3000 +port = {{ .Values.ports.rest }} + +[mode] + +[mode.clients] +enabled = {{ .Values.mode.clients.enabled }} +refresh = {{ .Values.mode.clients.refresh }} +misbehaviour = {{ .Values.mode.clients.misbehaviour }} + +[mode.connections] +enabled = {{ .Values.mode.connections.enabled }} + +[mode.channels] +enabled = {{ .Values.mode.channels.enabled }} + +[mode.packets] +enabled = {{ .Values.mode.packets.enabled }} +clear_interval = {{ .Values.mode.packets.clearInterval }} +clear_on_start = {{ .Values.mode.packets.clearOnStart }} +tx_confirmation = {{ .Values.mode.packets.txConfirmation }} + +[telemetry] +enabled = {{ .Values.telemetry.enabled }} +host = '127.0.0.1' +port = {{ .Values.ports.telemetry }} + +[telemetry.buckets] +latency_submitted = { start = {{ .Values.telemetry.latencySubmittedBuckets.start }}, end = {{ .Values.telemetry.latencySubmittedBuckets.end }}, buckets = {{ .Values.telemetry.latencySubmittedBuckets.count }} } +latency_confirmed = { start = {{ .Values.telemetry.latencyConfirmedBuckets.start }}, end = {{ .Values.telemetry.latencyConfirmedBuckets.end }}, buckets = {{ .Values.telemetry.latencyConfirmedBuckets.count }} } + +[tracing_server] +enabled = {{ .Values.tracingServer.enabled }} +port = {{ .Values.ports.tracingServer }} + +{{ range $chainId, $chain := .Values.chains}} +[[chains]] +id = '{{ $chainId }}' +type = '{{ $chain.type }}' +rpc_addr = '{{ $chain.rpcAddr }}' +grpc_addr = '{{ $chain.grpcAddr }}' +rpc_timeout = '{{ $chain.rpcTimeout }}' +account_prefix = '{{ $chain.accountPrefix }}' +key_name = '{{ $chain.key.name }}' +store_prefix = '{{ $chain.storePrefix }}' +ccv_consumer_chain = {{ default false $chain.ccvConsumerChain }} +ccv_consumer_chain = {{ default false $chain.trustedNode }} +{{- if eq $chain.eventSource.mode "push" }} +event_source = { mode = 'push', url = '{{ $chain.eventSource.url }}', batch_delay='{{ $chain.eventSource.batchDelay }}' } +{{- else if eq $chain.eventSource.mode "pull" }} +event_source = { mode = 'pull', interval = '{{ $chain.eventSource.interval }}' } +{{- end }} +{{- if $chain.addressType }} + {{- if eq $chain.addressType.derivation "cosmos" }} +address_type = { derivation = 'cosmos' } + {{- else if eq $chain.addressType.derivation "ethermint" }} +address_type = { derivation = 'ethermint', proto_type = { pk_type = '{{ $chain.addressType.protoType.pkType }}' } + {{- end }} +{{- end }} + +gas_price = { price = {{ $chain.gasPrice }}, denom = '{{ $chain.gasDenom }}' } +{{- if $chain.defaultGas }} +default_gas = {{ $chain.defaultGas }} +{{- end }} +{{ if $chain.gasMultiplier }} +gas_multiplier = {{ $chain.gasMultiplier }} +{{- end }} # not used +{{- if $chain.maxGas }} +max_gas = {{ $chain.maxGas }} +{{ end }} +{{- if $chain.dynamicGasPrice }} +dynamic_gas_price = { enabled = true, multiplier = {{ $chain.dynamicGasPrice.multiplier }}, max = {{ $chain.dynamicGasPrice.max }} } +{{- end }} +{{- if $chain.maxMsgNumber }} +max_msg_number = {{ $chain.maxMsgNumber }} +{{- end }} +{{- if $chain.maxTxSize }} +max_tx_size = {{ $chain.maxTxSize }} +{{- end }} +{{- if $chain.queryPacketsChunkSize }} +query_packets_chunk_size = {{ $chain.queryPacketsChunkSize }} +{{- end }} +{{- if $chain.clock_drift}} +clock_drift = '{{ $chain.clockDrift }}' +{{- end }} +{{- if $chain.maxBlockTime }} +max_block_time = '{{ $chain.maxBlockTime }}' +{{- end }} +{{- if $chain.trustingPeriod }} +trusting_period = '{{ $chain.trustingPeriod }}' +{{- end }} +{{- if $chain.clientRefreshRate }} +client_refresh_rate = '{{ $chain.clientRefreshRate }}' +{{- end }} +{{- if $chain.trustThreshold }} +trust_threshold = '{{ $chain.trustThreshold }}' +{{- end }} +{{- if $chain.memoPrefix }} +memo_prefix = '{{ $chain.memoPrefix }}' +{{- end }} + +{{- if $chain.packetFilter }} +{{- if $chain.packetFilter.policy }} +[[chains.packet_filter]] +policy = '{{ $chain.packetFilter.policy }}' +list = [ + {{- range $index, $filter := $chain.packetFilter.list }} + ['{{ $filter.portId }}', '{{ $filter.channelId }}'], + {{- end }} +] +{{- end }} +{{- if $chain.packetFilter.fees }} + {{- range $channel, $filter := $chain.packetFilter.fees }} +[[chains.packet_filter.min_fees.'{{ $channel }}']] +recv = [ + {{- range $index, $denom := $filter.denoms }} + { amount = '{{ $denom.amount }}' {{- if $denom.denom }}, denom = '{{ $denom.denom }}' {{- end }} }, + {{- end }} +] + {{- end }} +{{- end }} +{{- end }} +{{- if $chain.feeGranter }} +fee_granter = '{{ $chain.feeGranter }}' +{{- end }} +{{- if $chain.compatMode }} +compat_mode = '{{ $chain.compatMode }}' +{{- end }} +{{- if $chain.clearInterval }} +clear_interval = '{{ $chain.clearInterval }}' +{{- end }} + +{{ end }} diff --git a/charts/hermes/templates/_helpers.tpl b/charts/hermes/templates/_helpers.tpl new file mode 100644 index 0000000000..3b63b396d0 --- /dev/null +++ b/charts/hermes/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Namepsace to deploy elements into. +*/}} +{{- define "hermes.namespace" -}} +{{- default .Release.Namespace .Values.global.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "hermes.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return if ingress is stable. +*/}} +{{- define "hermes.ingress.isStable" -}} +{{- eq (include "hermes.ingress.apiVersion" .) "networking.k8s.io/v1" }} +{{- end }} + +{{/* +Return if ingress supports ingressClassName. +*/}} +{{- define "hermes.ingress.supportsIngressClassName" -}} +{{- or (eq (include "hermes.ingress.isStable" .) "true") (and (eq (include "hermes.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} +{{- end }} + +{{/* +Return if ingress supports pathType. +*/}} +{{- define "hermes.ingress.supportsPathType" -}} +{{- or (eq (include "hermes.ingress.isStable" .) "true") (and (eq (include "hermes.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} +{{- end }} + +Return the appropriate apiVersion for ingress. +*/}} +{{- define "hermes.ingress.apiVersion" -}} +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }} +{{- print "networking.k8s.io/v1" }} +{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +{{- print "networking.k8s.io/v1beta1" }} +{{- else }} +{{- print "extensions/v1beta1" }} +{{- end }} +{{- end }} diff --git a/charts/hermes/templates/configmaps.yaml b/charts/hermes/templates/configmaps.yaml new file mode 100644 index 0000000000..525e7f6ada --- /dev/null +++ b/charts/hermes/templates/configmaps.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "hermes.fullname" . }}-config + namespace: {{ include "hermes.namespace" . }} +data: + config.toml: | + {{- tpl (.Files.Get "files/config.toml") $ | nindent 4 }} +--- +{{- if not .Values.secretProvider.enabled }} +{{- range $chainId, $chain := .Values.chains }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "hermes.fullname" $ }}-{{$chainId}}-key + namespace: {{ include "hermes.namespace" $ }} +data: + {{ $chain.key.name }}.json: | + {{- toPrettyJson $chain.key.content | nindent 4 }} +--- +{{- end }} +{{- end }} +{{- if .Values.createChannel.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: hermes-create-channel-script + namespace: {{ include "hermes.namespace" . }} +data: + create_channel.sh: | + {{- tpl (.Files.Get "files/create_channel.sh") $ | nindent 4 }} +{{- end }} diff --git a/charts/hermes/templates/deployment.yaml b/charts/hermes/templates/deployment.yaml new file mode 100644 index 0000000000..90a082c54b --- /dev/null +++ b/charts/hermes/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hermes.fullname" . }} + labels: + app: astria-dev-cluster + namespace: {{ include "hermes.namespace" . }} +spec: + replicas: {{ .Values.global.replicaCount }} + selector: + matchLabels: + app: astria-dev-cluster + template: + metadata: + name: {{ include "hermes.fullname" . }} + labels: + app: astria-dev-cluster + spec: + {{- if .Values.createChannel.enabled }} + initContainers: + - name: create-channel + image: {{ .Values.image }} + command: [ "hermes", "create", "channel" ] + args: + - --new-client-connection + - --yes + - --a-chain={{ .Values.createChannel.chainA }} + - --b-chain={{ .Values.createChannel.chainB }} + - --a-port={{ .Values.createChannel.portA }} + - --b-port={{ .Values.createChannel.portB }} + volumeMounts: + - mountPath: /home/hermes/.hermes + name: {{ include "hermes.fullname" . }}-config-volume + {{- range $chainId, $chain := .Values.chains }} + - mountPath: "/home/hermes/.hermes/keys/{{ $chainId }}/keyring-test" + name: {{ include "hermes.fullname" $ }}-{{$chainId}}-key-volume + {{- end }} + {{- end }} + containers: + - name: hermes + image: {{ .Values.image }} + command: [ "hermes", "start" ] + volumeMounts: + - mountPath: /home/hermes/.hermes + name: {{ include "hermes.fullname" . }}-config-volume + {{- range $chainId, $chain := .Values.chains }} + - mountPath: "/home/hermes/.hermes/keys/{{ $chainId }}/keyring-test" + name: {{ include "hermes.fullname" $ }}-{{$chainId}}-key-volume + {{- end }} + ports: + - containerPort: {{ .Values.ports.rest }} + name: rest + - containerPort: {{ .Values.ports.telemetry }} + name: telemetry + - containerPort: {{ .Values.ports.tracingServer }} + name: tracing + volumes: + - name: {{ include "hermes.fullname" . }}-config-volume + configMap: + name: {{ include "hermes.fullname" . }}-config + {{- range $chainId, $chain := .Values.chains }} + - name: {{ include "hermes.fullname" $ }}-{{$chainId}}-key-volume + {{- if $.Values.secretProvider.enabled }} + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ include "hermes.fullname" $ }}-{{ $chainId }}-secrets-store + {{- else }} + configMap: + name: {{ include "hermes.fullname" $ }}-{{$chainId}}-key + {{- end }} + {{- end}} diff --git a/charts/hermes/templates/ingress.yaml b/charts/hermes/templates/ingress.yaml new file mode 100644 index 0000000000..419e5bd91e --- /dev/null +++ b/charts/hermes/templates/ingress.yaml @@ -0,0 +1,70 @@ +{{- if .Values.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "hermes.ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "hermes.ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "hermes.ingress.supportsPathType" .) "true" -}} + +{{- range $service, $ingress := .Values.ingress.services }} +{{- if $ingress.enabled -}} +{{- $servicePort := tpl $ingress.service.port $ -}} +{{- $serviceName := tpl $ingress.service.name $ -}} +{{- $ingressPath := $ingress.path -}} +{{- $ingressPathType := $ingress.pathType -}} +{{- $extraPaths := $ingress.extraPaths }} +--- +apiVersion: {{ include "hermes.ingress.apiVersion" $ }} +kind: Ingress +metadata: + name: {{ include "hermes.fullname" $ }}-{{ $service }}-ingress + namespace: {{ include "hermes.namespace" $ }} + labels: + {{- with $ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if not $ingressSupportsIngressClassName }} + kubernetes.io/ingress.class: {{ $.Values.ingress.className }} + {{- end }} + {{- if $ingressApiIsStable }} + {{- range $key, $value := $ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if $ingressSupportsIngressClassName }} + ingressClassName: {{ $.Values.ingress.className }} + {{- end -}} + {{- with $ingress.service }} + defaultBackend: + service: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + rules: + {{- with $ingress.hosts }} + {{- range $host := . }} + - host: {{ tpl $host $ }} + http: + paths: + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ $ingressPath }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + {{- tpl (toYaml $ingress.service) $ | nindent 16 }} + {{- else }} + serviceName: {{ tpl $serviceName $ }} + servicePort: {{ tpl $servicePort $ }} + {{- end }} + {{- end }} + {{- end }} + {{- if $ingress.tls }} + tls: + {{- tpl (toYaml $ingress.tls) $ | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/hermes/templates/secretproviderclass.yaml b/charts/hermes/templates/secretproviderclass.yaml new file mode 100644 index 0000000000..5c669a81a0 --- /dev/null +++ b/charts/hermes/templates/secretproviderclass.yaml @@ -0,0 +1,21 @@ +{{- if .Values.secretProvider.enabled }} + {{- range $chainId, $chain := .Values.chains }} +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: {{ include "hermes.fullname" $ }}-{{ $chainId }}-secrets-store +spec: + provider: {{ .Values.secretProvider.provider }} + secretObjects: + - secretName: {{ include "hermes.fullname" $ }}-{{ $chainId }}-key + type: Opaque + data: + - objectName: {{ $chain.key.name }}.json + key: {{ $chain.key.secret.key }} + parameters: + secrets: | + - resourceName: {{ $chain.key.secret.resourceName }} + fileName: "{{ $chain.key.secret.filename }}" + {{- end }} +{{- end }} diff --git a/charts/hermes/templates/service.yaml b/charts/hermes/templates/service.yaml new file mode 100644 index 0000000000..cac98ebeba --- /dev/null +++ b/charts/hermes/templates/service.yaml @@ -0,0 +1,27 @@ +{{- if or .Values.rest.enabled .Values.telemetry.enabled .Values.tracingServer.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ include "hermes.fullname" . }}-service + namespace: {{ include "hermes.namespace" . }} +spec: + selector: + app: {{ include "hermes.fullname" . }} + ports: + {{- if .Values.rest.enabled }} + - name: rest-svc + port: {{ .Values.ports.rest }} + targetPort: rest + {{- end }} + {{- if .Values.telemetry.enabled }} + - name: telemetry-svc + port: {{ .Values.ports.telemetry }} + targetPort: telemetry + {{- end }} + {{- if .Values.tracingServer.enabled }} + - name: tracing-svc + port: {{ .Values.ports.tracingServer }} + targetPort: tracing + {{- end }} +--- +{{- end }} diff --git a/charts/hermes/values.yaml b/charts/hermes/values.yaml new file mode 100644 index 0000000000..efa84c3a30 --- /dev/null +++ b/charts/hermes/values.yaml @@ -0,0 +1,195 @@ +global: + namespaceOverride: "" + replicaCount: 1 + logLevel: debug + +image: ghcr.io/penumbra-zone/hermes:main + +fullnameOverride: "" +nameOverride: "" + +# For local testing purposes may want to create a channel on startup +# this is not recommended for production since channel updates change +# the destination chain assets +createChannel: + enabled: false + chainA: '' # For local test is equencer-test-chain-0 + portA: '' # likely "transfer" + chainB: '' # For default local test celestia-local-0 + portB: '' # likely "transfer" + +rest: + enabled: false +telemetry: + enabled: false + latencySubmittedBuckets: + start: 500 + end: 20000 + count: 10 + latencyConfirmedBuckets: + start: 1000 + end: 30000 + count: 10 +tracingServer: + enabled: false + +mode: + clients: + enabled: true + refresh: true + misbehaviour: false + connections: + enabled: true + channels: + enabled: true + packets: + enabled: true + clearInterval: 100 + clearOnStart: true + txConfirmation: true + +# A map of chain ids to chain configs, see example in the comments +# note that supplying key as plain text is not recommended outside of local +# testing environments should utilize a secret provider to pass in a +# key. You can input all potential values from hermes config.toml for chains +# here. +chains: + # sequencer-test-chain-0: + # type: Astria + # rpcAddr: http://node0-sequencer-rpc-service.astria-dev-cluster.svc.cluster.local:26657 + # grpcAddr: http://node0-sequencer-grpc-service.astria-dev-cluster.svc.cluster.local:8080 + # accountPrefix: not_used + # rpcTimeout: 15s + # storePrefix: ibc_data + # key: + # name: astria-wallet + # content: + # signing_key: [43, 216, 6, 201, 127, 14, 0, 175, 26, 31, 195, 50, 143, 167, 99, 169, 38, 151, 35, 200, 219, 143, 172, 79, 147, 175, 113, 219, 24, 109, 110, 144] + # address_type: Astria + # secret: + # resourceName: projects/$PROJECT_ID/secrets/astria-ibc-relay-key/versions/latest + # filename: astria-wallet.json + # key: token + # eventSource: + # mode: pull + # interval: 1s + # gasPrice: 1 + # gasDenom: nria + # trustThreshold: 2/3 + + # celestia-local-0: + # type: CosmosSdk + # compatMode: '0.34' + # rpcAddr: http://celestia-app-service.astria-dev-cluster.svc.cluster.local:26657 + # grpcAddr: http://celestia-app-service.astria-dev-cluster.svc.cluster.local:9090 + # eventSource: + # mode: pull + # interval: 5s + # rpcTimeout: 15s + # accountPrefix: celestia + # key: + # name: celestia + # content: + # private_key: 8241386890823ca14743e5d4d583f879a5236af29f454ed4da6fe62b8439e2ab + # public_key: 03b0effa59e7eee365a888b4d2fa4c9be82a4925df255d4443151d61b11ac63714 + # address: [ + # 39, + # 166, + # 219, + # 243, + # 73, + # 131, + # 245, + # 143, + # 2, + # 206, + # 64, + # 203, + # 217, + # 165, + # 252, + # 194, + # 189, + # 5, + # 171, + # 220 + # ] + # address_type: Cosmos + # account: celestia1y7ndhu6fs06c7qkwgr9anf0uc27st27uwdj6vq + # secret: + # resourceName: projects/$PROJECT_ID/secrets/celestia-ibc-relay-key/versions/latest + # filename: celestia.json + # key: token + # gasPrice: 0.12 + # denom: 'utia' + # gasMultiplier: 1.1 + # clockDrift: 20s + # maxBlockTime: 10s + # trustThreshold: 2/3 + +secretProvider: + enabled: false + provider: gcp + +ports: + rest: 3000 + telemetry: 3001 + tracingServer: 5555 + +ingress: + enabled: false + labels: {} + hostname: localdev.me + className: nginx + services: + rest: + enabled: false + hosts: + - rest.hermes.{{ .Values.ingress.hostname }} + path: / + pathType: Prefix + service: + name: '{{ include "hermes.fullname" . }}-service' + port: '{{ .Values.ports.rest }}' + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + tls: {} + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + telemetry: + enabled: false + hosts: + - telemetry.hermes.{{ .Values.ingress.hostname }} + path: / + pathType: Prefix + service: + name: '{{ include "hermes.fullname" . }}-service' + port: '{{ .Values.ports.telemetry }}' + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + tls: {} + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + tracing: + enabled: false + hosts: + - tracing.hermes.{{ .Values.ingress.hostname }} + path: / + pathType: Prefix + service: + name: '{{ include "hermes.fullname" . }}-service' + port: '{{ .Values.ports.tracingServer }}' + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + tls: {} + # - secretName: chart-example-tls + # hosts: + # - chart-example.local diff --git a/charts/sequencer/Chart.yaml b/charts/sequencer/Chart.yaml index 46385f64fe..0202ba1208 100644 --- a/charts/sequencer/Chart.yaml +++ b/charts/sequencer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.6 +version: 0.11.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/sequencer/values.yaml b/charts/sequencer/values.yaml index 892559fd9b..c11a0a050a 100644 --- a/charts/sequencer/values.yaml +++ b/charts/sequencer/values.yaml @@ -61,7 +61,7 @@ config: # Values for CometBFT node configuration cometBFT: - chainId: 'sequencer-test-chain' + chainId: 'sequencer-test-chain-0' # If using postgres for indexing, update to enabled and set the connection psql: diff --git a/dev/values/hermes/local.yml b/dev/values/hermes/local.yml new file mode 100644 index 0000000000..b6f508b541 --- /dev/null +++ b/dev/values/hermes/local.yml @@ -0,0 +1,120 @@ +createChannel: + enabled: true + chainA: sequencer-test-chain-0 + portA: transfer + chainB: celestia-local-0 + portB: transfer + +chains: + sequencer-test-chain-0: + type: Astria + rpcAddr: http://node0-sequencer-rpc-service.astria-dev-cluster.svc.cluster.local:26657 + grpcAddr: http://node0-sequencer-grpc-service.astria-dev-cluster.svc.cluster.local:8080 + accountPrefix: not_used + rpcTimeout: 15s + storePrefix: ibc_data + key: + name: astria-wallet + content: + signing_key: + [ + 43, + 216, + 6, + 201, + 127, + 14, + 0, + 175, + 26, + 31, + 195, + 50, + 143, + 167, + 99, + 169, + 38, + 151, + 35, + 200, + 219, + 143, + 172, + 79, + 147, + 175, + 113, + 219, + 24, + 109, + 110, + 144, + ] + address_type: Astria + secret: + resourceName: projects/$PROJECT_ID/secrets/astria-ibc-relay-key/versions/latest + filename: astria-wallet.json + key: token + eventSource: + mode: pull + interval: 1s + gasPrice: 1 + gasDenom: nria + trustThreshold: 2/3 + + celestia-local-0: + type: CosmosSdk + compatMode: "0.34" + rpcAddr: http://celestia-app-service.astria-dev-cluster.svc.cluster.local:26657 + grpcAddr: http://celestia-app-service.astria-dev-cluster.svc.cluster.local:9090 + eventSource: + mode: push + url: http://celestia-app-service.astria-dev-cluster.svc.cluster.local:26657/websocket + batchDelay: 500ms + rpcTimeout: 15s + accountPrefix: celestia + key: + name: celestia + content: + private_key: 8241386890823ca14743e5d4d583f879a5236af29f454ed4da6fe62b8439e2ab + public_key: 03b0effa59e7eee365a888b4d2fa4c9be82a4925df255d4443151d61b11ac63714 + address: + [ + 39, + 166, + 219, + 243, + 73, + 131, + 245, + 143, + 2, + 206, + 64, + 203, + 217, + 165, + 252, + 194, + 189, + 5, + 171, + 220, + ] + address_type: Cosmos + account: celestia1y7ndhu6fs06c7qkwgr9anf0uc27st27uwdj6vq + secret: + resourceName: projects/$PROJECT_ID/secrets/celestia-ibc-relay-key/versions/latest + filename: celestia.json + key: token + denom: "utia" + gasPrice: 0.1 + gasMultiplier: 1.5 + defaultGas: "100000" + maxGas: "400000" + maxMsgNum: 30 + maxTxSize: "180000" + clockDrift: 5s + maxBlockTime: 30s + trustThreshold: 1/3 diff --git a/justfile b/justfile index 71b1391b0a..46e52ae52a 100644 --- a/justfile +++ b/justfile @@ -7,6 +7,7 @@ default_docker_tag := 'local' docker-build crate tag=default_docker_tag: docker buildx build --load --build-arg TARGETBINARY={{crate}} -f containerfiles/Dockerfile -t {{crate}}:{{tag}} . +# Installs the astria rust cli from local codebase install-cli: cargo install --path ./crates/astria-cli --locked @@ -142,6 +143,13 @@ deploy-sequencer name=validatorName: {{name}}-sequencer-chart ./charts/sequencer deploy-sequencers: (deploy-sequencer "node0") (deploy-sequencer "node1") (deploy-sequencer "node2") +deploy-hermes-local: + helm install hermes-local-chart ./charts/hermes \ + -n astria-dev-cluster \ + -f dev/values/hermes/local.yml +delete-hermes-local: + @just delete chart hermes-local + delete-sequencer name=validatorName: @just delete chart {{name}}-sequencer astria-validator-{{name}} delete-sequencers: (delete-sequencer "node0") (delete-sequencer "node1") (delete-sequencer "node2") diff --git a/taplo.toml b/taplo.toml index 32c8341f3e..551d96780b 100644 --- a/taplo.toml +++ b/taplo.toml @@ -1,4 +1,5 @@ exclude = [ "charts/celestia-node/files/config.toml", "charts/sequencer/files/cometbft/config/config.toml", + "charts/hermes/files/config.toml", ]