From a886e561a220e6e7e0c28211a86e1f7eb1a512a2 Mon Sep 17 00:00:00 2001 From: Bulat Saifullin Date: Mon, 22 Apr 2024 18:24:28 +0300 Subject: [PATCH] [node] support list of custom node keys (#340) * Support multiple node keys * added example --- charts/node/Chart.yaml | 2 +- charts/node/README.md | 6 +++--- charts/node/examples/local-rococo/parachain.yaml | 7 +++++++ charts/node/templates/customNodeKeySecret.yaml | 6 ++++++ charts/node/templates/statefulset.yaml | 4 ++++ charts/node/values.yaml | 4 ++-- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/charts/node/Chart.yaml b/charts/node/Chart.yaml index c1453d6a..2c0bdb3a 100644 --- a/charts/node/Chart.yaml +++ b/charts/node/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: node description: A Helm chart to deploy Substrate/Polkadot nodes type: application -version: 5.7.0 +version: 5.7.1 maintainers: - name: Parity url: https://github.com/paritytech/helm-charts diff --git a/charts/node/README.md b/charts/node/README.md index c5925acc..536583dd 100644 --- a/charts/node/README.md +++ b/charts/node/README.md @@ -18,7 +18,7 @@ This is intended behaviour. Make sure to run `git add -A` once again to stage ch # Substrate/Polkadot node Helm chart -![Version: 5.7.0](https://img.shields.io/badge/Version-5.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 5.7.1](https://img.shields.io/badge/Version-5.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ## Maintainers @@ -298,7 +298,7 @@ If you're running a collator node: | jaegerAgent.ports.samplingPort | HTTP | `5778` | serve configs, sampling strategies | | jaegerAgent.resources | object | `{}` | Resource limits & requests | | nameOverride | string | `""` | Provide a name in place of node for `app:` labels | -| node | object | `{"allowUnsafeRpcMethods":false,"chain":"polkadot","chainData":{"annotations":{},"chainPath":null,"chainSnapshot":{"enabled":false,"filelistName":"files.txt","method":"gcs","url":""},"database":"rocksdb","kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"pruning":1000,"storageClass":"","volumeSize":"100Gi"},"chainKeystore":{"accessModes":["ReadWriteOnce"],"annotations":{},"kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"mountInMemory":{"enabled":false,"sizeLimit":null},"storageClass":"","volumeSize":"10Mi"},"collatorExternalRelayChain":{"enabled":false,"relayChainRpcUrls":[]},"collatorLightClient":{"enabled":false,"relayChain":"","relayChainCustomChainspec":false,"relayChainCustomChainspecPath":"/chain-data/relay_chain_chainspec.json","relayChainCustomChainspecUrl":null},"collatorRelayChain":{"chain":"polkadot","chainData":{"annotations":{},"chainPath":"","chainSnapshot":{"enabled":false,"filelistName":"files.txt","method":"gcs","url":""},"database":"rocksdb","kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"pruning":1000,"storageClass":"","volumeSize":"100Gi"},"chainKeystore":{"accessModes":["ReadWriteOnce"],"annotations":{},"kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"mountInMemory":{"enabled":false,"sizeLimit":null},"storageClass":"","volumeSize":"10Mi"},"customChainspec":false,"customChainspecPath":"/relaychain-data/relay_chain_chainspec.json","customChainspecUrl":null,"flags":[],"prometheus":{"enabled":false,"port":9625}},"command":"polkadot","customChainspec":false,"customChainspecPath":"/chain-data/chainspec.json","customChainspecUrl":null,"customNodeKey":null,"enableOffchainIndexing":false,"enableSidecarLivenessProbe":false,"enableSidecarReadinessProbe":false,"enableStartupProbe":true,"existingSecrets":{"keys":[],"nodeKey":{}},"extraConfigmapMounts":[],"extraEnvVars":[],"extraSecretMounts":[],"flags":[],"forceDownloadChainspec":false,"isParachain":false,"keys":{},"legacyRpcFlags":false,"logLevels":[],"perNodeServices":{"apiService":{"annotations":{},"enabled":true,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"httpPort":9933,"prometheusPort":9615,"relayChainPrometheusPort":9625,"rpcPort":9944,"type":"ClusterIP","wsPort":9955},"paraP2pService":{"annotations":{},"enabled":false,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"port":30334,"type":"NodePort","ws":{"enabled":false,"port":30335}},"relayP2pService":{"annotations":{},"enabled":false,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"port":30333,"type":"NodePort","ws":{"enabled":false,"port":30334}},"setPublicAddressToExternalIp":{"autodiscoveryFix":false,"enabled":false,"ipRetrievalServiceUrl":"https://ifconfig.io"}},"persistGeneratedNodeKey":false,"persistentVolumeClaimRetentionPolicy":null,"podManagementPolicy":null,"prometheus":{"enabled":true,"port":9615},"replicas":1,"resources":{},"role":"full","serviceAnnotations":{},"serviceExtraPorts":[],"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"namespace":null,"relabelings":[],"scrapeTimeout":"10s","targetLabels":["node"]},"startupProbeFailureThreshold":30,"substrateApiSidecar":{"enabled":false},"telemetryUrls":[],"tracing":{"enabled":false},"updateStrategy":{"enabled":false,"maxUnavailable":1,"type":"RollingUpdate"},"vault":{"authConfigServiceAccount":null,"authConfigType":null,"authPath":null,"authRole":null,"authType":null,"keys":{},"nodeKey":{}},"wasmRuntimeOverridesPath":"/chain-data/runtimes","wasmRuntimeUrl":""}` | Deploy a substrate node. ref: https://docs.substrate.io/tutorials/v3/private-network/ | +| node | object | `{"allowUnsafeRpcMethods":false,"chain":"polkadot","chainData":{"annotations":{},"chainPath":null,"chainSnapshot":{"enabled":false,"filelistName":"files.txt","method":"gcs","url":""},"database":"rocksdb","kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"pruning":1000,"storageClass":"","volumeSize":"100Gi"},"chainKeystore":{"accessModes":["ReadWriteOnce"],"annotations":{},"kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"mountInMemory":{"enabled":false,"sizeLimit":null},"storageClass":"","volumeSize":"10Mi"},"collatorExternalRelayChain":{"enabled":false,"relayChainRpcUrls":[]},"collatorLightClient":{"enabled":false,"relayChain":"","relayChainCustomChainspec":false,"relayChainCustomChainspecPath":"/chain-data/relay_chain_chainspec.json","relayChainCustomChainspecUrl":null},"collatorRelayChain":{"chain":"polkadot","chainData":{"annotations":{},"chainPath":"","chainSnapshot":{"enabled":false,"filelistName":"files.txt","method":"gcs","url":""},"database":"rocksdb","kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"pruning":1000,"storageClass":"","volumeSize":"100Gi"},"chainKeystore":{"accessModes":["ReadWriteOnce"],"annotations":{},"kubernetesVolumeSnapshot":null,"kubernetesVolumeToClone":null,"mountInMemory":{"enabled":false,"sizeLimit":null},"storageClass":"","volumeSize":"10Mi"},"customChainspec":false,"customChainspecPath":"/relaychain-data/relay_chain_chainspec.json","customChainspecUrl":null,"flags":[],"prometheus":{"enabled":false,"port":9625}},"command":"polkadot","customChainspec":false,"customChainspecPath":"/chain-data/chainspec.json","customChainspecUrl":null,"customNodeKey":[],"enableOffchainIndexing":false,"enableSidecarLivenessProbe":false,"enableSidecarReadinessProbe":false,"enableStartupProbe":true,"existingSecrets":{"keys":[],"nodeKey":{}},"extraConfigmapMounts":[],"extraEnvVars":[],"extraSecretMounts":[],"flags":[],"forceDownloadChainspec":false,"isParachain":false,"keys":{},"legacyRpcFlags":false,"logLevels":[],"perNodeServices":{"apiService":{"annotations":{},"enabled":true,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"httpPort":9933,"prometheusPort":9615,"relayChainPrometheusPort":9625,"rpcPort":9944,"type":"ClusterIP","wsPort":9955},"paraP2pService":{"annotations":{},"enabled":false,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"port":30334,"type":"NodePort","ws":{"enabled":false,"port":30335}},"relayP2pService":{"annotations":{},"enabled":false,"externalDns":{"customPrefix":"","enabled":false,"hostname":"example.com","ttl":300},"externalTrafficPolicy":"Cluster","extraPorts":[],"port":30333,"type":"NodePort","ws":{"enabled":false,"port":30334}},"setPublicAddressToExternalIp":{"autodiscoveryFix":false,"enabled":false,"ipRetrievalServiceUrl":"https://ifconfig.io"}},"persistGeneratedNodeKey":false,"persistentVolumeClaimRetentionPolicy":null,"podManagementPolicy":null,"prometheus":{"enabled":true,"port":9615},"replicas":1,"resources":{},"role":"full","serviceAnnotations":{},"serviceExtraPorts":[],"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"namespace":null,"relabelings":[],"scrapeTimeout":"10s","targetLabels":["node"]},"startupProbeFailureThreshold":30,"substrateApiSidecar":{"enabled":false},"telemetryUrls":[],"tracing":{"enabled":false},"updateStrategy":{"enabled":false,"maxUnavailable":1,"type":"RollingUpdate"},"vault":{"authConfigServiceAccount":null,"authConfigType":null,"authPath":null,"authRole":null,"authType":null,"keys":{},"nodeKey":{}},"wasmRuntimeOverridesPath":"/chain-data/runtimes","wasmRuntimeUrl":""}` | Deploy a substrate node. ref: https://docs.substrate.io/tutorials/v3/private-network/ | | node.allowUnsafeRpcMethods | bool | `false` | Allow executing unsafe RPC methods | | node.chain | string | `"polkadot"` | Name of the chain | | node.chainData.annotations | object | `{}` | Annotations to add to the volumeClaimTemplates | @@ -367,7 +367,7 @@ If you're running a collator node: | node.customChainspec | bool | `false` | Use the file defined in `node.customChainspecPath` as the chainspec. Ensure that the file is either mounted or generated with an init container. | | node.customChainspecPath | string | `"/chain-data/chainspec.json"` | Node may require custom name for chainspec file. ref: moonbeam https://github.com/PureStake/moonbeam/issues/1104#issuecomment-996787548 Note: path should start with /chain-data/ since this folder mount in init container download-chainspec. | | node.customChainspecUrl | string | `nil` | URL to retrive custom chain spec | -| node.customNodeKey | string | `nil` | Name of the secret containig the key | +| node.customNodeKey | list | `[]` | List of the custom node key(s) for all pods in statefulset. | | node.enableOffchainIndexing | bool | `false` | Enable Offchain Indexing. https://docs.substrate.io/fundamentals/offchain-operations/ | | node.enableSidecarLivenessProbe | bool | `false` | Enable Node liveness probe through `paritytech/ws-health-exporter` running as a sidecar container | | node.enableSidecarReadinessProbe | bool | `false` | Enable Node readiness probe through `paritytech/ws-health-exporter` running as a sidecar container | diff --git a/charts/node/examples/local-rococo/parachain.yaml b/charts/node/examples/local-rococo/parachain.yaml index 2c89a276..58c08ac3 100644 --- a/charts/node/examples/local-rococo/parachain.yaml +++ b/charts/node/examples/local-rococo/parachain.yaml @@ -20,6 +20,13 @@ node: scheme: sr25519 # ${HOSTNAME##*-} will be evaluated as the pod index, pod-0: //Alice, pod-1: //Bob extraDerivation: '$([ "${HOSTNAME##*-}" = "0" ] && echo "//Alice" || echo "//Bob")' + customNodeKey: + # 12D3KooWL5Av1ZZSKkaittmxXBmZpzP7zgiB1AAnWHEw7MxzqnFp + - bdf71a910354e231095366230621eaefb5f99465045f1501478fd3d9b5deef98 + # 12D3KooWAxFonTS177T81CTDeH6mfvJQWYEJeVQ1gPrnULjNY8Cn + - 2a775a9db9fb0ff40afacb4aa7ccbf2a5d04c6d980bb1437c196c8e38a6cd948 + flags: + - "--bootnodes /dns/parachain-node-0/tcp/30334/p2p/12D3KooWL5Av1ZZSKkaittmxXBmZpzP7zgiB1AAnWHEw7MxzqnFp" isParachain: true collatorRelayChain: chain: rococo-local diff --git a/charts/node/templates/customNodeKeySecret.yaml b/charts/node/templates/customNodeKeySecret.yaml index 90d83af6..89c74836 100644 --- a/charts/node/templates/customNodeKeySecret.yaml +++ b/charts/node/templates/customNodeKeySecret.yaml @@ -6,5 +6,11 @@ kind: Secret metadata: name: {{ $fullname }}-custom-node-key data: +{{- if eq ( typeOf .Values.node.customNodeKey ) "string" }} custom-node-key: {{ .Values.node.customNodeKey | mustRegexFind "^[0-9a-zA-Z]{64}$" | b64enc }} +{{- else }} +{{- range $index, $key := .Values.node.customNodeKey }} + custom-node-key-{{ $index }}: {{ $key | mustRegexFind "^[0-9a-zA-Z]{64}$" | b64enc }} +{{- end }} +{{- end }} {{ end }} diff --git a/charts/node/templates/statefulset.yaml b/charts/node/templates/statefulset.yaml index 9a49d8ae..c08c9153 100644 --- a/charts/node/templates/statefulset.yaml +++ b/charts/node/templates/statefulset.yaml @@ -596,7 +596,11 @@ spec: {{- if .Values.node.persistGeneratedNodeKey }} --node-key-file /keystore/node-key \ {{- else if .Values.node.customNodeKey }} + {{- if eq ( typeOf .Values.node.customNodeKey ) "string" }} --node-key $(cat /custom-node-key/custom-node-key) \ + {{- else }} + --node-key $(cat /custom-node-key/custom-node-key-${POD_INDEX}) \ + {{- end }} {{- else if .Values.node.existingSecrets.nodeKey }} --node-key $(cat /custom-node-key/{{ .Values.node.existingSecrets.nodeKey.secretKey }}) \ {{- else if .Values.node.vault.nodeKey }} diff --git a/charts/node/values.yaml b/charts/node/values.yaml index e0a96b95..7c0a5174 100644 --- a/charts/node/values.yaml +++ b/charts/node/values.yaml @@ -411,8 +411,8 @@ node: # -- If enabled, generate a persistent volume to use for the keys persistGeneratedNodeKey: false - # -- Name of the secret containig the key - customNodeKey: + # -- List of the custom node key(s) for all pods in statefulset. + customNodeKey: [] # -- Expose metrics via Prometheus format in /metrics endpoint. # Passes the following args to the Polkadot binary: