diff --git a/polkadot/.gitlab-ci.yml b/polkadot/.gitlab-ci.yml
index 1a699ef205c47929631d711434e7261f24ee7b3d..948845f84777319fc7fc11bdf50f8b4c0fafe95c 100644
--- a/polkadot/.gitlab-ci.yml
+++ b/polkadot/.gitlab-ci.yml
@@ -212,7 +212,7 @@ publish-s3-release:
when: manual
cache: {}
retry: 1
- image: parity/kubectl-helm:$HELM_VERSION
+ image: parity/kubetools:latest
<<: *build-only
tags:
# this is the runner that is used to deploy it
diff --git a/polkadot/scripts/kubernetes/Chart.yaml b/polkadot/scripts/kubernetes/Chart.yaml
index 885cec57994a17b3ff16e01d59f1baab70b494f2..91652cef543e67b1b2f223fd7c98d6ed77f0f559 100644
--- a/polkadot/scripts/kubernetes/Chart.yaml
+++ b/polkadot/scripts/kubernetes/Chart.yaml
@@ -1,5 +1,5 @@
name: polkadot
-version: 0.1
+version: 0.2
appVersion: 0.2.0
description: Polkadot Node Implementation
home: https://polkadot.network/
diff --git a/polkadot/scripts/kubernetes/templates/poddisruptionbudget.yaml b/polkadot/scripts/kubernetes/templates/poddisruptionbudget.yaml
index e19eae5f5d2ffb4e655a8a021c131e1c13fedf16..56958b1fbafd963896eeab25059380bb4e9547e2 100644
--- a/polkadot/scripts/kubernetes/templates/poddisruptionbudget.yaml
+++ b/polkadot/scripts/kubernetes/templates/poddisruptionbudget.yaml
@@ -1,10 +1,10 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
- name: polkadot
+ name: {{ .Values.GitlabEnvSlug | default .Values.app }}
spec:
selector:
matchLabels:
- app: polkadot
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
maxUnavailable: 1
diff --git a/polkadot/scripts/kubernetes/templates/service.yaml b/polkadot/scripts/kubernetes/templates/service.yaml
index f64f4ac1bf76cca886ecc078af3a8456bc26abb9..01ba9d5a567c57045b585aa7e1fa894d404cbf90 100644
--- a/polkadot/scripts/kubernetes/templates/service.yaml
+++ b/polkadot/scripts/kubernetes/templates/service.yaml
@@ -5,9 +5,7 @@
apiVersion: v1
kind: Service
metadata:
- name: polkadot-rpc
- labels:
- app: polkadot
+ name: {{ .Values.app }}-rpc
spec:
ports:
- port: 9933
@@ -15,15 +13,16 @@ spec:
- port: 9944
name: websocket-rpc
selector:
- app: polkadot
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
sessionAffinity: None
type: ClusterIP
clusterIP: None
---
+{{- if .Values.listen_node_port }}
apiVersion: v1
kind: Service
metadata:
- name: polkadot
+ name: {{ .Values.app }}
spec:
ports:
- port: 30333
@@ -31,9 +30,25 @@ spec:
nodePort: 30333
protocol: TCP
selector:
- app: polkadot
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
sessionAffinity: None
type: NodePort
# don't route exteral traffic to non-local pods
externalTrafficPolicy: Local
-
+{{- else if .Values.validator.keys }}
+{{- $root := . -}}
+{{- range until (int .Values.nodes.replicas) }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ $root.Values.app }}-{{ . }}
+spec:
+ selector:
+ statefulset.kubernetes.io/pod-name: {{ $root.Values.app }}-{{ . }}
+ ports:
+ - port: 30333
+ targetPort: 30333
+ protocol: TCP
+{{- end }}
+{{- end }}
diff --git a/polkadot/scripts/kubernetes/templates/serviceaccount.yaml b/polkadot/scripts/kubernetes/templates/serviceaccount.yaml
index 207cea964a1f3b5f170f319c06d346b533bd4909..cee891b1fa1e646637e6dbb72db2293f84dd5086 100644
--- a/polkadot/scripts/kubernetes/templates/serviceaccount.yaml
+++ b/polkadot/scripts/kubernetes/templates/serviceaccount.yaml
@@ -5,8 +5,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
- app: polkadot
- chart: {{ .Chart.Name }}-{{ .Chart.Version }}
- release: {{ .Release.Name }}
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
name: {{ .Values.rbac.name }}
{{- end }}
diff --git a/polkadot/scripts/kubernetes/templates/statefulset.yaml b/polkadot/scripts/kubernetes/templates/statefulset.yaml
index cb741d7c9dc0af9a4c53b91ecddc3376f9c7ec66..2f400bb32eb9d90cff08ee053f1019ef81cf5d39 100644
--- a/polkadot/scripts/kubernetes/templates/statefulset.yaml
+++ b/polkadot/scripts/kubernetes/templates/statefulset.yaml
@@ -3,12 +3,12 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
- name: polkadot
+ name: {{ .Values.app }}
spec:
selector:
matchLabels:
- app: polkadot
- serviceName: polkadot
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
+ serviceName: {{ .Values.app }}
replicas: {{ .Values.nodes.replicas }}
updateStrategy:
type: RollingUpdate
@@ -16,7 +16,7 @@ spec:
template:
metadata:
labels:
- app: polkadot
+ app: {{ .Values.GitlabEnvSlug | default .Values.app }}
spec:
{{- if .Values.rbac.enable }}
serviceAccountName: {{ .Values.rbac.name }}
@@ -31,7 +31,8 @@ spec:
- key: node
operator: In
values:
- - polkadot
+ - {{ .Values.node_group }}
+ {{- if .Values.listen_node_port }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
@@ -39,11 +40,41 @@ spec:
- key: "app"
operator: In
values:
- - polkadot
+ - {{ .Values.app }}
topologyKey: "kubernetes.io/hostname"
+ {{- end }}
terminationGracePeriodSeconds: 300
+ {{- if .Values.validator.keys }}
+ volumes:
+ - name: {{ .Values.app }}-validator-secrets
+ secret:
+ secretName: {{ .Values.app }}-secrets
+ initContainers:
+ - name: prepare-secrets
+ image: busybox
+ command: [ "/bin/sh" ]
+ args:
+ - -c
+ - sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key;
+ sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key;
+ sed -n -r "s/^${POD_NAME}-name ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/name;
+ test -s {{ .Values.image.basepath }}/name || echo "${POD_NAME}" > {{ .Values.image.basepath }}/name
+ env:
+ # from (workaround for hostname)
+ # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ volumeMounts:
+ - name: {{ .Values.app }}-validator-secrets
+ readOnly: true
+ mountPath: "/etc/validator"
+ - name: {{ .Values.app }}dir
+ mountPath: {{ .Values.image.basepath }}
+ {{- end }}
containers:
- - name: polkapod
+ - name: {{ .Values.app }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- if .Values.resources }}
@@ -59,40 +90,46 @@ spec:
name: http-rpc
- containerPort: 9944
name: websocket-rpc
+ command: ["/bin/sh"]
args:
- - --base-path
- - {{ .Values.image.basepath }}
- - --name
- - $(MY_POD_NAME)
- {{- range .Values.nodes.args }}
- - {{ . }}
- {{- end }}
+ - -c
+ - exec {{ .Values.image.executable }}
+ --base-path {{ .Values.image.basepath }}
+ {{- if .Values.validator.keys }}
+ --validator
+ --name $(cat {{ .Values.image.basepath }}/name)
+ --key $(cat {{ .Values.image.basepath }}/key)
+ --node-key $(cat {{ .Values.image.basepath }}/node-key)
+ {{- else }}
+ --name $(POD_NAME)
+ {{- end }}
+ {{- range .Values.nodes.args }} {{ . }} {{- end }}
env:
- # from (workaround for hostname)
- # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
- - name: MY_POD_NAME
+ - name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- - name: polkadir
+ - name: {{ .Values.app }}dir
mountPath: {{ .Values.image.basepath }}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: /health
port: http-rpc
- initialDelaySeconds: 30
- periodSeconds: 30
+ initialDelaySeconds: 10
+ periodSeconds: 10
livenessProbe:
- tcpSocket:
+ httpGet:
+ path: /health
port: http-rpc
- initialDelaySeconds: 30
- periodSeconds: 30
+ initialDelaySeconds: 10
+ periodSeconds: 10
securityContext:
runAsUser: 1000
fsGroup: 1000
volumeClaimTemplates:
- metadata:
- name: polkadir
+ name: {{ .Values.app }}dir
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: ssd
diff --git a/polkadot/scripts/kubernetes/values.yaml b/polkadot/scripts/kubernetes/values.yaml
index b32e6126b76604e7ebf9f1304273f43f6b90e746..98b81b0e1df2707b8e4b7e7bdfee540635fd7222 100644
--- a/polkadot/scripts/kubernetes/values.yaml
+++ b/polkadot/scripts/kubernetes/values.yaml
@@ -4,6 +4,7 @@ image:
tag: latest
pullPolicy: Always
basepath: /polkadot
+ executable: /usr/local/bin/polkadot
# if set to true a service account for polkadot will be created
@@ -11,12 +12,16 @@ rbac:
enable: true
name: polkadot
+# name of the statefulset
+app: polkadot
+node_group: polkadot
+listen_node_port: true
nodes:
replicas: 2
args:
- --chain
- - krummelanke
+ - alexander
# serve rpc within the local network
# - fenced off the world via firewall
# - used for health checks
@@ -24,11 +29,11 @@ nodes:
- --ws-external
# - --log
# - sub-libp2p=trace
- # - --validator
- # - --key
- # - key_name
+validator: {}
+# providing 'keys' string via --set commandline parameter will run the nodes
+# in validator mode (--validator).
# maybe adopt resource limits here to the nodes of the pool
# resources: