chore: [sc-12231] VAO Stage Setup (#217)

* Update Charts to enable metrics to be shown through TOR

* 9090

* Drop TOR based metrics (for now)

* tor metrics fixes

* Drop TOR based metrics (for now)

* Drop TOR based metrics

* Consistency

* Consistency

* revert readme

* Prep for VAO

* update readmes

* resolve RBAC naming issues and conditionally include ports for probes

* updates docs

* fix helm test service account RBAC

* parametrize ports

* do not change spire

* revert

* revert

* update health check paths in README and values files

* bump appVersion to 0.58.0 and update ghost image tag

* update health check paths in values.yaml

* bump chart version to 0.4.0 in Chart.yaml and update version badge in README

* bump chart version to 0.4.0-pre.1 in Chart.yaml

* update deployment and values files to use chainRpcUrl instead of rpcUrl

* bump ghost image tag to 0.58.1

* update health check paths comments in values.yaml

* update liveness probe path and description to use "healthz"

* update liveness probe path and description to use "healthz"

---------

Co-authored-by: Wesley Charles Blake <[email protected]>
Co-authored-by: Wesley Charles Blake <[email protected]>
Co-authored-by: Wesley Charles Blake <[email protected]>

Author: 3 people

charts/validator/Chart.yaml

@@ -22,11 +22,11 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.26
+version: 0.4.0-pre.1
 
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.57.3"
+appVersion: "0.58.0"

charts/validator/README.md

@@ -1,6 +1,6 @@
 # validator
 
-![Version: 0.3.26](https://img.shields.io/badge/Version-0.3.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.57.3](https://img.shields.io/badge/AppVersion-0.57.3-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.58.0](https://img.shields.io/badge/AppVersion-0.58.0-informational?style=flat-square)
 
 A Helm chart for deploying Chronicle Validator on Kubernetes
 
@@ -16,37 +16,27 @@ A Helm chart for deploying Chronicle Validator on Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | extraObjects | list | `[]` | Extra K8s manifests to deploy |
-| ghost | object | `{"affinity":{},"arbRpcUrl":null,"argsOverride":[],"bnbRpcUrl":null,"chainId":"1","chainName":"eth","chainTxType":null,"commandOverride":[],"env":{"normal":{}},"ethArchRpcUrl":null,"ethConfig":{},"ethRpcUrl":null,"fullnameOverride":"ghost","gnoRpcUrl":null,"image":{"pullPolicy":"Always","repository":"ghcr.io/chronicleprotocol/ghost","tag":"0.57.3@sha256:cc50f2eb8092dce67584f334cc73ce750a8ede0ca970dd759679df7b40501ee5"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific","port":8000}]}],"tls":[]},"libp2pSubscriptionBufferSize":"4096","libp2pValidateQueueSize":"4096","liveness":{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthcheck","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"logFormat":"text","logLevel":"info","metrics":{"enabled":true,"port":9090},"mntRpcUrl":null,"nameOverride":"","nodeSelector":{},"optRpcUrl":null,"podAnnotations":{},"podSecurityContext":{},"polRpcUrl":null,"readiness":{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthcheck","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"replicaCount":1,"resources":{},"rpcUrl":null,"securityContext":{},"service":{"annotations":{},"ports":{"libp2p":{"port":8000,"protocol":"TCP"},"webapi":{"port":8080,"protocol":"TCP"}},"type":"LoadBalancer"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"watchdogConfigReg":"0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3","watchdogInterval":"300s","webApi":{"enabled":true,"listenAddr":"0.0.0.0:8080"}}` | Values for Ghost |
+| ghost | object | `{"affinity":{},"argsOverride":[],"chainId":1,"chainName":"eth","chainTxType":"eip1559","commandOverride":[],"env":{"normal":{}},"ethConfig":{},"fullnameOverride":"ghost","image":{"pullPolicy":"Always","repository":"ghcr.io/chronicleprotocol/ghost","tag":"0.58.0@sha256:35addbb175ffaf5f241445ae4e3acba84ed854e2b93501630bb1bbc8318eb0c2"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific","port":8000}]}],"tls":[]},"liveness":{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"logFormat":"text","logLevel":"info","metrics":{"enabled":true,"port":9090},"nameOverride":"","nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"readiness":{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"replicaCount":1,"resources":{},"rpcUrl":null,"securityContext":{},"service":{"annotations":{},"ports":{"libp2p":{"port":8000,"protocol":"TCP"},"webapi":{"port":8080,"protocol":"TCP"}},"type":"LoadBalancer"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"watchdogConfigReg":"0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3","webApi":{"enabled":true,"listenAddr":"0.0.0.0:8080"}}` | Values for Ghost |
 | ghost.affinity | object | `{}` | pod Affinity spec applied validator |
-| ghost.arbRpcUrl | string | `nil` | RPC url for ARB |
 | ghost.argsOverride | list | `[]` | args override for the validator |
-| ghost.bnbRpcUrl | string | `nil` | RPC url for BNB |
-| ghost.chainId | string | `"1"` | chain id for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `1` or sepolia ethereum `11155111` |
+| ghost.chainId | int | `1` | chain id for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `1` or sepolia ethereum `11155111` |
 | ghost.chainName | string | `"eth"` | chain name for the "target" or "main" chain we use for the validator |
-| ghost.chainTxType | string | `nil` | chain tx type for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `eip1559` or sepolia ethereum `legacy` |
+| ghost.chainTxType | string | `"eip1559"` | chain tx type for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `eip1559` or `legacy` |
 | ghost.commandOverride | list | `[]` | command override for the validator |
 | ghost.env | object | `{"normal":{}}` | Environment variable listing |
 | ghost.env.normal | object | `{}` | un-encrypted env vars passed to the pod |
-| ghost.ethArchRpcUrl | string | `nil` | RPC url for ETH Archival node |
 | ghost.ethConfig | object | `{}` | Provide ETH keys from existing secrets : **NB** use only existing secret OR env vars, do not provide both |
-| ghost.ethRpcUrl | string | `nil` | RPC URL for ETH |
 | ghost.fullnameOverride | string | `"ghost"` | Override the release name to so tor-proxy can work with the default config. NB only change this if you know what you are doing |
-| ghost.gnoRpcUrl | string | `nil` | RPC url for GNO |
-| ghost.image.tag | string | `"0.57.3@sha256:cc50f2eb8092dce67584f334cc73ce750a8ede0ca970dd759679df7b40501ee5"` | Overrides the image tag whose default is the chart appVersion. |
-| ghost.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific","port":8000}]}],"tls":[]}` | Ingress for the validator (Do not enable ingress, as libp2p does not support path based routing yet) |
-| ghost.ingress.enabled | bool | `false` | Disabled by default, since there is a bug in libp2p port assignment for dns based routing |
-| ghost.libp2pSubscriptionBufferSize | string | `"4096"` | libp2p buffer size |
-| ghost.libp2pValidateQueueSize | string | `"4096"` | libp2p validate queue size |
-| ghost.liveness | object | `{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthcheck","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Liveness probe : restart the validator if the healthcheck endpoint is not reachable |
+| ghost.image.tag | string | `"0.58.0@sha256:35addbb175ffaf5f241445ae4e3acba84ed854e2b93501630bb1bbc8318eb0c2"` | Overrides the image tag whose default is the chart appVersion. |
+| ghost.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific","port":8000}]}],"tls":[]}` | Ingress for the validator - we should start using it maybe??? |
+| ghost.ingress.enabled | bool | `false` | Disabled by default, since there WAS a bug in libp2p port assignment for dns based routing |
+| ghost.liveness | object | `{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Liveness probe : restart the validator if the healthcheck endpoint is not reachable |
 | ghost.logFormat | string | `"text"` | Log format for the validator, can be one of `json`, `text` |
 | ghost.logLevel | string | `"info"` | Log level for the validator, can be one of `debug`, `info`, `warning`, `error` |
-| ghost.mntRpcUrl | string | `nil` | RPC url for MNT |
 | ghost.nodeSelector | object | `{}` | Node selector for the validator |
-| ghost.optRpcUrl | string | `nil` | RPC url for OETH (optimism) |
 | ghost.podAnnotations | object | `{}` | Pod annotations for the validator |
 | ghost.podSecurityContext | object | `{}` | Pod security context for the validator |
-| ghost.polRpcUrl | string | `nil` | RPC url for Polygon (polygon) |
-| ghost.readiness | object | `{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthcheck","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Readiness probe : stop the validator if the metrics endpoint is not reachable |
+| ghost.readiness | object | `{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Readiness probe : stop the validator if the metrics endpoint is not reachable |
 | ghost.resources | object | `{}` | Resources constraints for the validator, CPU, Memory, etc. |
 | ghost.rpcUrl | string | `nil` | RPC url for the "target" or "main" chain we use for the validator. Can be mainnet ethereum or sepolia ethereum |
 | ghost.securityContext | object | `{}` | Security context for the validator |
@@ -60,7 +50,6 @@ A Helm chart for deploying Chronicle Validator on Kubernetes
 | ghost.serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
 | ghost.tolerations | list | `[]` | Tolerations applied validator |
 | ghost.watchdogConfigReg | string | `"0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3"` | WATCHDOG onchain config address |
-| ghost.watchdogInterval | string | `"300s"` | WATCHDOG polling interval (in seconds) |
 | ghost.webApi | object | `{"enabled":true,"listenAddr":"0.0.0.0:8080"}` | WEB API (tor-proxy) |
 | ghost.webApi.enabled | bool | `true` | Enables the web api and deploys the tor-proxy subchart |
 | ghost.webApi.listenAddr | string | `"0.0.0.0:8080"` | Listen address for the web api |
@@ -76,5 +65,5 @@ A Helm chart for deploying Chronicle Validator on Kubernetes
 | serviceMonitor.scrapeTimeout | string | `"60s"` | ServiceMonitor scrape timeout |
 | serviceMonitor.tlsConfig | object | `{}` | ServiceMonitor TLS configuration |
 | tor-proxy | object | `{"enabled":true}` | Values for Tor Proxy (subchart of ghost) |
-| tor-proxy.enabled | bool | `true` | values for tor-proxy, installs [tor-controller](/crds/tor-controller.yaml) and creates an [onionService CRD](/templates/onion-service.yaml) |
+| tor-proxy.enabled | bool | `true` | values for tor-proxy, installs [tor-controller](/crds/tor-controller.yaml) and creates an [onionService CRD](/templates/tor-onion-service.yaml) |
 

charts/validator/templates/clusterrole.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "validator.fullname" . }}-clusterrole
+  name: {{ include "validator.serviceAccountName" . }}-clusterrole
 rules:
 - apiGroups: [""]
   resources: ["nodes"]

charts/validator/templates/clusterrolebinding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "validator.fullname" . }}-clusterrolebinding
+  name: {{ include "validator.serviceAccountName" . }}-clusterrolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "validator.fullname" . }}-clusterrole
+  name: {{ include "validator.serviceAccountName" . }}-clusterrole
 subjects:
 - kind: ServiceAccount
-  name: {{ include "validator.fullname" . }}-serviceaccount
+  name: {{ include "validator.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}

charts/validator/templates/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "validator.serviceAccountName" . }}-serviceaccount
+      serviceAccountName: {{ include "validator.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.ghost.podSecurityContext | nindent 8 }}
       {{- if .Values.ghost.service.type | quote | eq "NodePort" }}
@@ -70,9 +70,20 @@ spec:
               name: metrics
               protocol: TCP
           {{- end }}
-            - containerPort: 9100
-              name: readiness
+          {{- if .Values.ghost.liveness.enabled }}
+          {{- if or (not.Values.ghost.readiness.enabled) (and .Values.ghost.readiness.enabled (ne .Values.ghost.liveness.livenessProbe.httpGet.port .Values.ghost.readiness.readinessProbe.httpGet.port))}}
+            - containerPort: {{ .Values.ghost.liveness.livenessProbe.httpGet.port }}
+              name: probeLive
+              protocol: TCP
+          {{- end }}
+          {{- end }}
+          {{- if .Values.ghost.readiness.enabled }}
+          {{- if or (not .Values.ghost.liveness.enabled) (and .Values.ghost.liveness.enabled (ne .Values.ghost.readiness.readinessProbe.httpGet.port .Values.ghost.liveness.livenessProbe.httpGet.port))}}
+            - containerPort: {{ .Values.ghost.readiness.readinessProbe.httpGet.port }}
+              name: probeReady
               protocol: TCP
+          {{- end }}
+          {{- end }}
           {{- if .Values.ghost.liveness.enabled }}
           livenessProbe:
             {{- toYaml .Values.ghost.liveness.livenessProbe | nindent 12 }}
@@ -82,17 +93,22 @@ spec:
             {{- toYaml .Values.ghost.readiness.readinessProbe | nindent 12 }}
           {{- end }}
           env:
+            ### -- WATCHDOG
+            - name: WATCHDOG_CONFIG_REGISTRY
+              value: {{ .Values.ghost.watchdogConfigReg | quote }}
+          {{- if .Values.ghost.watchdogInterval }}
+            - name: WATCHDOG_INTERVAL
+              value: {{ .Values.ghost.watchdogInterval | quote }}
+            - name: WATCHDOG_SCHEDULE
+              value: ""
+          {{- end }}
             ### -- LIBP2P
-            - name: CFG_LIBP2P_SUBSCRIPTION_BUFFER_SIZE
-              value: {{ .Values.ghost.libp2pSubscriptionBufferSize | quote }}
-            - name: CFG_LIBP2P_VALIDATE_QUEUE_SIZE
-              value: {{ .Values.ghost.libp2pValidateQueueSize | quote }}
             - name: CFG_LIBP2P_LISTEN_ADDRS
               value: "/ip4/0.0.0.0/tcp/{{ .Values.ghost.service.ports.libp2p.port | default 8000 }}"
           {{- if .Values.ghost.ingress.enabled }}
           {{- range .Values.ghost.ingress.hosts }}
             - name: CFG_LIBP2P_EXTERNAL_ADDR
-              value: "/dns/{{ .host  }}"
+              value: "/dns/{{ .host }}"
           {{- end }}
           {{- end }}
             ### -- WEB API
@@ -111,55 +127,20 @@ spec:
             {{- end }}
               ### -- CHAIN and RPC (target or main chain)
             - name: CFG_CHAIN_NAME
-              value: {{ .Values.ghost.chainName | default "eth" | quote}}
+              value: {{ .Values.ghost.chainName | default "eth" | quote }}
             - name: CFG_CHAIN_ID
-              value: {{ .Values.ghost.chainId | default "1" | quote}}
-              {{- if .Values.ghost.rpcUrl }}
+              value: {{ .Values.ghost.chainId | default "1" | quote }}
+              {{- if .Values.ghost.chainRpcUrl }}
+            - name: CFG_CHAIN_RPC_URLS
+              value: {{ .Values.ghost.chainRpcUrl | quote }}
+              {{- else if .Values.ghost.rpcUrl }}
             - name: CFG_CHAIN_RPC_URLS
               value: {{ .Values.ghost.rpcUrl | quote }}
               {{- end }}
               {{- if .Values.ghost.chainTxType }}
             - name: CFG_CHAIN_TX_TYPE
               value: {{ .Values.ghost.chainTxType | default "eip1559" quote }}
               {{- end }}
-              ### -- CHAIN and RPC (source chain)
-              {{- if .Values.ghost.arbRpcUrl }}
-            - name: CFG_ARB_RPC_URLS
-              value: {{ .Values.ghost.arbRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.bnbRpcUrl }}
-            - name: CFG_BNB_RPC_URLS
-              value: {{ .Values.ghost.bnbRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.ethRpcUrl }}
-            - name: CFG_ETH_RPC_URLS
-              value: {{ .Values.ghost.ethRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.ethArchRpcUrl }}
-            - name: CFG_ETH_ARCH_RPC_URLS
-              value: {{ .Values.ghost.ethArchRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.gnoRpcUrl }}
-            - name: CFG_GNO_RPC_URLS
-              value: {{ .Values.ghost.gnoRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.mntRpcUrl }}
-            - name: CFG_MNT_RPC_URLS
-              value: {{ .Values.ghost.mntRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.optRpcUrl }}
-            - name: CFG_OPT_RPC_URLS
-              value: {{ .Values.ghost.optRpcUrl | quote }}
-              {{- end }}
-              {{- if .Values.ghost.polRpcUrl }}
-            - name: CFG_POL_RPC_URLS
-              value: {{ .Values.ghost.polRpcUrl | quote }}
-              {{- end }}
-              ### -- WATCHDOG
-            - name: WATCHDOG_CONFIG_REGISTRY
-              value: {{ .Values.ghost.watchdogConfigReg | quote }}
-            - name: WATCHDOG_INTERVAL
-              value: {{ .Values.ghost.watchdogInterval | default "900s" | quote }}
           ### -- ETH KEYSTORE FROM EXISTING SECRET
           {{- if .Values.ghost.ethConfig }}
             - name: CFG_ETH_FROM

charts/validator/templates/role.yaml

@@ -1,7 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "validator.fullname" . }}-role
+  name: {{ include "validator.serviceAccountName" . }}-role
+
 rules:
 - apiGroups: [""]
   resources: ["pods", "pods/log", "services"]

charts/validator/templates/rolebinding.yaml

@@ -1,11 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "validator.fullname" . }}-rolebinding
+  name: {{ include "validator.serviceAccountName" . }}-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "validator.fullname" . }}-role
+  name: {{ include "validator.serviceAccountName" . }}-role
+
 subjects:
 - kind: ServiceAccount
-  name: {{ include "validator.fullname" . }}-serviceaccount
+  name: {{ include "validator.serviceAccountName" . }}-test

charts/validator/templates/serviceaccount-test.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "validator.fullname" . }}-serviceaccount
+  name: {{ include "validator.serviceAccountName" . }}-test

charts/validator/templates/tests/test-logs.yaml

@@ -8,7 +8,8 @@ metadata:
     "helm.sh/hook-weight": "5"
     "helm.sh/hook": test
 spec:
-  serviceAccountName: {{ include "validator.fullname" . }}-serviceaccount
+  serviceAccountName: {{ include "validator.serviceAccountName" . }}-test
+
   containers:
     - name: test-ghost-logs
       image: bitnami/kubectl:latest

charts/validator/templates/tor-onion-service.yaml

@@ -11,6 +11,6 @@ spec:
         number: 8888
       backend:
         service:
-          name: ghost
+          name: {{ include "validator.fullname" . }}
           port:
             number: {{ .Values.ghost.service.ports.webapi.port }}