[release-line-0.4.1] Limit cometbft load balancer ports to only those actually used (#1193)

moritzkiefer-da · cocreature · web-flow · commit efaea6215bd3 · 2025-06-23T12:33:04.000Z
backport from #1190 [static] --------- Signed-off-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org> Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org>
diff --git a/cluster/expected/infra/expected.json b/cluster/expected/infra/expected.json
@@ -1447,186 +1447,6 @@
               "protocol": "TCP",
               "targetPort": 6201
             },
-            {
-              "name": "cometbft-0-0-gw",
-              "port": 26006,
-              "protocol": "TCP",
-              "targetPort": 26006
-            },
-            {
-              "name": "cometbft-0-1-gw",
-              "port": 26016,
-              "protocol": "TCP",
-              "targetPort": 26016
-            },
-            {
-              "name": "cometbft-0-2-gw",
-              "port": 26026,
-              "protocol": "TCP",
-              "targetPort": 26026
-            },
-            {
-              "name": "cometbft-0-3-gw",
-              "port": 26036,
-              "protocol": "TCP",
-              "targetPort": 26036
-            },
-            {
-              "name": "cometbft-0-4-gw",
-              "port": 26046,
-              "protocol": "TCP",
-              "targetPort": 26046
-            },
-            {
-              "name": "cometbft-0-5-gw",
-              "port": 26056,
-              "protocol": "TCP",
-              "targetPort": 26056
-            },
-            {
-              "name": "cometbft-0-6-gw",
-              "port": 26066,
-              "protocol": "TCP",
-              "targetPort": 26066
-            },
-            {
-              "name": "cometbft-0-7-gw",
-              "port": 26076,
-              "protocol": "TCP",
-              "targetPort": 26076
-            },
-            {
-              "name": "cometbft-0-8-gw",
-              "port": 26086,
-              "protocol": "TCP",
-              "targetPort": 26086
-            },
-            {
-              "name": "cometbft-0-9-gw",
-              "port": 26096,
-              "protocol": "TCP",
-              "targetPort": 26096
-            },
-            {
-              "name": "cometbft-1-0-gw",
-              "port": 26106,
-              "protocol": "TCP",
-              "targetPort": 26106
-            },
-            {
-              "name": "cometbft-1-1-gw",
-              "port": 26116,
-              "protocol": "TCP",
-              "targetPort": 26116
-            },
-            {
-              "name": "cometbft-1-2-gw",
-              "port": 26126,
-              "protocol": "TCP",
-              "targetPort": 26126
-            },
-            {
-              "name": "cometbft-1-3-gw",
-              "port": 26136,
-              "protocol": "TCP",
-              "targetPort": 26136
-            },
-            {
-              "name": "cometbft-1-4-gw",
-              "port": 26146,
-              "protocol": "TCP",
-              "targetPort": 26146
-            },
-            {
-              "name": "cometbft-1-5-gw",
-              "port": 26156,
-              "protocol": "TCP",
-              "targetPort": 26156
-            },
-            {
-              "name": "cometbft-1-6-gw",
-              "port": 26166,
-              "protocol": "TCP",
-              "targetPort": 26166
-            },
-            {
-              "name": "cometbft-1-7-gw",
-              "port": 26176,
-              "protocol": "TCP",
-              "targetPort": 26176
-            },
-            {
-              "name": "cometbft-1-8-gw",
-              "port": 26186,
-              "protocol": "TCP",
-              "targetPort": 26186
-            },
-            {
-              "name": "cometbft-1-9-gw",
-              "port": 26196,
-              "protocol": "TCP",
-              "targetPort": 26196
-            },
-            {
-              "name": "cometbft-2-0-gw",
-              "port": 26206,
-              "protocol": "TCP",
-              "targetPort": 26206
-            },
-            {
-              "name": "cometbft-2-1-gw",
-              "port": 26216,
-              "protocol": "TCP",
-              "targetPort": 26216
-            },
-            {
-              "name": "cometbft-2-2-gw",
-              "port": 26226,
-              "protocol": "TCP",
-              "targetPort": 26226
-            },
-            {
-              "name": "cometbft-2-3-gw",
-              "port": 26236,
-              "protocol": "TCP",
-              "targetPort": 26236
-            },
-            {
-              "name": "cometbft-2-4-gw",
-              "port": 26246,
-              "protocol": "TCP",
-              "targetPort": 26246
-            },
-            {
-              "name": "cometbft-2-5-gw",
-              "port": 26256,
-              "protocol": "TCP",
-              "targetPort": 26256
-            },
-            {
-              "name": "cometbft-2-6-gw",
-              "port": 26266,
-              "protocol": "TCP",
-              "targetPort": 26266
-            },
-            {
-              "name": "cometbft-2-7-gw",
-              "port": 26276,
-              "protocol": "TCP",
-              "targetPort": 26276
-            },
-            {
-              "name": "cometbft-2-8-gw",
-              "port": 26286,
-              "protocol": "TCP",
-              "targetPort": 26286
-            },
-            {
-              "name": "cometbft-2-9-gw",
-              "port": 26296,
-              "protocol": "TCP",
-              "targetPort": 26296
-            },
             {
               "name": "cometbft-3-0-gw",
               "port": 26306,
@@ -1639,54 +1459,6 @@
               "protocol": "TCP",
               "targetPort": 26316
             },
-            {
-              "name": "cometbft-3-2-gw",
-              "port": 26326,
-              "protocol": "TCP",
-              "targetPort": 26326
-            },
-            {
-              "name": "cometbft-3-3-gw",
-              "port": 26336,
-              "protocol": "TCP",
-              "targetPort": 26336
-            },
-            {
-              "name": "cometbft-3-4-gw",
-              "port": 26346,
-              "protocol": "TCP",
-              "targetPort": 26346
-            },
-            {
-              "name": "cometbft-3-5-gw",
-              "port": 26356,
-              "protocol": "TCP",
-              "targetPort": 26356
-            },
-            {
-              "name": "cometbft-3-6-gw",
-              "port": 26366,
-              "protocol": "TCP",
-              "targetPort": 26366
-            },
-            {
-              "name": "cometbft-3-7-gw",
-              "port": 26376,
-              "protocol": "TCP",
-              "targetPort": 26376
-            },
-            {
-              "name": "cometbft-3-8-gw",
-              "port": 26386,
-              "protocol": "TCP",
-              "targetPort": 26386
-            },
-            {
-              "name": "cometbft-3-9-gw",
-              "port": 26396,
-              "protocol": "TCP",
-              "targetPort": 26396
-            },
             {
               "name": "cometbft-4-0-gw",
               "port": 26406,
@@ -1698,54 +1470,6 @@
               "port": 26416,
               "protocol": "TCP",
               "targetPort": 26416
-            },
-            {
-              "name": "cometbft-4-2-gw",
-              "port": 26426,
-              "protocol": "TCP",
-              "targetPort": 26426
-            },
-            {
-              "name": "cometbft-4-3-gw",
-              "port": 26436,
-              "protocol": "TCP",
-              "targetPort": 26436
-            },
-            {
-              "name": "cometbft-4-4-gw",
-              "port": 26446,
-              "protocol": "TCP",
-              "targetPort": 26446
-            },
-            {
-              "name": "cometbft-4-5-gw",
-              "port": 26456,
-              "protocol": "TCP",
-              "targetPort": 26456
-            },
-            {
-              "name": "cometbft-4-6-gw",
-              "port": 26466,
-              "protocol": "TCP",
-              "targetPort": 26466
-            },
-            {
-              "name": "cometbft-4-7-gw",
-              "port": 26476,
-              "protocol": "TCP",
-              "targetPort": 26476
-            },
-            {
-              "name": "cometbft-4-8-gw",
-              "port": 26486,
-              "protocol": "TCP",
-              "targetPort": 26486
-            },
-            {
-              "name": "cometbft-4-9-gw",
-              "port": 26496,
-              "protocol": "TCP",
-              "targetPort": 26496
             }
           ]
         },
diff --git a/cluster/pulumi/common-sv/src/synchronizer/cometBftNodeConfigs.ts b/cluster/pulumi/common-sv/src/synchronizer/cometBftNodeConfigs.ts
@@ -37,7 +37,7 @@ export class CometBftNodeConfigs {
       privateKey: staticConf.privateKey,
       identifier: this.nodeIdentifier,
       externalAddress: this.p2pExternalAddress(staticConf.nodeIndex),
-      istioPort: this.istioExternalPort(staticConf.nodeIndex),
+      istioPort: istioCometbftExternalPort(this._domainMigrationId, staticConf.nodeIndex),
       retainBlocks: staticConf.retainBlocks,
       validator: staticConf.validator,
     };
@@ -82,13 +82,13 @@ export class CometBftNodeConfigs {
   }
 
   private p2pExternalAddress(nodeIndex: number): string {
-    return `${CLUSTER_HOSTNAME}:${this.istioExternalPort(nodeIndex)}`;
-  }
-
-  private istioExternalPort(nodeIndex: number) {
-    // TODO(#10482) Revisit port scheme
-    return nodeIndex >= 10
-      ? Number(`26${this._domainMigrationId}${nodeIndex}`)
-      : Number(`26${this._domainMigrationId}${nodeIndex}6`);
+    return `${CLUSTER_HOSTNAME}:${istioCometbftExternalPort(this._domainMigrationId, nodeIndex)}`;
   }
 }
+
+export const istioCometbftExternalPort = (migrationId: number, nodeIndex: number): number => {
+  // TODO(DACH-NY/canton-network-node#10482) Revisit port scheme
+  return nodeIndex >= 10
+    ? Number(`26${migrationId}${nodeIndex}`)
+    : Number(`26${migrationId}${nodeIndex}6`);
+};
diff --git a/cluster/pulumi/infra/src/istio.ts b/cluster/pulumi/infra/src/istio.ts
@@ -3,12 +3,14 @@
 import * as k8s from '@pulumi/kubernetes';
 import * as pulumi from '@pulumi/pulumi';
 import { local } from '@pulumi/command';
+import { dsoSize, istioCometbftExternalPort } from 'splice-pulumi-common-sv';
 import { spliceConfig } from 'splice-pulumi-common/src/config/config';
 import { PodMonitor, ServiceMonitor } from 'splice-pulumi-common/src/metrics';
 
 import {
   activeVersion,
   DecentralizedSynchronizerUpgradeConfig,
+  DeploySvRunbook,
   ExactNamespace,
   getDnsNames,
   HELM_MAX_HISTORY_SIZE,
@@ -156,13 +158,18 @@ function configureInternalGatewayService(
 ) {
   const externalIPRanges = loadIPRanges();
   // see notes when installing a CometBft node in the full deployment
-  const cometBftIngressPorts = Array.from(
-    Array(DecentralizedSynchronizerUpgradeConfig.highestMigrationId + 1).keys()
-  ).flatMap((domain: number) => {
-    return Array.from(Array(10).keys()).map(node => {
-      return ingressPort(`cometbft-${domain}-${node}-gw`, Number(`26${domain}${node}6`));
+  const cometBftIngressPorts = DecentralizedSynchronizerUpgradeConfig.runningMigrations()
+    .map(migrationInfo => migrationInfo.id)
+    .flatMap((domain: number) => {
+      return (DeploySvRunbook ? [0] : [])
+        .concat(Array.from(Array(dsoSize).keys()).map(n => n + 1))
+        .map(node => {
+          return ingressPort(
+            `cometbft-${domain}-${node}-gw`,
+            istioCometbftExternalPort(domain, node)
+          );
+        });
     });
-  });
   return configureGatewayService(
     ingressNs,
     ingressIp,
